The first of Isaac Asimovâs three laws of robotics was that a robot may not allow a human being to come to harm. But apparently that little Android smartphone in your pocket didnât get the memo. Mobile devices are becoming a top target for hackers, and the Android platform has been hit hard, with the amount of malware soaring more than 3,000 percent just in the last seven months of 2011, according to a new study by Juniper Networks.
âThe amount of malware targeting mobile smartphones and tablets has really accelerated over the last couple of years. And weâre seeing a huge uptick on the Android side,â says Dan Hoffman, the chief mobile security evangelist at Juniper, which makesâyou guessed itâanti-malware software, and has a bunch of new products due to hit the market by the middle of this year.
The bad guys are simply going where the money is, Hoffman says. As the smartphone market booms, itâs creating new opportunities. The same hackers who were targeting PCs in the past now have turned their attention to mobile devices. âHacking has been a business for years in the PC space and now itâs moving into the mobile space,â he says.
Hackers have spent the past few years figuring out how mobile operating systems like Android work, and how to break into them, and ânow theyâre starting to monetize the research theyâve done. They want to make money on this, and the time is now,â Hoffman says.
Not only are security researchers seeing lots more malware hitting mobile devices, but theyâre also noticing that the malware is becoming more complex and sophisticated. Malware programs perform all sorts of nasty tricks ranging from stealing your private banking information to secretly sending out âpremiumâ SMS messages that add a few bucks to your monthly bill.
Contributing to the problem is the fact that it is pretty easy to create a malicious application, load it onto an online store, and trick people into downloading it. âThereâs such a low barrier to entry. A kid in a basement can write a malicious app. Some of the hackers are organized criminals, but some are just people doing a one-off to make a little extra cash,â Hoffman says.
Android is a favorite target because the software has become so popular. Android is created by Google but used by dozens of handset makers, including Samsung, HTC and Motorola. In the past year Android has become the most popular smartphone platform, ahead of Appleâs iPhone and Research in Motionâs BlackBerry. Also, because of Google's open approach, it's relatively easy to get an app distributed in its online store.
Earlier this month, Google announced a new security service called Bouncer that scans the Android Market (Googleâs store for distributing apps) looking for malware. One good sign, Google says, is that while malware is being created, less of it is actually being downloadedâperhaps because users have become more savvy at spotting suspicious apps. In a blog post, Android engineering VP Hiroshi Lockheimer said malware downloads dropped 40 percent from the first half of 2011 to the second half of the year.
With so many hackers targeting Android, you might imagine youâd be safer if using an Apple iPhone, but Hoffman doesnât think so. He says because Apple is so secretive, itâs difficult for independent researchers to find out how much malware is being created for Appleâs iOS mobile operating system. Recently Apple has landed in hot water after it was revealed that an oversight in the companyâs software was allowing third-party applications to upload private address book information without seeking permission from users.
Hoffman says he uses both Apple and Android phones, but prefers Android since âthe threats are the same, but the means to mitigate the threats are sometimes better on Android than on iOS.â He adds, âI would rather know what the threats are and how to protect against them rather than not know and have to rely on someone else. With Apple itâs just blind trust.â
There are three main types of malware to look out for:
- Spyware - This is software that looks like a regular program âa weather widget, or a gameâbut is secretly combing through your phone and sending information to a third-party Web site.
- Premium SMS Trojans -These programs again look like ordinary apps, but once you download them they are able to send expensive SMS messages that cost a few bucks every time they connect, sort of the SMS version of making a phone call to a 900 number. The damage might be only a few bucks, small enough that you wonât even notice it on your bill if youâre not paying close attention.
- Fake Installers - Hackers will download a legitimate application from Googleâs Android Market, make a clone of the app, then sell that clone for a few bucks on a different market. The developer is getting ripped off, and youâre getting defraudedâespecially in cases where the legitimate application is free, but the clone costs money.
Whatever Google and independent security companies do, hackers will continue to target mobile devices. Hoffman at Juniper has some advice on how to protect yourself.
For one thing, donât download apps from independent app markets and third-party Web sites. Stick to the ones run by Apple and Google. Theyâre not perfect, but they at least make an effort to filter out bad programs.
Also, when you download a new app, look closely at the permissions that the app is asking for. Most of us just click yes without even looking at the list of permissions. Itâs also a good idea to go over the apps youâve already downloaded to see what permissions theyâve been granted.
Watch out for apps that want to send SMS messages or make phone calls. Juniper found 14.7 percent of apps in the Google App Market ask permission to make outbound phone calls without the userâs knowledge. âWeâre not saying thatâs definitely malicious but if youâre downloading a weather widget and it wants to be able to make outbound phone calls, thatâs a little disconcerting. You might want to think twice about that,â Hoffman says.
Another thing to consider is what some researchers call âsecurity through obscurity.â Apple computers and machines running Linux have always been safer than Windows PCs, simply because there were fewer of them, so hackers didnât bother targeting them.
By this logic you might want to consider a device running the new Windows Phone operating system, which has only a few points of market share. The software itself is really nice. And Nokia, which is Microsoftâs top partner, has recently introduced some really nice handsets.
Of course, eventually the hackers will get to those as well. Ultimately, all you can do is be careful and hope you can stay a step ahead of the bad guys.
