A new report from McAfee shows a jump in the number of threats targeting mobile devices. Symbian and Android took the brunt of the attack, and users should take steps to keep secure.
Threats to smartphones and tablet devices were increasingly common in 2010, according to research by Internet security company McAfee Inc. The firm released its Threats Report: Fourth Quarter 2010 this week—a report that suggests mobile devices are as vulnerable to cyber crime as any other technology.
In 2010, the number of new mobile malware increased by 46 per cent from 2009, the report suggests. McAfee’s research identifies several operating platforms that have experienced threats, the most common occurring with Symbian OS, which is what Nokia smartphones use, and Java 2 Mobile Edition. The two combined account for more than half of the reported threats.
Among the other threats was Android.Geinimi, a Trojan inserted into apps and games on mobile phones. As Santa Clara, Calif.-based McAfee puts it, the growing number of web-based devices, including mobile phones and Internet TV, means more emerging threats that are greater in size and sophistication.
Related Story: Android trojan records phone conversations to steal data
“This is a whole new approach,” says Doug Cooke director of sales engineering for McAfee Canada. The threats to mobile devices have increased rapidly in the past year, and research is still being done on how to combat these attacks.
At this point, Cooke says, the cyber attacks on mobile devices are fairly limited to botnets and Trojans, which are not as sophisticated as attacks on a PC. But personal information can still be at risk and since IT departments are not as experienced with these kinds of attacks, it’s important to prevent them from happening.
When companies give employees tablets or smartphones, they can limit which applications are downloaded and how information is shared. But not all companies do this, says Cooke. The more challenging part, he says, comes with employees bringing in their own personal devices for work purposes, which will then have company information stored on them.
Users are often conditioned to simply scroll through the agreements before downloading an app, which presents a problem, says Zach Lanier, a senior consultant for Intrepidus Group, a New York -based tech security firm.
Users of an app like this may not consider why it needs access to their contact list, or why the app requires certain information, “because they really want to get Angry Birds on their device right now,” he says.
Another problem comes with “jailbreaking,” or breaking down security barriers that prevent certain apps from being used. This is common on iOS and Android devices, says Lanier. Users need to realize that those barriers a re put there for a reason, he says.
Both Cooke and Lanier recommend some basic steps for protecting information on mobile devices. Businesses (and individuals), they say, should encrypt the information on the devices they use, as well as having pins and passwords where necessary.
Lanier also recommends users install updates regularly. If software or an application is offering an update, it’s probably for a good reason, he says, like fixing a glitch that might be potentially harmful.
Eventually, Lanier says, mobile developers will begin building security features into their platforms rather than relying on external software. He points to Research in Motion, makers of BlackBerry, as a company that has had some success with this.
Other highlights of the Threats Report include greater prevalence of malware online and spam levels in transition to lower levels. Phishing URLs were also highly prevalent in the fourth quarter, especially through social networking sites.
Such scams are especially common around this time of year, when cyber criminals take advantage of Valentine’s Day by creating malware threats through dating websites and e-cards. The scams have even gone as far as the “Kama Sutra PowerPoint” threat, a spam slideshow of various sexual positions.
Once downloaded, the PowerPoint installs malware on the user’s computer.