Security Vulnerabilities at All-time Highs for Mobile Devices
Mobile security recommendations for consumers and administrators.
I wasn't too surprised when I saw an email from Lookout with its 2012 Mobile Threat Predictions. After all, everyone else has added mobile threats and mobile malware among their top 10 security threat predictions for next year. Plus, mobile devices have concerns that are unique to them. Android is going to be a particular target. As the Lookout blog pointed out:
2011 has seen the emergence of a credible field of Android malware, with a 4% yearly likelihood of an Android user encountering malware, which was a significant increase compared to the beginning of the year. In the beginning of 2011 we measured a 1% yearly likelihood. In total, we have identified more than 1000 instances of infected applications, which is a doubling since the beginning of July 2011.
But some of these threats are not OS-specific - such as the expected increase in vulnerabilities found in the mobile platforms. Vulnerability risks are compounded because people aren't as vigilant about updating mobile devices as they are computer software. (Want a good New Year's resolution idea? Vow to update your phones, tablets and computers as soon as you are prompted.)
The threat listed first on the Lookout list may or may not be the top threat, but it is one that I see as only becoming a bigger security risk as we move into 2012 and beyond. Lookout calls it "mobile pickpocketing," explaining:
Because many mobile devices now have the ability to charge your phone bill via SMS billing and phone calls, malware has begun using these mechanisms to steal directly from user accounts. With mobile phones, money is just a click away through carrier billing fraud, and we expect more malware to exploit this efficiency.
For the bad guys, this is a dramatic improvement over PC-based malware, where a hacker has to first steal bank or credit card credentials and then find a way to access the accounts.
Other threats that Lookout predicted tend to mirror the attacks that one would see happen to a PC, like malvertising and browser attacks. A slightly more mobile-device-specific threat involves apps and automated repackaging, where malware writers infect users with repackaged versions of applications.
To protect yourself, Lookout uses the standard suggestions: Don't download apps through third-party vendors (instead, go through the OS's authorized market), don't click on shortened URLs (Lookout said scammers are more likely to infect a shortened URL sent to a mobile device than to a PC), don't automatically "ok" an app and don't click on in-app advertisements.