Guest Opinion: Mobile Malware Must Be Stopped
The mobile phone is unrecognizable in comparison to its original brick form of the 80s.
Instead of a yuppie status symbol, now, it’s considered by many as a necessity with practically every handbag and pocket hiding these modern miracles of technology.
While battery life used to be considered the key feature, today it’s a heady mix of memory capacity, browser speeds, megapixels, touch screen quality, HD ability, playback, sleek design and available apps. Hardly anyone thinks about how secure the device is when making that all important decision between Apple, Blackberry or Android.
A worrying trend is that, increasingly, attacks are becoming more targeted and it’s the executives that are firmly in the criminals’ sights due to the valuable data they’re carrying on their phones. Using a combination of SMS and social engineering tactics, hackers can spoof the phone number of a friend or a colleague to send an SMS asking the victim to click on a suspicious link, etc., opening up the phone to attack.
To prevent malware from spreading, we’re seeing a number of approaches from some of the mobile operating systems. Apple and Blackberry have introduced security protocols, in tandem with a meticulous acceptance process for apps offered via their stores.
The picture is less secure for Android. Perhaps, because it currently has the highest market share, the mobile operating system provides attractive returns for criminals. Another theory is that due to the openness of the platform and the existence of other markets from which to download apps, it’s easier to infiltrate. Whatever the reason, the stark reality is that it attracts the most malware.
That said, as market share moves and rogue programmers perfect their code, it would be foolish to think that any particular operating system will remain infallible indefinitely.
The most successful form of attack against malware is a defensive stance and in this, everyone has a function to perform.
Step One – Are You Already Infected?
It can be difficult for the end user to know if they have any malware on their phones, but there are a few basic factors that can be indicative. Users should regularly check which apps are actually running on their phones. Anything suspicious should be deleted.
Step Two – Block Activity
To prevent premium rate number scams, it is important to check your bill regularly for anything out of the ordinary. Or, better still, contact your provider and block this type of number.
Step Three – Prevent Infection
Antivirus software for mobile phones is available to download. However, it is argued that they can be ineffective.
Settings on the phone can be changed to prevent installation of content that isn’t from trusted sources.
Just like spam mail, be careful following links sent from contacts within the address book. Check the apps permissions before they’re downloaded and ensure you restrict them from conducting any unwanted activity.
Regardless of whether the handset is corporate or personally owned, organizations should encourage their workforce to practice the security steps above.
For businesses issuing staff with phones, they should also consider installing anti-virus software as standard.
Look for, and deploy, tools that can manage mobile devices in much the same way as traditional personal computers.
Think about device encryption capabilities to avoid data leakages resulting from device loss or left, and perhaps a solution that can remotely locate and destroy AWOL devices.
Where possible, restrict and control what can and can’t be done on the phones.
If you can’t stop it, create and communicate security policies that govern what data can and can’t be accessed and stored. It is also essential that users understand why this is so important.
Unlike viral desktop programs, phones aren’t spreading infections from one to another or to other devices, so the spread of the threat is reduced. You have to either download a rogue app, or click on a bad link, to inject malware onto the phone. But that could change.
If we don’t get a grip on malware now, tomorrow we could be facing an epidemic as it’s only a matter of time before criminals create malware that can and does jump between devices.
Today, while we still have the power to stop mobile malware, let’s work harder and smarter to unmask the secret assassin.
Jaime Blasco is head of labs at AlienVault.
Contact 855-425-5567 or firstname.lastname@example.org