Ask-A-Techie, Where you can have all of your questions answered.

Is Mobile Malware a real risk?

Posted by Edward Drummond on Thu, Nov 08, 2012

askatechie logoHi Techie,
I've been hearing about viruses that attack smartphones. Is this just scary digital campfire stories, or do I have something to actually worry about with all the things I do on my phone?

Sincerely,
Digital Worrier

Hi Worrier,
As people use mobile phones for management of more and more of their digital lives, it is only to be expected that some unscrupulous software designers and coders would take advantage. People are using their phones to manage money, emails, social media and many aspects of their lives that were once only done on their desktops.

Should you be worried? Maybe.
Should you be careful? Certainly.

Mobile malware is a broad term that covers all sorts of digital maliciousness targeting mobile phone users.

What is Mobile Malware

It is certainly bad news for any tablet or smartphone users. Mobile malware is defined at any application that carries out malicious actions on a mobile platform (tablets and phones primarily). This could mean texting a number which charges your mobile phone account, spamming all of your contacts with emails and texts or carrying out any other wicked act. Malware is directly related to spyware in which a program records information about users without their consent and likely without them even knowing. Spyware typically captures and sends tracking and personal information third parties like contacts, texts, call logs, browser history and (most frightening to many) a history of your locations you have been on GPS enabled phones!

OK, so this is scary. How big of a problem is this?

Depends on how you count things really. In a recent report by TrendMicro they recorded a 600% increase of malevolent and possibly harmful applications in Android phones over a 3 months period this year. Unfortunately, using this as a rating really isn't very efficient when you consider the small number of initial threats that Android faces when compared to, say a Mac or a PC (as we have pointed out before, yes, Mac users face some of the same threats that PC users deal with as their popularity increases)

Some researchers measure the threats faced by measuring the number of new versions or "variants" of popular mobile malware. The downfall of this method is the number of variants does not mean any actual rise in threat levels. There can be hundreds, even thousands of variants out "in the wild" but for the most part they are typically so similar that there really is no difference.

How worried should I be?

As we said above, perhaps worry is not that best course of action. With any security risk or threat it’s better to be prepared and aware. Security researcher F-secure has shown that the vast majority of malware targets Android users making them the most at risk. Luckily, many of the security risks come from non-mainstream or Android approved app stores, so if you download your apps directly from the Google App store, you have a better chance at staying safe. Keep an eye on reviews on the apps install page, that can often clue you in to if there be shenanigans in your future should you download and install something that is not on the up and up. iOS (Apple's dedicated mobile operating system running on iPhone, iPad and iPod touch) devices and Windows phones bring up the next most at-risk group, followed by users of BlackBerry phones. More popular and prevalent phone operating systems typically have more risky software targeted at them.

So what can Mobile Malware do?

The most common is known as "tollware". This is where the app sends texts or silently makes phone calls to premium rate services (running up your phone bill REALLY quickly if you don't have unlimited service). Another common type is the more traditional spyware that gathers information it shouldn’t have access to like your call history and contacts and sends that off to a 3rd party, often to support spam (no, not the popular canned meat, the digital term comes from the meat prouct via Monty Python's Spam sketch (WARNING: that last link is rather amusing (you do like funny right?) ) ).
Some malware coders have started to use security holes in different features of the mart phone, like apps that secretly record phone conversations and intercept text messages.

So how do I get malware? Or better yet, how do I avoid it?

As we said before, many malware apps are released on non-official app stores. Avoiding apps from unknown or unreliable sources can be a great way to avoid infections and issues. Another method that apps have wormed their way in through infected web advertisements and emailed links. A way to protected yourself from these types of threats is to ensure that your application installation security settings are kept at their defaults. If an app tells you that you need to change your security settings in order to install something, chances are you should be very cautious. When in doubt, check it out. Use Google and determine if the source and the program are reliable. If you have doubts, don't install the software. There have been some instances of legitimate applications being repackaged with malware and redistributed on official channels and app stores, however the official store's built in security often shut these down pretty quickly. One major risk that people take is a process known as jail-breaking (for iOS) or rooting (for Android), which unlocks features and settings on the phone which were disabled for one reason or another by the manufacturer or the wireless carrier. While jail-breaking provides many more options for a power-user, as well as allows a phone to change from one wireless carrier to another, it opens up many security risks which can pose a hazard to most users.

How secure am I right now?

We stated before that Android is the mobile operating system most targeted by malware writers. Google is very aware of the problem and as such has boosted their own app store's security. Last February Google introduced their "Bouncer", an automated security system that analyzes applications and checks them for signs of malicious behavior. When it finds one, it boots the app out of the store. They have also made enhancements to their operating system with the release of version 4 of their Android operating system titled "Ice Cream Sandwich" (it is worth noting that Google has quite possibly the most delicious naming system for its mobile operating systems). It changed the way that Android manages memory and the boot sequence, making it more difficult for malware to hijack the functions of the phone.
Apps on Apple's Store are similarly vetted and scanned on a regular basis, keeping their system particularly safe, much in part to how restrictive Apple is about who can make applications for their system. iOS also runs all applications in their own dedicated space in memory, restricting the access that individual apps have to resources and settings.
For Blackberry and Windows devices many of the same changes have been enacted in regards to security as both Apple and Android, but since they still hold a minority in the market, they are not targeted by as wide of a range of spyware.

For users there are some simple ways to keep yourself protected. These really are the same with any device, be it mobile, desktop or laptop, but they bear repeating;

Be Safe: Only download applications from trusted and official sources.

Be Aware: Check developer names, reviews and ratings of any app you are considering installing. Be especially wary of anything offering to be a full, free version of something you would normally pay for. Keep an eye on your phone bill for unfamiliar transactions and calls.

Stay Protected: Download and install any security updates from your phones manufacturer as soon as safely available. When an update comes out, check out your manufacturers website for any feedback on the update to make sure it won't cause any problems (iOS 6 and Apple Maps anyone?), then install the update.

 

If you have any questions or concerns on applications on your mobile devices, you can either contact us or you can also contact your wireless service provider. We are located right in downtown Northampton and would be glad to help you with whatever questions you have for all your digital devices.

All this now said, I will leave you with the soothing tones of Mr. weird Al Yankovic who can help explain, in wonderful detail, what malware cannot do:

Until next time,

   The Techie

Tags: iOS, mobile security, mobile malware, Macs, online safety, Protection, Ask-a-techie, android, Security, virus alert, Tech Industry News