As we near the end of 2011, The Insider should be thinking positively about the coming year, but he’s not. He appears to have spent an inordinate amount of time in 2011 investigating and reporting negative aspects of the telecommunications business that could have repercussions on future earnings and customer perception.
Issues have revolved around invasion of privacy, bill shock, breaches of security, network malfunctions, technology shortcomings, management blunders and data integrity (or lack of it). Now, it seems, 2012 will be the year of phone malware, and guess who will get the blame if it spreads to a customer handset near you?
It’s not only Google that thinks “the future lies in mobile.” According to a blog by Lookout Mobile Security, “bad guys will always follow the money, and with the meteoric growth of mobile devices there is more money to be made in mobile fraud than ever before.” It seems that the ‘bad guys’ are bored with PCs and are now taking aim at mobile devices. Lookout’s CTO, Kevin Mahaffey, reckons it has taken mobile malware writers two years to accomplish what took many over 15 years to achieve on the PC, although ‘achieve’ may not be the right word in this case.
It may also be in Lookout’s best interests to raise these concerns, as its main business is providing ‘all-in-one protection for iOS and Android devices,’ but increasing reports of mobile malware are making headlines elsewhere as well. IT consulting company Kroll released a list of what it believes are the 10 most significant cyber-security issues for businesses in 2012 and number one on that list was mobile threats, not just from the possibility of stolen or misplaced devices, but from a new breed of malware optimized to attack tablets and smartphones.
In view of the fact that Android devices in particular are being targeted, Microsoft went as far as kicking off a social media marketing campaign - tell them your Android malware horror stories in exchange for a chance to win a free Windows Phone handset! The problem, however, is much more serious than that and may end up biting them as malware maker view it as challenge to take on Windows Phones as well!
The Lookout report is very well researched and makes the point that as mobile devices grow in popularity, so do the incentives for attackers. Mobile malware, for example, is clearly on the rise, as attackers experiment with new business models by targeting mobile phones. Recently over 250,000 Android users were compromised in an unprecedented mobile attack when they downloaded malicious software disguised as legitimate applications from the Android Market.
Another area of concern for CSPs keen to enter the mobile payments market is that it is another key driver of mobile threats. Mobile payments create an attractive target for attackers, as they allow direct monetization of attacks. In addition to financial information, mobile devices store tremendous amounts of personal and commercial data that may attract both targeted and mass-scale attacks.
People, obviously, do not purposefully download malware or spyware to their devices, so attackers must use techniques to mislead users into downloading it unknowingly. Once an attacker convinces someone to download a malicious app, then the technical hacking can begin.
Lookout split mobile threats into several categories: application-based threats, web-based threats, network-based threats and physical threats. CSPs that are establishing application platforms or stores, may inadvertently be the providers of malware unless they can implement measures to protect their customers from concealed in-app malware, as well as those threats over the very network services they provide.
Of course, CSPs cannot be the only policemen in the fight against this growing malware scourge and many may not want the added responsibility, but customers will likely blame them as the most visible, or only visible, element in a perceived malware delivery chain.
What progressive CSPs may want to do is offer cyber-security protection services to their customers, either as a chargeable service or a Freemium-type health check. After all, the effects of malware, may affect network performance as well.
Posted
12-19-2011 6:10 AM
by
The Insider