The news on mobile device security is never very good. A report from Avast continues that trend.
The report comes from a company that sells security software and, therefore, should be taken with a grain of salt. Indeed, the press release mixes its findings with product pitches. By the same token, however, its findings shouldn’t be disregarded for that reason.
The firm found that attacks on Android devices rose 40 percent on a year-over-year basis ending with the second quarter. In raw numbers, the firm found that threats aimed at requesting root access (rooters) represented 22.8 percent of threats, downloads aimed at social engineering attacks (also known as droppers) held an almost identical 22.76 percent, and fake apps 6.97 percent. It’s interesting that the top three threats were barely more than half detected. An average of 788 variations of particular viruses per month were tracked, which is an increase of 22.2 percent from the second quarter of last year.
Bluetooth is not exempt from the challenges. The news of “BlueBorne,” a set of eight separate flaws in Bluetooth, is not solely a mobile problem. But it largely is. Security firm Armis, which uncovered the vulnerabilities, said that they could enable attackers to take over devices, establish man-in-the-middle attacks, and gain access to networks and data. Bluetooth deployments in Android, Microsoft, Linux and iOS before version 10 are vulnerable.
The company says that this is one of the most serious Bluetooth vulnerabilities ever:
Previously identified flaws found in Bluetooth were primarily at the protocol level. These new vulnerabilities are at the implementation level, bypassing the various authentication mechanisms, and enabling a complete takeover of the target device.
The government is trying to help. Last week, The Department of Homeland Security’s Science and Technology Directorate funded five research and development projects. The projects will be managed by the Mobile Security R&D program, which is part of the Cyber Security Division of the Homeland Security Advanced Research Projects Agency. The contracts and projects, which are described in the press release, went to Qualcomm Technologies, Lookout, The United Technologies Research Center, Apcerto and Red Hat.
Mobile security is a never-ending back and forth between law breakers and those protecting their data, networks and the public. The news this week from that front is not particularly encouraging.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at [email protected] and via twitter at @DailyMusicBrk.