1. Buzz_Dengue's Avatar
    Smartphone malware infections soaring
    The Associated Press Posted: Aug 8, 2011 9:04 AM ET Last Updated: Aug 8, 2011 9:04 AM ET

    Security experts say attacks on smartphones are growing fast and attackers are becoming smarter about developing new techniques.

    "We're in the experimental stage of mobile malware where the bad guys are starting to develop their business models," said Kevin Mahaffey, co-founder of Lookout Inc., a San Francisco-based maker of mobile security software.

    Wrong-doers have infected PCs with malicious software, or malware, for decades. Now, they are fast moving to smartphones as the devices become a vital part of everyday life.

    Last week, security researchers uncovered yet another strain of malicious software aimed at smartphones that run Google's popular Android operating system. The application not only logs details about incoming and outgoing phone calls, it also records those calls. That came a month after researchers discovered a security hole in Apple Inc.'s iPhones, which prompted the German government to warn Apple about the urgency of the threat.

    Some 38 per cent of American adults now own an iPhone, BlackBerry or other mobile phone that runs the Android, Windows or WebOS operating systems, according to data from Nielsen. That's up from just six per cent who owned a smartphone in 2007 when the iPhone was released and catalyzed the industry. The smartphone's usefulness, allowing people to organize their digital lives with one device, is also its allure to criminals.

    All at once, smartphones have become wallets, email lockboxes, photo albums and Rolodexes. And because owners are directly billed for services bought with smartphones, they open up new angles for financial attacks. The worst programs cause a phone to rack up unwanted service charges, record calls, intercept text messages and even dump emails, photos and other private content directly onto criminals' servers.

    Evidence of this hacker invasion is starting to emerge.
    Lookout says it now detects thousands of attempted infections each day on mobile phones running its security software. In January, there were just a few hundred detections a day. The number of detections is nearly doubling every few months. As many as one million people were hit by mobile malware in the first half of 2011.

    Google Inc. has removed about 100 malicious applications from its Android Market app store. One particularly harmful app was downloaded more than 260,000 times before it was removed. Android is the world's most popular smartphone operating software with more than 135 million users worldwide.
    Symantec Corp., the world's biggest security software maker, is also seeing a jump. Last year, the company identified just five examples of malware unique to Android. So far this year, it's seen 19. Of course, that number pales compared with the hundreds of thousands of new strains targeting PCs every year, but experts say it's only a matter of time before criminals catch up.
    "Bad guys go where the money is," said Charlie Miller, principal research consultant with the Accuvant Inc. security firm, and a prominent hacker of mobile devices. "As more and more people use phones and keep data on phones, and PCs aren't as relevant, the bad guys are going to follow that. The bad guys are smart. They know when it makes sense to switch."

    When it comes to security, smartphones share a problem with PCs: Infections are typically the responsibility of the user to fix, if the problem is discovered at all.

    The emergence in early July of a previously unknown security hole in Apple Inc.'s iPhones and iPads cast a spotlight on mobile security. Users downloaded a program that allowed them to run unauthorized programs on their devices. But the program could also be used to help criminals co-opt iPhones. Apple has since issued a fix.

    It was the second time this year that the iPhone's security was called into question. In April the company changed its handling of location data after a privacy outcry that landed an executive in front of Congress. Researchers had discovered that iPhones stored the data for a year or more in unencrypted form, making them vulnerable to hacking. Apple CEO Steve Jobs emerged from medical leave to personally address the issue.

    The iPhone gets outsize attention because it basically invented the consumer smartphone industry when it was introduced in 2007.

    But Apple doesn't license its software to other phone manufacturers. Google gives Android to phone makers for free. So, Android phones are growing faster. As a result, Google's Android Market is a crucial pathway for hacking attacks. The app store is a lightly curated online bazaar for applications that, unlike Apple's App Store, doesn't require that developers submit their programs for pre-approval.

    Android malware strains skyrocketLookout says it has seen more unique strains of Android malware in the past month than it did in all of last year. One strain seen earlier this year, called DroidDream, was downloaded more than 260,000 times before Google removed it, though additional variants keep appearing.

    Lookout says about 100 apps have been removed from the Android Market so far, a figure Google didn't dispute.

    Malicious applications often masquerade as legitimate ones, such as games, calculators or pornographic photos and videos. They can appear in advertising links inside other applications. Their moneymaking schemes include new approaches that are impossible on PCs.

    One recent malicious app secretly subscribed victims up to a service that sends quizzes via text message. The pay service was charged to the victims' phone bills, which is presumably how the criminals got paid. They may have created the service or been hired by the creator to sign people up. Since malware can intercept text messages, it's likely the victims never saw the messages just the charges.

    A different piece of malware logs a person's incoming text messages and replies to them with spam and malicious links. Most mobile malware, however, keep their intentions hidden. Some apps set up a connection between the phone and a server under a criminal's control, which is used to send instructions.

    Google points out that Android security features are designed to limit the interaction between applications and a user's data, and developers can be blocked. Users also are guilty of blithely click through warnings about what personal information an application will access.

    iPhone malware rareMalicious programs for the iPhone have been rare. In large part, that's because Apple requires that it examine each application before it goes online. Still, the recent security incidents underline the threat even to the most seemingly secure devices.

    A pair of computer worms targeting the iPhone appeared in 2009. Both affected only iPhones that were modified, or "jailbroken," to run unauthorized programs.

    And Apple has dealt with legitimate applications that overreached and collected more personal data than they should have, which led to the Cupertino, Calif.-based company demanding changes.

    "Apple takes security very seriously," spokeswoman Natalie Kerris said in July. "We have a very thorough approval process and review every app. We also check the identities of every developer and if we ever find anything malicious, the developer will be removed from the iPhone Developer Program and their apps can be removed from the App Store."

    Phishing works well on mobile usersA criminal doesn't even need to tailor his attacks to a mobile phone. Standard email-based "phishing" attacks tricking people into visiting sites that look legitimate work well on mobile users. In fact, mobile users can be more susceptible to phishing attacks than PC users.

    The small screens make it hard to see the full internet address of a site you're visiting, and websites and mobile applications working in tandem train users to perform the risky behaviour of entering passwords after following links, new research from the University of California at Berkeley has found.

    The study found that the links within applications could be convincingly imitated, according to the authors, Adrienne Porter Felt, a Ph.D. student, and David Wagner, a computer science professor.

    They found that "attackers can spoof legitimate applications with high accuracy, suggesting that the risk of phishing attacks on mobile platforms is greater than has previously been appreciated."

    A separate study released earlier this year by Trusteer, a Boston-based software and services firm focused on banking security, found that mobile users who visit phishing sites are three times more likely to submit their usernames and passwords than desktop PC users.

    Mobile users are "always on" and respond to emails faster, in the first few hours before phishing sites are taken down, and email formats make it hard to tell who's sending a message, Trusteer found.

    Still, mobile users have an inherent advantage over PC users: Mobile software is being written with the benefit of decades of perspective on the flaws that have made PCs insecure. But smartphone demand is exploding, with market research firm IDC predicting that some 472 million smartphones will be shipped this year, compared with 362 million PCs. As a result, the design deterrents aren't likely to be enough to keep crooks away from the trough.

    "It's going to be a problem," Miller said. "Everywhere people have gone, bad guys have followed."

    Smartphone malware infections soaring - Technology & Science - CBC News
    08-08-11 09:11 AM
  2. Buzz_Dengue's Avatar
    This is a huge edge over the competition...

    The market wants personal security AND the apps, advantage Blackberry!
    kbz1960 and Jake Storm like this.
    08-08-11 09:13 AM
  3. West Coast Flavor's Avatar
    Cool story man.

    Posted from my CrackBerry at wapforums.crackberry.com
    08-08-11 09:24 AM
  4. Dapper37's Avatar
    It will take some real world examples to start coming into the media for the masses to catch on... We in CB understand the rest seem not to care.
    08-08-11 09:38 AM
  5. cenloe's Avatar
    Just like Mac's rarely have viruses, hackers develop for the platform that will have the biggest payoff. It's easy to inject some malicious code into an application, especially when it can be side loaded (Android, BB). Apple seems to be in the best position because they have such tight reigns over the App Store. Cydia is a different story.
    08-08-11 09:55 AM
  6. Snick Snack's Avatar
    Just like Mac's rarely have viruses, hackers develop for the platform that will have the biggest payoff. It's easy to inject some malicious code into an application, especially when it can be side loaded (Android, BB). Apple seems to be in the best position because they have such tight reigns over the App Store. Cydia is a different story.
    It's not just about malaware apps, it's about platforms too... Apple is just as vulnerable as microsoft.
    Jake Storm and bdad14 like this.
    08-08-11 11:15 AM
  7. Tre Lawrence's Avatar
    If I was coding malware out with an eye for quick propagation, I'd do it in that order: Android, Apple (Cydia) and then BB.

    Simple economics.

    As always, user responsibility (like not downloading apps that lack plenty of feedback) is key.
    08-08-11 12:29 PM
  8. Accidental Post's Avatar
    Ask yourself this question does the average consumer care when buying a phone? I am sure Joe Shmoe walks into a carrier store and goes hmmm iPhone nice, Android nice, BB nice. I really want the iPhone or Droid but **** the BB is secure so here's my 200 bones and sign me up and give me that year old 9650 will ya....and RIM really needs to spend some money on advertising...not just BBM...but really advertising and not being afraid to take shots at android and apple.....Apple had no problem going after Windows..remember the I'm a MAC and I'm a PC commercials?
    Buzz_Dengue and ekv like this.
    08-08-11 02:16 PM
  9. tumer's Avatar
    so is google willing to pay for one of the best secured os?
    08-08-11 02:29 PM
  10. Tre Lawrence's Avatar
    so is google willing to pay for one of the best secured os?
    From Google's point of view, it may not matter. Not having the "best secured" doesn't seem to be hurting adoption of it's OS.
    Last edited by trelawrence; 08-08-11 at 02:48 PM. Reason: spelling
    08-08-11 02:33 PM
  11. Barefoot_Kevin's Avatar
    One of the reasons I'm not crazy about Android on my PB

    Sent from my BlackBerry 9650 using Tapatalk
    08-08-11 02:37 PM
  12. Accidental Post's Avatar
    so is google willing to pay for one of the best secured os?
    No because the average consumer doesn't know/care. And RIM has no intention of advertising the problem. This is the problem with RIM the two headed monster is confused.

    Look as soon as Windows Vista was known to be a flop what did Steve Jobs do?

    He went directly after the Windows users and basically told them if you don't want a piece of garbage OS come check us out. Well his market share soared.

    Now imagine if RIM would just pull their heads out of their fifth point of contact and explain to people hey you want to lose sensitive data then by all means buy a Android based phone. But if you want a sense of security that the DOD and Gov't s have then check out or new line of OS 7 devices.
    Last edited by Accidental Post; 08-08-11 at 04:31 PM.
    Jake Storm likes this.
    08-08-11 02:46 PM
  13. Tre Lawrence's Avatar
    One of the reasons I'm not crazy about Android on my PB

    Sent from my BlackBerry 9650 using Tapatalk
    It's in a sandbox, no? Nothing to fear.
    08-08-11 02:47 PM
  14. Tre Lawrence's Avatar
    No because the average consumer doesn't know/care. And RIM has no intention of advertising the problem. This is the problem with RIM the two headed monster is confused.

    Look as soon as Windows Vista was known to be a flop what did Steve Jobs do?

    He went directly after the Windows users and basically told them if you don't want a piece of garbage OS come check us out. Well his market share soared.

    Now imagine if RIM would just pull their heads out of their fifth point of contact and explain to people hey you want to lose sensitive data then by all means by a Android based phone. But if you want a sense of security that the DOD and Gov't s have then check out or new line of OS 7 devices.
    I agree.

    My Android device is no less secure than any BlackBerry (I humbly say due to smart usage), but perception sells. RIM needs to take the gloves off.
    Buzz_Dengue likes this.
    08-08-11 02:51 PM
  15. dentynefire's Avatar
    I agree.

    My Android device is no less secure than any BlackBerry (I humbly say due to smart usage), but perception sells. RIM needs to take the gloves off.
    Yeah Right
    milhouse999 and Jake Storm like this.
    08-08-11 03:57 PM
  16. trsbbs's Avatar
    I agree.

    My Android device is no less secure than any BlackBerry (I humbly say due to smart usage), but perception sells. RIM needs to take the gloves off.
    Ahh,,not so...do some research on the two and you will find big difference in between the security of the phones.

    The fact that the Playbook is certified for use within the U.S. government and not any other tablet should tell you something.

    Tim
    Jake Storm likes this.
    08-08-11 04:01 PM
  17. Accidental Post's Avatar
    Ahh,,not so...do some research on the two and you will find big difference in between the security of the phones.

    The fact that the Playbook is certified for use within the U.S. government and not any other tablet should tell you something.

    Tim

    See thats the point the average consumer does NO research they see their friends with iPhones and Droids and say thats cool I am going to go buy one. RIM is so blind to this they are losing in the AVERAGE consumer market. If they had any sense they would heavily advertise the security of the BlackBerry. But instead the tout BBM which was used in London by the rioters......
    Jake Storm likes this.
    08-08-11 04:33 PM
  18. pittpanthersfan's Avatar
    Security ultimately falls on the user. All of the malware mentioned in the article relies on the user granting permissions to the malware. BlackBerry is no exception (see Zeus: downloadsquad.switched.com/2011/03/07/zeus-malware-variant-begins-targetting-blackberry-users). Also, phishing emails are device agnostic.
    08-08-11 06:42 PM
  19. john_v's Avatar
    The part of the article that mentioned how it's harder to tell on a smartphone if a link is a phishing link or not caught my eye; I actually thought about this earlier today. When I click a link in an email on my Bold, it shows me the actual address and asks me if I want to continue. That's a really nice feature; gives you confidence that you're really going where you think you are.

    But like many others have pointed out...a lot of security starts with the user.
    08-08-11 07:16 PM
  20. Tre Lawrence's Avatar
    Ahh,,not so...do some research on the two and you will find big difference in between the security of the phones.

    The fact that the Playbook is certified for use within the U.S. government and not any other tablet should tell you something.

    Tim
    I'd humbly state that few people do more research than me.

    No BlackBerry is less likely to get malware than my Android because of how I use my device. The certification of the Playbook has nothing to do with my statement.
    08-08-11 07:43 PM
  21. Tre Lawrence's Avatar
    Yeah Right
    Read my statement again, and prove me wrong.
    08-08-11 07:45 PM
  22. flyersfan76's Avatar
    See thats the point the average consumer does NO research they see their friends with iPhones and Droids and say thats cool I am going to go buy one. RIM is so blind to this they are losing in the AVERAGE consumer market. If they had any sense they would heavily advertise the security of the BlackBerry. But instead the tout BBM which was used in London by the rioters......
    And Twitter and Facebook is used by America's who think flash mobs are funny and cool. Who cares what service is used. Morons with no sense of responsibility and a huge sense of entitlement will use any means necessary to show that their lives MEAN something.

    Isn't it sprint showing the Flash Mob Dance type things as a commercial. I have no idea what they are called but you get the point.
    08-08-11 10:02 PM
  23. Branta's Avatar
    Not news or rumor about RIM devices. Bordeline spam.
    08-09-11 07:44 AM
LINK TO POST COPIED TO CLIPBOARD