Keeping with the Times
A perspective by Trend Micro, a global leader in consumer digital information security
Kuala Lumpur, 11 October 2013 – More than 1 billion Android devices have been activated throughout the world1. The Android platform has overtaken the iOS mobile market in many countries including Malaysia, based on a recent survey conducted by Trend Micro Malaysia. It is of no surprise as the open eco system is what smartphone manufacturers, app developers and consumers love but this comes with a price. The open platform exposes users to become easier target for cybercriminals. 63% of the respondents who took part in the recent survey are Android users but only 19% installed additional mobile security2.
Both the iOS and the Android platforms have in-built capabilities to resist web-based attacks like having traditional access controls, permission-based access control and limiting hardware access, however both platforms also have security weaknesses3. In Trend Micro’s 2Q Security Roundup for the year, more than 700 thousand malicious and risky apps were already found in the wild.
“Our Mobile App Reputation data indicates that there are now 1 million mobile malwares (such as premium service abusers) and high-risk apps (apps that aggressively serve ads that lead to dubious sites). Among the 1 million questionable apps we found, 75% perform outright malicious routines, while 25% exhibits dubious routines, which include adware.4 It is even more pressing today to ensure that you have an additional level of protection in your devices to avoid becoming a victim of such threats,” continued Goh.
Top 3 Mobile Threats5
Although Google is taking steps to keep the Android system secure using known features like the Bouncer service or automated scanning, sandboxing, permissions system, and remote malware removal, Android malwares continue to rise alongside the growing market for Android devices. Here are the top three threats that Android users may face:
• Premium Service Abusers
Cybercriminals are using all kinds of tricks to get users to download malicious apps including creating fake versions of Skype, Instagram, Angry Birds Space and other legitimate apps which will then send unauthorized text messages to certain numbers and register users to costly services6. Trojans are deployed to hijack a handset enrolled in premium service contracts, allowing the dispatcher to remotely access the same services that are paid for by the owner of the infected device.
• Rootkits or data mining
The master key Android vulnerability allows cybercriminals to replace legitimate apps with malicious copies that release rootkits deep inside a phone's system with one programmed task - to record sensitive data such as key strokes, passwords and locations. Mobile phishing sites are another method of tricking users into divulging personal information.
• Fake URLs6
With the prevalence of shortened URLs shared via the various social networks, users are tricked into visiting sites that are compromised, allowing for a virus to be planted on their devices that will steal information and breach user privacy.
Keeping with the Times
With the rising popularity of smart devices, the security of these devices is a growing concern as the threats for mobile devices are catching up with its PC counterparts in terms of severity. With high-profile incidents like the mobile phishing pages with fake WhatsApp notification serving a multiplatform threat, the master key vulnerability, and not to mention the growing number of online banking transactions via mobile devices, here are a few additional security steps that users can take.
Protect your devices by 7:
• Using your smartphone’s built-in security features. Keep your smartphone safe from abuse and/or misuse by properly configuring your location and security settings.
• Avoiding free but unsecured Wi-Fi access. Accessing the web via an open network may be convenient and free but it also allows anyone to access your phone.
• Scrutinizing every app you download regardless of source. Trojanized apps also find their way to official app stores so users would still be encouraged to scrutinize closely the apps you download.
• Understanding the permissions you are allowing before accepting them. Be careful about granting access to personal and/or device information or letting apps do other unnecessary actions in order to work.
• Investing in an effective mobile security app. Being wary when downloading and installing apps isn’t enough, to stay protected anywhere and anytime, users should consider investing in a mobile security app to effectively defend your device against the latest mobile threats.
Trend Micro Mobile Security Personal Edition This antivirus protects your privacy, finds your phone or tablet if you lose it, backs up your photos and videos, improves your Facebook privacy and even identifies malicious apps that steal your information. Our Mobile Threat Hub also provides helpful information about mobile threats and security tips for your smartphones, tablets and other gadgets. Trend Micro Mobile Security provides 99.9% detection according to Av-test.org and is also certified by PCSL and AV-Comparatives.
Trend Micro Titanium 2013 Maximum Security provides industry-leading, anti-virus and web-threat protection that identifies and blocks dangerous links in websites, social networks, emails and instant messaging. This latest solution features Trend Micro’s unique social network privacy technology, which identifies privacy settings that may leave personal or inappropriate information publicly available or vulnerable to identity theft.