Mobile phones – the next malware focus point?
August 1, 2011
Posted by on
if you use your mobile to manage your finances then you may be putting yourself at risk according to event reports from security experts. The desktop PC has been the exploited tool of choice for malware but the smartphones of today are more powerful than ever and practically mobile computers in their own right. As we carry so much information on these devices and do more on them, it was only a matter of time before they got exploited.
A recent example of this with the new Zeus for the mobile, nicknamed ‘Zitmo’. Zeus on the PC has been a plague on Microsoft for the past four years and now it has surfaced on Android. Zitmo works in a new way; It is downloaded as malware on the desktop PC and sleeps till it recognises that a financial transaction is in place, intercepts the request and informs the user that as part of new security procedures, verification is required via mobile phone. The downloaded software however is simply malware to take control of the phone,
Zeus is just one example of malware on phones and Trojans can get onto phones in a myriad of ways; clicking a link or downloading an attachment with a virus that takes control of the phone. Connecting up to public Wifi spots can leave a phone vulnerable to attack too.
“The mobile phone industry is not fit for purpose, especially for financial transactions,” says Alex Fidgen of MWR InfoSecurity, one of the biggest cybercrime-busting outfits in The UK. “The evidence is irrefutable. You cannot be assured of security with modern smartphones. As soon as the handset is compromised, then any data is up for grabs.”
Android is seen as the most vulnerable of the mobile environments due to the amount of variations in OS versions across phones and because there is no vetting of submitted applications, it is quite trivial to distribute malware in the marketplace. Apple has a much tighter control over the distribution of apps but has no application sandboxing like Android, Jailbreak the device though and the possibility of malware increases. RIM by it’s very nature is deemed as the most secure mobile platform,
Recommendations from MWR on how to stay secure:
- Don’t trust links or attachments from people you don’t know. If a person you do know has sent you a link or attachment, check with them that it is legitimate before opening it.
- Don’t use public Wi-Fi, especially for financial transactions or other secure personal transactions.
- Do apply any updates that are made available for your devices.
- Do only install applications from reputable publishers.
- Don’t “jailbreak” your iPhone.
- Do set an unguessable pin in case your phone is stolen