Is your fancy new smartphone behaving strangely? Don’t just shrug it off. Security experts warn that as phones become more like computers, they’re becoming a target for the writers of malicious software. And some of that malware can be particularly nasty.
No mobile phone operating system is safe from malware, but some are more prone to attack, say experts.
For now, Google’s smartphone operating system, Android, appears near the top of the list when it comes to the growing number of virus threats. Jayson O’Reilly, senior security product manager for Africa and SA at Symantec, says in the past two weeks the company has identified at least seven new types of malware on Android.
He says because Android has become one of the most popular platforms it has become a popular platform for attack. “The number of viruses we have seen on the platform over the last three months has been astronomical.”
The most recent attack the company is aware of was discovered on Wednesday afternoon. The virus has been dubbed “root cager” and is malicious code embedded in popular applications available for download for Android devices.
O’Reilly says that between 50 000 and 200 000 free Android applications downloaded were infected with root cager over four days it went undetected.
Like most smartphones, Android users are given access to a plethora of online applications they can download and install on their phones. However, O’Reilly says it is precisely the access to free applications that has made the increase of malware infections so prevalent on Android.
“The fact that Android is based on open-source systems makes it an easier target for attack,” he says.
Denis Maslennikov, senior malware analyst at Kaspersky Lab says for the most part malicious code in apps is written for criminals seeking monetary gain.
“Cyber criminals create Trojans that send expensive premium-rated SMS messages or call international premium-rated numbers,” he says. The criminals set up these numbers themselves.
“We’ve also seen a number of Trojans that steal personal information such as handset equipment numbers, subscriber’s identity, call logs, contact lists and SMS messages,” says Maslennikov.
“It is important to note that malware becomes more and more complicated.”
Android isn’t the only platform that’s been attacked. Symbian-based devices were the first phones to be attacked by cyber criminals and continue to be a popular target.
Closed systems used by Apple’s iPhone and Research In Motion’s BlackBerry appear to have the best track record so far. Most of the apps installed on these devices need to be vetted first by the companies.
Toby Kurien, an SA Android developer, says a particularly “frightening” attack involves an application that surreptitiously “jail breaks” the iPhone, allowing criminals access to users’ information. Jail breaking removes the security controls built into the device, allowing applications access to almost any aspect of the phone.
“This is the first mobile virus I have seen that can actually do damage to your phone,” says Kurien.
However, he says smartphone users can protect themselves. When downloading applications, specifically on Android, users must check the permissions the application wants.
“When you install an application it will ask you for access to the Internet, or contacts, or something similar. In some cases applications need access to those things … but users must exercise their discretion.”
Kurien says users should also only download apps that have already been tried and tested by other users. “If there is a problem with the application, other users will have picked it up and commented on it,” he says.
Security companies such as Symantec and Kaspersky have mobile security applications that they say can be used to prevent attacks on smartphones. — Candice Jones, TechCentral