& cplSiteName &

US Govt. Warns of Android Malware Threat

Sarah Thomas
8/27/2013
50%
50%

The Android operating system accounted for 79 percent of all mobile malware threats in 2012, compared to Apple's iOS, which is targeted less than 1 percent of the time.

These findings were released Tuesday in an internal memo obtained by Public Intelligence from the US Department of Homeland Security and US Department of Justice. Pulling on data from 2012, the report finds that 0.7 percent of attacks were designed for iOS, 19 percent for the now defunct Symbian OS, 0.3 percent for Windows Phone, and 0.3 percent for BlackBerry. Android blew the rest away at 79 percent.

The US government is speaking up about malware as a way to caution its employees about the threats they might be bringing into the office. Local, state, and even federal government offices have been affected by the bring-your-own-device (BYOD) trend as well, opening them up to threats as Android has grown in popularity.

The government agencies recommended that Android users install security software, as well as regularly update the OS to take advantage of security patches. Interestingly, they also recommend installing Carrier IQ Inc. 's surveillance app. It's the same app that came under fire last year when consumers discovered it could track their location and actions on their smartphones. (See Carrier IQ: We Don't Record Keystrokes.)

Why this matters
Android's open-source software has long made it a prime target for cyber-criminals, something security firms have been warning about for years. The fact that the government is getting involved, however, suggests the problem hasn't gone away.

Often the malware is unknowingly allowed by users who click the wrong link, download a nefarious app, stick with an older version of the OS, or jailbreak their handset. The government agencies' suggestions are a baseline of what mobile users should do to protect themselves. Mobile security is also emerging as a field for wireless operators and vendors that want to better protect, and monetize, their customers.

For more

— Sarah Reedy, Senior Editor, Light Reading

(6)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Telco
50%
50%
Telco,
User Rank: Light Beer
8/27/2013 | 4:10:47 PM
Re: OS updates
Patrick, can you expand on the layers of Security that might be useful?  Network operators are now covering in the T&C of logins, a scan and upgrade.  AT&T and Comcast use Cell and Wi-Fi filtering and device upgrades in their corporate and sell to corporate campuses the same function.  In part this is using Juniper Mykonos and UTMB onb SRXs in a bundle for network BYOD and Public Guest/Vendor/Employee packages.  The network operator feature log-ins with a filter and scan - prompts for updates or to install a security client.  This is for wireless PCs, for sure, I think it covers smartphones and tablets as well.  Most of the other carriers have similar MOP but of course, the deployment of policy is spotty for some of the applications.
DanJones
50%
50%
DanJones,
User Rank: Blogger
8/27/2013 | 4:03:18 PM
Re: OS updates
There's a new one now where your smartphone can get infected with malware when you plug it into the charging ports at some US airports. Crazy!
pdonegan67
50%
50%
pdonegan67,
User Rank: Light Sabre
8/27/2013 | 2:58:22 PM
Re: OS updates
They're a lot more comprehensive, yes. Arguably the mobile industry hasn't been motivated to move to PC standards because the impact of the security attacks has been less so far and because people tend to change smartphones more frequently than PCs but I'd expect the gap to close over time.
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
8/27/2013 | 2:28:31 PM
Re: OS updates
Thanks, Patrick. I didn't realize that was how the security cycle works. I was thinking about regular OS and app updates that get pushed to the phone on a regular basis. They often include bug fixes and security patches for a particular app. When people opt not to update, they don't get those updates either. Is that not enough to combat some threats, or do the updates you're referring to go a lot further?
pdonegan67
50%
50%
pdonegan67,
User Rank: Light Sabre
8/27/2013 | 2:24:41 PM
Re: OS updates
To your point one of the issues is that smartphone security updates are only provided for 18 months or so after a new version of the OS  is published and after that there is typically no renewal. Since not every smartphone delivered into the channel is sold on the first day  some customers are buying Android devices on which security patching may only last a year. With Windows PC you get regular security patches for many years. Something the smartphone industry needs to look toward.
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
8/27/2013 | 1:09:50 PM
OS updates
The memo didn't quantify the overall threat, but it's worth noting that most Android malware is attacking older versions of the OS. Updates typically include security patches, which is why it's important to keep your phone up to date.
Featured Video
From The Founder
Light Reading founder Steve Saunders talks with VMware's Shekar Ayyar, who explains why cloud architectures are becoming more distributed, what that means for workloads, and why telcos can still be significant cloud services players.
Flash Poll
Upcoming Live Events
May 14-16, 2018, Austin Convention Center
May 14, 2018, Brazos Hall, Austin, Texas
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
Australia's Optus on Back Foot After 'Anglo Saxon' Job Ad
Ray Le Maistre, Editor-in-Chief, 4/13/2018
Is Gmail Testing Self-Destructing Messages?
Mitch Wagner, Mitch Wagner, Editor, Enterprise Cloud, Light Reading, 4/13/2018
BDAC Blowback – Ex-Chair Arrested
Mari Silbey, Senior Editor, Cable/Video, 4/17/2018
Verizon: Lack of Interoperability, Consistency Slows Automation
Carol Wilson, Editor-at-large, 4/18/2018
AT&T Exec Dishes That He's Not So Hot on Rival-Partner Comcast
Mari Silbey, Senior Editor, Cable/Video, 4/19/2018
Animals with Phones
I Heard There Was a Dresscode... Click Here
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed