Researchers warn against random downloads, advise using security software.
Malware attacks on mobile devices, especially on Google Inc’s Android operating system, have surged in recent times, says computer security researchers.
According to Trend Micro, a global cloud security leader, there has been a 14-fold increase of malware targeting Android smartphone users in the last six months alone. Another report from McAfee, a security solutions company, estimates that the malware targeted at Android devices jumped 76 per cent since the last quarter, making it the most attacked mobile operating system.
Sample this: Bangalore-based software professional Swetosuvro Ghosh had started using an Andriod smartphone but was soon forced to move back to his BlackBerry device. “There was a virus attack and the phone would dial automatically. After a number of complaints from my colleagues and friends, I shifted back to my old BlackBerry.” And, Ghosh is not the odd man out.
Reseachers say Andriod is fast becoming the hotbed for malware and rogue apps. In the past year, Trend Micro reports that they have recorded cases of mobile malware infection and exploitation plague users straight from the shelf.
For example, Vodafone was blamed for shipping 3,000 worm-laden HTC Android smartphones. Trend Micro believes that it was an infected computer in the production line that had caused the problem. Samsung was another company that had inadvertently distributed malware along with its new S8500 Wave smartphones. The worm attempted to infect a user’s PC when the phone was connected to it.
More From This Section
In comparison, Apple’s iOS’ was found to be among the safest of all mobile platforms, according to Symantec. “There has been unprecedented growth of non-PC devices in recent years, as consumers rely on these new devices to communicate and store their private information. From streaming their favourite music station, getting the high score hurling birds through the air and filing their taxes online, consumers deserve to feel confident regardless of what they do on their mobile phone,” notes Gaurav Kanwal, country sales manager, (Consumer Products and Solutions), Symantec India.
Symantec says, Android offers no built-in, default level encryption, and instead rely on isolation and permissions to safeguard data. “Thus, a simple jailbreak of an Android phone or theft of the device’s SD card can lead to data loss. As with Apple iOS, Android has no mechanism to prevent social engineering attacks.”
The primary security flaw in Android devices is the lack of an approval system on its app store, according to McAfee. Today, over 3,00,000 apps are available on the Android app store and the total number of downloads is estimated to be around three billion, making it an ideal place for cybercriminals to target devices. This security hole has been well protected by Apple, which has notoriously stiff criteria that must be met by developers before their applications can be allowed on its App Store.
Pune-based Preksha Bhadodia, an interior designer, bought the HTC Thunderbolt, using the Android platform in March this year. “Since this was my first Android device, I downloaded hundreds of free apps to my smartphone without really checking the apps.” Later, Bhadodia received an email notification from Google informing her about some malicious apps on her device.
| DOS AND DON'TS |
| Unless you are a developer or someone familiar with Android OS, you should avoid rooting your device. To "root" an Android device means to remove the manufacturer/telecom operator restrictions on the device, making it easier for third-party developer to install and deliver apps. In other words, rooting will give system-level access to the device's core resources making it vulnerable to security threats from rogue apps. |
| * Take a good look at the access rights you give an Android app while installing it. |
| * Protect your Android device by locking it with a password. Depending on the handset, you can choose your password from device's Settings menu. |
| * If you find an app's download size exceeding what is specified, it's best not to install that app. |
| * Use recommended sites with high traffic or trusted apps stores to download Android applications. |
| * Install apps like Lookout Mobile Security, Norton Mobile Security, McAfee Mobile security, or Kaspersky Mobile tools that keep data and device secure. |
| * When an update is available for any app, install it as early as possible. Even the OS should be kept updated. |
| * Avoid accessing your Android device on a public Wi-Fi |
“Google informed me that an update will be automatically pushed to my device – an Android Market security update – that will undo exploits caused by the malicious applications that were removed from the Android Market on March 1,” she says, adding that she would have never figured the presence of rogue apps out of the 150+ apps that she had on her handset.
Google used remote security control to push a Android Market security tool that bulldozed a malware called DroidDream off Bhadodia’s phone that had been identified in the Android Market earlier this year.
Vinoo Thomas, technical product manager of McAfee, says compromised Android phones can be easily used to send SMSes to premium numbers automatically. “The malware writer can remotely control the device, leading to an inflated phone bill for the user,” he lists. Further the cybercriminals can also copy contents such as calendar entries, contact list, e-mails, text messages, pictures and private videos from mobile devices once their security is breached.
Given the many mobile phone risks, experts prescribe users to practice caution to avoid malware infection, including downloading apps from trusted sites, avoiding unsecure browsing, utilising built-in security features of the phone and installing security software offered by security providers.
Norton Mobile Security has launched a security system for Android 2.0, and McAfee too has released a product called McAfee Mobile Security, which works on BlackBerry, Android, Windows as well as Symbian devices.
With inputs from Priyanka Joshi