Almost everyone has a smartphone, and the number of tablet owners is growing every day. We might think they are immune to online threats, but Kaspersky warns that this definitely isn’t the case
Modern smartphones and tablets are so powerful, that they more closely resemble miniature PCs than the mobile phones of only a few years ago. We can send email, check our bank balance and access all our social networks using these devices, yet most people don’t seem to think they can be attacked by cyber criminals in the same way that their computers can. This is far from the truth, as we learnt from Kaspersky Labs’ Senior Security Researcher Vicente Diaz.
Malware that targets mobile phones is nothing new; proof of concept attacks were around as early as the year 2000, with a small number of Symbian threats appearing between 2004-2006, but there was very little money to be made from them. Now almost everyone owns a smartphone, there’s a much greater reward from finding ways to attack them with malware. With this in mind, it’s unsurprising that smartphone malware grew almost 65% in 2005, and is set to grow even higher by the end of the year.
Click to enlarge this image
No mobile operating system is completely secure, but the main offender is most definitely Google’s Android OS. Currently only a small percentage of the 70,000 threats identified by Kaspersky Labs every day are tailored to attack Android devices, but this is still 70% of all mobile targets. Symbian is a distant second with 23% of all attacks, while Windows Mobile falls to third with 6%. The difficulty in breaching Apple’s notoriously strict App Store guidelines means iOS threats are few and far between, but jailbroken phones are still susceptible to attack.
OPEN TO OFFERS
Because Android is an “open” operating system, with a lenient submissions policy for its app store, it’s surprisingly easy to make a fake app available to users. One app that successfully made it to the app store could take complete control of your phone, record calls, send text messages and skim personal data. It affected over 200,000 users, who were probably unaware what it was doing.
Attacks such as this are useful at capturing information such as usernames and passwords, but as we’ve seen, this data is relatively small fry on the black market. Instead, criminals can use this data to perform social engineering attacks that can generate much more money. Once an attacker knows your email address he can contact you. With Geotagging, he knows your rough location, and if you use a banking app, he may know your account or credit card details. With this information, a convincing-looking letter supposedly from your bank could convince you to hand over the CCV code on the back of your credit card, or scan in your passport to “confirm your identity.” These details sell for much higher amounts, and are therefore highly valued.