A Tale of Two Mobile Threat Reports

Paula Musich
Paula Musich

Summary Bullets:

  • Threat researchers from Sophos and F-Secure agree mobile malware overwhelmingly targets Android and the amount of Android malware is growing rapidly.
  • Where they diverge is in their view of how many vulnerabilities exist between Apple’s iOS and Google’s Android mobile operating systems.

There was an interesting contrast between competing mobile threat reports that surfaced this week from Sophos and F-Secure.  Sophos published its first-ever Mobile Security Threat Report, which debuted at Mobile World Congress, while F-Secure published its Threat Report H2 2013, which included a look into mobile malware.

It is no surprise that most malware targets Android, rather than iOS, given that Android commands the lion’s share of users.  In its report, F-Secure found that 97% of mobile malware targets Android, with 804 new Android malware families and variants found.  Interestingly, the other 3% targeted Symbian.  Given the shrinking number of Symbian users, that finding is rather curious.  Sophos noted in its report that the very first mobile malware to be detected targeted Symbian devices back in 2004.

The other factor driving malware writers in overwhelmingly targeting Android, especially over iOS, is the fact that the primary launching pad for attacks – apps from the public market places – are not as well controlled for Android as they are for iOS.  Apple’s App Store takes a walled garden approach to vetting apps, while Google Play and third-party marketplaces do not.

This is where Sophos and F-Secure diverge in their findings.  Sophos assumes that there are fewer vulnerabilities in iOS that malware writers can exploit, given that Apple does not give access to APIs for iOS.  However, F-Secure maintains that there is only a handful of Android malware programs that target actual vulnerabilities in the operating system.  For 2013, it found that just seven vulnerabilities were publicly announced for Android.  Contrast that with Apple iOS, which had 90 vulnerabilities made public in 2013.   Of course, there could be an alternate explanation for that difference.  It could be that many more Android vulnerabilities found in 2013 were never made public, and instead were sold on the black market to mobile malware writers.  Or, it could be that it is just easier for cybercriminals to use social engineering tactics to trick users into giving them access to their devices, rather than finding unpatched vulnerabilities and writing exploitations for them, as F-Secure maintains.  In either case, threats exist for both iOS and Android, which may come as a surprise to a lot of iPhone and iPad users.

So, what can you do to protect yourself from this growing threat?  First of all, avoid using third-party marketplaces, especially Android marketplaces such as AnZhi, Mumayi, Baidu and – the worst of all – Android 159, where F-Secure found that one-third of applications it analyzed contained malware.  The Apple App Store is fairly thorough in vetting apps before they are allowed to be distributed through it, and Google is improving its vetting of apps.  F-Secure maintains that the most common type of Android malware are Trojans that inject malware into legitimate apps, and it found that only .1% of apps it analyzed in Google Play were infected.

Whether you are an iOS or Android user, you should also be highly cautious in giving out permissions to access personal information such as contacts for apps you want to download and bring a skeptical eye to any transactions that prompt you to provide sensitive information.   The use of strong passwords and encryption is also a good idea, and for heaven’s sake, DO NOT jailbreak your device.

What do you think?

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.