& cplSiteName &

US Govt. Warns of Android Malware Threat

Sarah Thomas
8/27/2013
50%
50%

The Android operating system accounted for 79 percent of all mobile malware threats in 2012, compared to Apple's iOS, which is targeted less than 1 percent of the time.

These findings were released Tuesday in an internal memo obtained by Public Intelligence from the US Department of Homeland Security and US Department of Justice. Pulling on data from 2012, the report finds that 0.7 percent of attacks were designed for iOS, 19 percent for the now defunct Symbian OS, 0.3 percent for Windows Phone, and 0.3 percent for BlackBerry. Android blew the rest away at 79 percent.

The US government is speaking up about malware as a way to caution its employees about the threats they might be bringing into the office. Local, state, and even federal government offices have been affected by the bring-your-own-device (BYOD) trend as well, opening them up to threats as Android has grown in popularity.

The government agencies recommended that Android users install security software, as well as regularly update the OS to take advantage of security patches. Interestingly, they also recommend installing Carrier IQ Inc. 's surveillance app. It's the same app that came under fire last year when consumers discovered it could track their location and actions on their smartphones. (See Carrier IQ: We Don't Record Keystrokes.)

Why this matters
Android's open-source software has long made it a prime target for cyber-criminals, something security firms have been warning about for years. The fact that the government is getting involved, however, suggests the problem hasn't gone away.

Often the malware is unknowingly allowed by users who click the wrong link, download a nefarious app, stick with an older version of the OS, or jailbreak their handset. The government agencies' suggestions are a baseline of what mobile users should do to protect themselves. Mobile security is also emerging as a field for wireless operators and vendors that want to better protect, and monetize, their customers.

For more

— Sarah Reedy, Senior Editor, Light Reading

(6)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Telco
50%
50%
Telco,
User Rank: Light Beer
8/27/2013 | 4:10:47 PM
Re: OS updates
Patrick, can you expand on the layers of Security that might be useful?  Network operators are now covering in the T&C of logins, a scan and upgrade.  AT&T and Comcast use Cell and Wi-Fi filtering and device upgrades in their corporate and sell to corporate campuses the same function.  In part this is using Juniper Mykonos and UTMB onb SRXs in a bundle for network BYOD and Public Guest/Vendor/Employee packages.  The network operator feature log-ins with a filter and scan - prompts for updates or to install a security client.  This is for wireless PCs, for sure, I think it covers smartphones and tablets as well.  Most of the other carriers have similar MOP but of course, the deployment of policy is spotty for some of the applications.
DanJones
50%
50%
DanJones,
User Rank: Blogger
8/27/2013 | 4:03:18 PM
Re: OS updates
There's a new one now where your smartphone can get infected with malware when you plug it into the charging ports at some US airports. Crazy!
pdonegan67
50%
50%
pdonegan67,
User Rank: Light Sabre
8/27/2013 | 2:58:22 PM
Re: OS updates
They're a lot more comprehensive, yes. Arguably the mobile industry hasn't been motivated to move to PC standards because the impact of the security attacks has been less so far and because people tend to change smartphones more frequently than PCs but I'd expect the gap to close over time.
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
8/27/2013 | 2:28:31 PM
Re: OS updates
Thanks, Patrick. I didn't realize that was how the security cycle works. I was thinking about regular OS and app updates that get pushed to the phone on a regular basis. They often include bug fixes and security patches for a particular app. When people opt not to update, they don't get those updates either. Is that not enough to combat some threats, or do the updates you're referring to go a lot further?
pdonegan67
50%
50%
pdonegan67,
User Rank: Light Sabre
8/27/2013 | 2:24:41 PM
Re: OS updates
To your point one of the issues is that smartphone security updates are only provided for 18 months or so after a new version of the OS  is published and after that there is typically no renewal. Since not every smartphone delivered into the channel is sold on the first day  some customers are buying Android devices on which security patching may only last a year. With Windows PC you get regular security patches for many years. Something the smartphone industry needs to look toward.
Sarah Thomas
50%
50%
Sarah Thomas,
User Rank: Blogger
8/27/2013 | 1:09:50 PM
OS updates
The memo didn't quantify the overall threat, but it's worth noting that most Android malware is attacking older versions of the OS. Updates typically include security patches, which is why it's important to keep your phone up to date.
Featured Video
From The Founder
Light Reading founder Steve Saunders grills Cisco's Roland Acra on how he's bringing automation to life inside the data center.
Flash Poll
Upcoming Live Events
February 26-28, 2018, Santa Clara Convention Center, CA
March 20-22, 2018, Denver Marriott Tech Center
April 4, 2018, The Westin Dallas Downtown, Dallas
May 14-17, 2018, Austin Convention Center
All Upcoming Live Events
Infographics
SmartNICs aren't just about achieving scale. They also have a major impact in reducing CAPEX and OPEX requirements.
Hot Topics
Project AirGig Goes Down to Georgia
Dan Jones, Mobile Editor, 12/13/2017
Here's Pai in Your Eye
Alan Breznick, Cable/Video Practice Leader, Light Reading, 12/11/2017
Verizon's New Fios TV Is No More
Mari Silbey, Senior Editor, Cable/Video, 12/12/2017
Ericsson & Samsung to Supply Verizon With Fixed 5G Gear
Dan Jones, Mobile Editor, 12/11/2017
Juniper Turns Contrail Into a Platform for Multicloud
Craig Matsumoto, Editor-in-Chief, Light Reading, 12/12/2017
Animals with Phones
Don't Fall Asleep on the Job! Click Here
Live Digital Audio

Understanding the full experience of women in technology requires starting at the collegiate level (or sooner) and studying the technologies women are involved with, company cultures they're part of and personal experiences of individuals.

During this WiC radio show, we will talk with Nicole Engelbert, the director of Research & Analysis for Ovum Technology and a 23-year telecom industry veteran, about her experiences and perspectives on women in tech. Engelbert covers infrastructure, applications and industries for Ovum, but she is also involved in the research firm's higher education team and has helped colleges and universities globally leverage technology as a strategy for improving recruitment, retention and graduation performance.

She will share her unique insight into the collegiate level, where women pursuing engineering and STEM-related degrees is dwindling. Engelbert will also reveal new, original Ovum research on the topics of artificial intelligence, the Internet of Things, security and augmented reality, as well as discuss what each of those technologies might mean for women in our field. As always, we'll also leave plenty of time to answer all your questions live on the air and chat board.

Like Us on Facebook
Twitter Feed