Study Suggests Mobile Malware Storm Brewing

Just in time for the 3GSM World Congress in Barcelona, Spain, McAfee has released new research that points to a recent increase in mobile malware attacks.

Nearly half of the mobile operators who have been the recipients of mobile malware experienced an attack within the last three months, according to the report.

Another indicator of the growing extent of the problem is the time mobile operators spent in 2006 dealing with these threats: It has increased by 700 percent to 1,000 hours when compared with 2005.

Paying Closer Attention

The Informa Telecoms & Media study, which was sponsored by McAfee, also found that 83 percent of mobile operators surveyed have been hit by mobile-device infections and that the number of security incidents in 2006 was more than five times as high as in 2005.

“This research clearly demonstrates that mobile security is moving quickly up the industry agenda, with the number of malware incidents rising and more time and money being dedicated to resolving mobile security issues,” said Victor Kouznetsov, senior vice president of McAfee Mobile Security.

Eighty-five percent of survey respondents plan to increase their mobile security budgets to address network intrusion, mobile viruses, denial-of-service attacks, spam and mobile phishing.

Similar Results

McAfee’s findings reflect other surveys that also warn of the vulnerability of smartphones and PDAs to hackers.

Mobile threats have increased twentyfold in recent years, from just eight viruses detected in 2003 to more than 162 in 2006, according to reports by SMobile Systems. To date, nearly 400 mobile viruses have been detected, the company reported.

Additionally, the growing use of smartphones, as well as increasing market penetration by Microsoft, have made mobile devices much more attractive targets for hackers, according to ABI Research. There have been close to 30 different types of attacks on mobile devices within the past two years, the company found.

The growth of the emerging mobile device security managed services market is now well over US$500 million in 2011 — from $100 million last year, ABI Research reported.

A Disconnect in Policies

Right now, there is a disconnect in many mobile operators’ security policies, McAfee findings suggested, as less than one-third of the operators who consider application and device-level protection important actually deploy protection at these levels.

Additionally, while fewer operators consider network level protection important, more than half deploy protection at this level.

Is It Cost-Effective?

However, some in the industry wonder how cost-effective massive investments in this particular space would be.

“Yes, there have been malware attacks, but those have not been widespread and the financial costs not that significant,” Patrick Hinojosa, CTO of CyberDefender, told TechNewsWorld. Compared to the constant bombardment of malware from the Internet, the mobile networks are relatively secure, he said.

Nevertheless, security vendors still worry about a range of security issues specific to mobile viruses, ranging from the vulnerability of corporate networks that sync with smartphones to privacy concerns and the growing flexibility of mobile malware.

More Exposure for Malware

“I have seen mobile malware for sale on the Internet,” Yuval Ben-Itzhak, chief technology officer for Finjan, told TechNewsWorld. “I am also seeing malware designed for the desktop being adapted for the mobile environment. It is just a matter of time before it becomes more prevalent.”

One particularly alarming mobile virus, according to Paul Miller, managing director of Symantec’s mobile security group, is a form of snoopware that allows hackers to activate a microphone on a smartphone.

“Once that happens, anybody — from a stranger in the bedroom to a competitor in the boardroom — can listen in on a person’s life at any time,” he told TechNewsWorld.

With more than 70 percent of mobile phone owners using their devices as an alarm clock, “our phones are always with us now. This can’t even be called spyware, because it is so much more,” Miller noted.

The first such applications were sold as “spouse monitoring tools” last year, he commented, adding, “It didn’t take long, though, for someone to write a malicious stealth code.”

Financial Concerns

This snoopware is an extreme example of the vulnerability to which our phones can expose us. The more likely target by hackers will be financial or personal data on a smartphone.

The number of mobile viruses will more than double over the next year or two, and are expected to target applications such as m-commerce and mobile banking, SMobile Systems predicts.

“Most users have to lose a phone before they realize how much information they have put on it,” Paul Davis, vice president and program manager for enterprise security, global outsourcing and infrastructure services at Unisys, told TechNewsWorld.

The risk to corporations is also high, he said. “Data is leaking out of corporations through mobile devices because they are linked to the corporate system,” Davis concluded.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels