Mobile devices are integrated into the daily lives of most people and they tend to hold an alarming amount of data about their owners, making them vulnerable targets for malware attacks. The data typically includes details on online and physical activities and behaviour, as well as family members and friends, and passwords together with other personal credentials.
In modern society the current technological era has enabled mobile devices to become increasingly smarter in order to help alleviate the complexities of modern living. They are also often integrated into people’s homes, vehicles, offices and social structures, especially with the continued growth of social media communications to the point that it’s very unusual to find individuals without such a device.
Computers, for example, do not have built-in billing systems whereas mobile phones do abs as a result the first examples of money-making malware that infects various types of smartphones has appeared. Back in 2010, mobile devices were much more simplified, less integrated into our daily lives, and held less personalised data which is why there was very little mobile malware back then. In contrast, the current motives and techniques used for mobile devices malware is many times more advanced, especially considering the strides made in terms of the hardware technologies, operating systems and security mechanisms integrated into mobile devices currently in circulation.
The change in market share of mobile devices compared to desktop computers and tablets I the last 12 years is shown in the graph below. Mobile devices overtook desktops/laptop devices usage in mid-2016 and currently owns over 55% of the market share with desktops now currently only having 42% of market share.
Breaking this down even further, the Android OS now has over 41% of the global OS market share, in comparison to its closest competitor, Microsoft Windows, which owns 31%, as shown in the graph below. iOS (Apple), on the other hand, has only 16% of market share, even though it has been increasing gradually over the last 10 years. What we see in these two graphs is how mobile devices make up more than 57% of the devices currently in use and on the internet.
Mobile Device Threats
Mobile devices are in fact technically more secure than traditional computers though. Being mobile, they constantly connect to different networks and ISP infrastructures (cell towers) making it that much harder to track their IP and location. The also use more modern technology, namely authenticated and signed apps via the respective app stores that are much more restrictive, allowing users full control over app access via privacy and permissions settings as well as limiting access to the root and system files.
The mobile app developers build their apps on the Ad Kits or SDKs (software development kits) that are available for the mobile platform. These kits, especially in the case of free apps, gather certain information from their users. Unfortunately, there is ‘no free lunch’ in the tech world and the developers need to fund their projects in some way or another, usually with a range of ads displayed often on the apps and often tracking personal information in order to motivate specific ads.
Hackers who find zero-day vulnerabilities typically opt to sell the details to bug bounty programs, like ZERODIUM, for example, that are in the dark web market space, or to information brokers. ZERIODIUM offers exceptionally attractive pay-outs on condition that an exploit can be confirmed and is a legitimate zero-day vulnerability. Platforms like this offer low risk, high reward returns to hackers (or dodgy researchers) who intend to gain optimum profits from the work that they do and it incentivises highly skilled individuals in this industry.
What Mobile Malware does
Mobile Malware typically conducts the following exercises on mobile devices:
- Stealing information and tracking activities (e.g. passwords and credentials, locations, contacts, app activities, visited websites, read messages, etc.).
- Pushing Scareware (e.g. displaying ‘your device is infected’ popup messages).
- Deploying Ransomware on the devices.
- Distributing Spam (e.g. sharing spam messages to all contacts on the mobile device)
What is the closest relationship that you may have today aside from your partner, children or parents?, asked Christine Bejerasco – the Chief Technology Officer at F-Secure. “For some of us it’s our mobile phone. It’s a very intimate relationship. Some go to bed beside it, it’s the first thing in our hand when we wake, and perhaps even the last thing we look at before going to sleep at night… “, commented Christine.
For a platform that’s always connected, always on and almost always within inches of our physical bodies, we need to be thinking about how to keep ourselves safe when we are with this platform. To find out more about Mobile Malware, watch the recent F-Secure Webinar with three eminent security experts discussing the evolution of mobile malware and the direction it is heading next. Android users will learn from a white hat hacker about what they need to be vigilant about and learn about the latest mobile threat trends that are unpacked.
Mobile Malware: How The Threat Evolved And What Mobile Device Users Need To Watch Out For Next