Android malware and the smartphone security threat
MADISON, Wis. — If China is worried about the security of Android phones (so much so that it was compelled to launch a homegrown OS), Alcatel-Lucent's latest malware report might have just made the case for all that costly angst.
The latest Malware Report put together by Alcatel-Lucent's security team says that more than 11.6 million mobile devices are infected worldwide, and 60% of them are Android smartphones. Most of the rest are Windows computers tethered to mobile networks through USB dongles, MiFi, or mobile phones. Less than 1% of the infections affect other devices, including iPhones, BlackBerrys, and Windows Phones.
The number of Android malware samples in Alcatel-Lucent’s database increased 20 times in 2013. In fact, it doubled in the fourth quarter.
The report explains why Android is becoming the target of choice for malware, how the nature of Android malware is changing, and what to expect next.
Focus on security of networks
One factor that's unique to Alcatel-Lucent's methodology is that the telecom gear provider is leveraging data it collected from carrier networks where its telecom equipment is installed. Considering the broad penetration of Alcatel-Lucent equipment in the global network, the company says its research results reasonably represent the reality.
"We applied intrusion detection technologies, often used by enterprises, to carriers' network traffic and cloud space," Kevin McNamee, security architect and director of Alcatel-Lucent's Kindsight Security Labs, told us. Other reports might focus more on protecting end-point consumer devices, but Alcatel-Lucent's team concentrated on the security of service providers' networks.
Kindsight Security Labs, an Alcatel-Lucent spinoff now back with its mothership, develops security analytics and services. The team monitors the traffic and behavior of malware communication, to detect threats in networks.
Kindsight, which has been tracking the mobile infection rate in carrier networks on a monthly basis, saw it climb from 0.45% at the beginning of the year to 0.55% as the year progressed.
By applying this percentage to 2.1 billion smartphones currently in use (according to ITU estimates), Kindsight Security Labs estimated that "11.6 million mobile devices are infected at any time." However, the team suspects that actual numbers are much bigger. "Alcatel-Lucent sensors are not deployed in China and Russia where infection rates are known to be higher."
Kindsight revealed the exponential growth of Android malware by sharing the number of samples in the company's database.
Kindsight Labs said a key driver of infections in mobile space is the "Trojanized app." In the Windows/PC world, cybercriminals have to create thousands of variants to bypass antivirus software, but the sophistication of most Android malware remains rather primitive. Yet mobile infections seem far easier to spread, according to the report. "Often, we will discover a third-party app store distributing a single malware type disguised as hundreds of different wallpaper apps." Simply increasing the number of apps the attacker can get out there "increases the probability of the app being downloaded and installed."
Despite its crudeness, the damage from Android malware can be serious. The report gave examples of a "Banking Trojan" going after credentials, "SMS Trojans" that can send messages to premium numbers that "can add up to large bills," and "Fake Security" apps using direct extortion to make money.
Mobile malware today makes no serious effort to conceal itself ("hoping someone installs the infected app"), but the report cautioned that "2013 saw a number of Android malware specimens that are beginning to show the sophistication that we see in their Windows cousins."
To read more, go to Spy phone: Smartphone becomes cypber espionage threat.
Currently no items