InfoSecurity -- A comprehensive magazine on IT Security (a Security magazine)

InfoSecurity Nov 2009

Back to Contents

Anniversary Special

Emerging Trends in Mobile Security

Industry experts and analysts believe that Mobile security will attract hackers to gain significant momentum, as no. of mobile device users are increasing at an unprecedented speed. This article delves deeper to provide the current and future state of mobile security.

Mobile malware evolved rapidly during the first two years (2004 – 2006) of its existence. During this period, a wide range of malicious programs targeting mobile phones appeared, and these programs were very similar to malware which targeted computers: viruses, worms, and Trojans, the latter including spyware, backdoors, and adware.

This threat landscape created conditions which could be used for an all-out attack on smartphone users. However, such an attack did not occur. The reason for this was the rapidly changing situation of the mobile devices market. Two years ago, Symbian was the undisputed market leader. If the situation had remained unchanged, there would now be an enormous amount of malware for Symbian smartphones. However, things have changed: Symbian (and Nokia) have lost their leading market share to other mobile operating systems and devices. At present, Nokia's share of the smartphone market is around 45%.

Inspiring Attackers……….

Microsoft was the first to strike a competitive blow with its Windows Mobile platform. Today, Windows Mobile holds about a 15% share of the global smartphone market, and is the market leader in some countries. Sales of mobile phones running Windows Mobile may currently exceed 20 million devices a year.

The launch of Apple's iPhone was the most memorable and significant event in the recent history of mobile devices. The iPhone uses the mobile version of Mac OS X, and very quickly became one of the best selling mobile devices across the world. By now, more than 21 million iPhones of all types have been sold; if sales of the iPod Touch (an iPhone without the phone) are included, then the total number reaches 37 million.

Add the recently launch of the first phone using Google's Android platform, which offers a lot of possibilities for creating applications and using Google services and suddenly, it's very unclear which platform could be seen as being the leader. This situation – absence of the obvious leader – differs dramatically from the world of PCs, which is clearly Windows-dominated. After all, it's the popularity of an operating system that makes it a target for cybercriminal attack.

When virus writers realized that there was no clear leading operating system for mobile devices, they also realized it wouldn't be possible to target the majority of mobile device users with a single attack. Because of this, they started focusing less on writing malware which targeted specific platforms, and more on creating programs capable of infecting several platforms.

Virus writers have managed to solve the issue mentioned above of which platform to target. The solution appeared as virus writers were attempting to create "cross-platform" malware. As they had rejected the idea of creating malware for a specific platform, they turned their attention to Java 2 Micro Edition.

Technology Java 2 Micro Edition provides functionality of platform-independent programming language Java in mobile devices. Just about all modern mobile phones, not to mention smartphones, support Java and can run Java applications which can be downloaded from the Internet. In creating malicious Java applications, virus writers have transcended the limits of a single-platform approach and have managed to significantly extend the number of infectable devices, which now includes regular mobile phones as well as smartphones.

Gaining Momentum…….

In late August 2006, there were 31 mobile malware families and 170 modifications. As of mid-August this year, Kaspersky Lab had identified 106 families and 514 modifications, giving 202% growth within the space of three years. The number of malware families has increased by 235%.

Between 2006 and 2009, the amount of malware for mobile devices trebled. This shows that the growth rate demonstrated between 2004 and 2006 has been maintained.

Three years ago, mobile malware was capable of:

Spreading via Bluetooth, MMS
Sending SMS messages
Infecting files
Enabling remote control of the smartphone Modifying or replacing icons or system applications
Installing "fake" or non-working fonts and applications
Combating antivirus programs
Installing other malicious programs
Locking memory cards
Stealing data

Mobile malware has adopted a number of new technologies and techniques within the past three years and now includes the following:

Spreading via removable media (memory sticks)
Damaging user data
Disabling operating system security mechanisms
Downloading other files from the Internet
Calling paid services Polymorphism

Powerful Threats and Future…….

Cabir and ComWar were the most widespread mobile threats, as each was detected in more than 30 countries. The most high-profile incident occurred in Spain when more than 115 thousand users were infected with a ComWar variant in the spring of 2007.

Fortunately, the mobile operators’ focus on emerging threats and the implementation of antivirus scanning of MMS traffic helped arrest the propagation of these worms. Other measures which also helped combat local epidemics included antivirus products for mobile devices, which were often pre-installed on the device; new protection methods being integrated into operating systems, which ensured only signed applications were allowed to run; and lastly, the phones vulnerable to Cabir and ComWar have gradually disappeared from the market.

However, there has been at least one mobile worm in the last three years that was able to spread in several European countries. Smartphones are popular and are being used more and more often to do business, surf the Internet, access bank accounts, and pay for goods and services. This will lead to an increased number of cybercriminals and scammers wanting to exploit these actions for illegal gains.

Today's malware is capable of doing many things: stealing and transmitting the contact list and other data, locking the device completely, giving remote access to criminals, sending SMS and MMS messages etc. With smartphones increasingly being used in business for remote working or while travelling, a disabled phone can be a serious handicap. And if a cybercriminal gains access to a corporate network or email, this creates a breach in the company’s security system.

—By: Alex Gostev, Director of Global Research & Analysis Team
Denis Maslennikov, Mobile Research Group Manager.