Mobile security

US Govt. Warns of Android Malware Threat

The Android operating system accounted for 79 percent of all mobile malware threats in 2012, compared to Apple's iOS, which is targeted less than 1 percent of the time.

These findings were released Tuesday in an internal memo obtained by Public Intelligence from the US Department of Homeland Security and US Department of Justice. Pulling on data from 2012, the report finds that 0.7 percent of attacks were designed for iOS, 19 percent for the now defunct Symbian OS, 0.3 percent for Windows Phone, and 0.3 percent for BlackBerry. Android blew the rest away at 79 percent.

The US government is speaking up about malware as a way to caution its employees about the threats they might be bringing into the office. Local, state, and even federal government offices have been affected by the bring-your-own-device (BYOD) trend as well, opening them up to threats as Android has grown in popularity.

The government agencies recommended that Android users install security software, as well as regularly update the OS to take advantage of security patches. Interestingly, they also recommend installing Carrier IQ Inc. 's surveillance app. It's the same app that came under fire last year when consumers discovered it could track their location and actions on their smartphones. (See Carrier IQ: We Don't Record Keystrokes.)

Why this matters
Android's open-source software has long made it a prime target for cyber-criminals, something security firms have been warning about for years. The fact that the government is getting involved, however, suggests the problem hasn't gone away.

Often the malware is unknowingly allowed by users who click the wrong link, download a nefarious app, stick with an older version of the OS, or jailbreak their handset. The government agencies' suggestions are a baseline of what mobile users should do to protect themselves. Mobile security is also emerging as a field for wireless operators and vendors that want to better protect, and monetize, their customers.

For more

— Sarah Reedy, Senior Editor, Light Reading

Telco 8/27/2013 | 4:10:47 PM
Re: OS updates Patrick, can you expand on the layers of Security that might be useful?  Network operators are now covering in the T&C of logins, a scan and upgrade.  AT&T and Comcast use Cell and Wi-Fi filtering and device upgrades in their corporate and sell to corporate campuses the same function.  In part this is using Juniper Mykonos and UTMB onb SRXs in a bundle for network BYOD and Public Guest/Vendor/Employee packages.  The network operator feature log-ins with a filter and scan - prompts for updates or to install a security client.  This is for wireless PCs, for sure, I think it covers smartphones and tablets as well.  Most of the other carriers have similar MOP but of course, the deployment of policy is spotty for some of the applications.
DanJones 8/27/2013 | 4:03:18 PM
Re: OS updates There's a new one now where your smartphone can get infected with malware when you plug it into the charging ports at some US airports. Crazy!
pdonegan67 8/27/2013 | 2:58:22 PM
Re: OS updates They're a lot more comprehensive, yes. Arguably the mobile industry hasn't been motivated to move to PC standards because the impact of the security attacks has been less so far and because people tend to change smartphones more frequently than PCs but I'd expect the gap to close over time.
Sarah Thomas 8/27/2013 | 2:28:31 PM
Re: OS updates Thanks, Patrick. I didn't realize that was how the security cycle works. I was thinking about regular OS and app updates that get pushed to the phone on a regular basis. They often include bug fixes and security patches for a particular app. When people opt not to update, they don't get those updates either. Is that not enough to combat some threats, or do the updates you're referring to go a lot further?
pdonegan67 8/27/2013 | 2:24:41 PM
Re: OS updates To your point one of the issues is that smartphone security updates are only provided for 18 months or so after a new version of the OS  is published and after that there is typically no renewal. Since not every smartphone delivered into the channel is sold on the first day  some customers are buying Android devices on which security patching may only last a year. With Windows PC you get regular security patches for many years. Something the smartphone industry needs to look toward.
Sarah Thomas 8/27/2013 | 1:09:50 PM
OS updates The memo didn't quantify the overall threat, but it's worth noting that most Android malware is attacking older versions of the OS. Updates typically include security patches, which is why it's important to keep your phone up to date.
Sign In