Mobile Malware Is Increasing

According to a report by Juniper, mobile malware is increasing dramatically.

In 2011, we saw unprecedented growth of mobile malware attacks with a 155 percent increase across all platforms. Most noteworthy was the dramatic growth in Android Malware from roughly 400 samples in June to over 13,000 samples by the end of 2011. This amounts to a cumulative increase of 3,325 percent. Notable in these findings is a significant number of malware samples obtained from third-party applications stores, which do not enjoy the benefit or protection from Google's newly announced Android Market scanning techniques.

We also observed a new level of sophistication of many attacks. Malware writers used new and novel ways to exploit vulnerabilities. 2011 saw malware like Droid KungFu, which used encrypted payloads to avoid detection and Droid Dream, which cleverly disguised itself as a legitimate application, are a sign of things to come.

News story.

I don't think this is surprising at all. Mobile is the new platform. Mobile is a very intimate platform. It's where the attackers are going to go.

Posted on February 23, 2012 at 6:27 AM • 17 Comments

Comments

kingsnakeFebruary 23, 2012 8:09 AM

Some people prefer not wasting valuable mental resources on non-essential tasks, saving those mental resources for the problem they are actually attempting to solve, rather than some peripheral problem 10 levels of problem deep.

GweihirFebruary 23, 2012 8:14 AM

One of the reasons I do not have a smartphone. The other is that I actually do not need one.

WinterFebruary 23, 2012 8:27 AM

Most of the Android malware came from third-party app stores. Google's Android market is relatively safe.

On iPhone, you do not have a choice of app stores, so you can be as safe as on the Android market, but without Android's choice.

Some people rather not have a choice, it seems.

VendorBendorFebruary 23, 2012 9:00 AM

I think the real problem with a "smart phone" is that their is no separation between hardware and OS but more importantly no separation between hardware and service. On a standard computer you have the choice of ISP and choice of hardware and choice of OS. With mobile you have much less of a choice because of provider lock-in. Updates are available and actively developed far less than they should be. And more than that, with Android, you have the service providers controlling those as well. Apple is a bit different, but then you still have the proprietary software to trust. Bruce has got many posts about concepts of secrecy and security.

Also the security model is terrible. I download some trivial app (i.e. compass/flashlight) and I can't use it unless I allow network access and phone services? That kind of model means nothing to normal users when they just want the simple function and will agree to anything.

I write the news that makes the whole world ring.February 23, 2012 9:01 AM

Malware is written to affect computers.
Mobile devices are computers.
Production and sales of mobile devices is increasing dramatically.

Mobile device malware is increasing dramatically.

Addendum: Buy our stuff because we are smart and can protect you.

RichFebruary 23, 2012 9:34 AM

Wouldn't Apple be at more of a risk? Say a user visits an infected website which exploits a bug in libpng via a specially crafted image which results in remote code execution.

You have effectively rooted the phone, and now have complete access to the contacts in the phone. Send that to everyone within the contacts, and since everyone's pretty much at the same patch level (due to network upgrades and the such), everyone with a similar iPad/iPhone will also be compromised.

LinkTheValiantFebruary 23, 2012 9:36 AM

Also the security model is terrible. I download some trivial app (i.e. compass/flashlight) and I can't use it unless I allow network access and phone services? That kind of model means nothing to normal users when they just want the simple function and will agree to anything.

This problem is not unique to mobile programming though. We saw this with Windows. Remember attempting to run applications and being halted because they "required" full administrator privileges to RUN? (And it isn't as though the situation is better now. It's just papered over for the general consumer.)

Mr. Robinson has remarked on "code cutters" before. This problem in Windows, and its successor on mobile platforms, arises precisely because of this programming mentality: "We don't know what we need to get the job done, so let's grab everything just in case."

And of course, since the populace doesn't know better than to give everything everything (as good as) root access, of course malware developers will exploit that.

PEXCONFebruary 23, 2012 9:45 AM

The interesting effect to follow will be how the mobile net providers will deal with this.

Malware on the single phone might spread to other users and systems why the net will, eventually, be jammed and overloaded.

How will authorities (nations) deal with the effects when communications will be hampered?
One side effect with the "open source environment" is that it will easier let nutcases into the "systems"...we will rely more and more to the mobile way of living and now they (nutcases) hamper our living conditions.

Who is responsible for what?
Will there be changes in legislation and thereby more control?
How much control and monitoring do we want?

Dr. I. Needtob AtheFebruary 23, 2012 9:52 AM

I get suspicious when I see someone write about "a 155 percent increase", or some similarly stated statistic. If you speak of a "100% increase" then it's generally clear that you mean the figure doubled in size, but to some people, when a figure increases by 1/2 to 150% of its previous size, that's a "150% increase."

Consider the growth "from roughly 400 samples ...to over 13,000 samples ... This amounts to a cumulative increase of 3,325 percent." For that to be true, the figure of "over 13,000 samples" would have to actually be 13,700 in order to be an increase of 3,325% over 400, and it's questionable that this author would characterize 13,700 as merely "over 13,000" when he clearly wishes to make the figure sound as large as possible.

So, was there actually only a 55% increase in mobile malware attacks? I wonder.

LinkTheValiantFebruary 23, 2012 2:56 PM

Consider the growth "from roughly 400 samples ...to over 13,000 samples ... This amounts to a cumulative increase of 3,325 percent." For that to be true, the figure of "over 13,000 samples" would have to actually be 13,700 in order to be an increase of 3,325% over 400, and it's questionable that this author would characterize 13,700 as merely "over 13,000" when he clearly wishes to make the figure sound as large as possible.

It's possible it's a misprint. 13,000/400 is 32.5. Sensationalism notwithstanding, a figure increased to 3250% of its old value is significant. You are entirely correct that the ambiguity in 55% vs 155% leaves a lot of room for FUD.

Even so, an increase by 55% is not insignificant for one year.

Dr. I. Needtob AtheFebruary 23, 2012 3:57 PM

I figure the amount characterized as "over 13,000 samples" was actually 13,300, and he correctly calculated the ratio of that number to 400 as 3,325%, but incorrectly called it "a cumulative increase of 3,325 percent."

If that's how he does his math, then that means he overstated the increase in mobile malware attacks by a factor of almost three (more accurately, 2.82).

fail whaleFebruary 23, 2012 7:03 PM

buy a pay as you go simple phone, with no camera, no (blackberry) keyboard, no monthly or yearly contract, with a removable battery, and keep the battery removed until you make a call then remove it following your call.

I'm of the opinion that smartphones are spyware on the go and addon applications make them even worse. most of these new phones and apps have not gone through years of testing to work bugs and malware out.

stick with a simple phone, not a fancy one with a battery you cannot remove which is always on even when you shut it off.

proprietary firmware is evil.

Natanael LFebruary 25, 2012 2:53 AM

To you Apple fans: Don't forget that Moxie had an exploitable app in the App store for over a month. A JIT bug could have given him root access on any user's iPhone. Apples solution? Kick him out.

Asad QuraishiFebruary 25, 2012 9:22 AM

Why is someone who owns an iPhone an Apple fan and someone who owns an Android-based device 'exercising choice'? I would say both groups are making equally valid choices.

Nor do I agree that iOS not allowing malware or virus protection tools is necessarily a bad thing (as Juniper suggests) if iOS is secure enough. If the App-store process (barring outliers) is a good-enough screen.

Bruce, what are your thoughts on Apple's vs. Google's approach to security?

GStarrJune 17, 2012 8:17 PM

Have you heard of any link between the recent "state sponsored" Gmail hacks and malware running on Android phones? Gmail at least on some Android devices is "always on", i.e.; cannot be logged out. If Gmail is hacked/infected, then phones (could be) too. Do you agree?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..