Slashdot Mirror
Will 2011 Be the Year of Mobile Malware?
alphadogg writes "Perhaps one of the most common predictions of the last six years has been that mobile malicious software will suddenly proliferate, driven by widespread adoption of smartphones with advanced OSes. None of those prognostications has really come to fruition, but it's likely that the coming year will bring a host of new malicious applications. Users — while generally aware of threats aimed at their desktop computers and laptops — have a good chance of being caught flat-footed with their mobile phones. In the third quarter of this year, up to 80 million smartphones were sold around the world, which accounted for about 20 percent of the total number of mobile phones sold, according to statistics published last month by analyst firm Gartner. Experts say the threats against those devices are going to come in several categories, including rogue applications. In September, researchers from security vendor Fortinet discovered a mobile component for Zeus, a notorious piece of banking malware that steals account credentials. The mobile component, which targeted Symbian Series 60 devices or BlackBerrys, intercepted one-time passcodes used to verify transactions."
No, it won't.
Unless the smart phones somehow damage the network to the extent that my dumb-phone can't make calls. A phone crashing is not like a computer crashing- you're not going to lose any actual work, like a half-finished novel, just pictures and contacts and maybe angry-birds high scores.
Oh I can think of a couple
Albeit, Jailbroken iPhones are less Secure than... umm... whats the term for that? Non-jailbroken? Jailfixed? StillJailed? Anyways.
Point is that some people have started writing malicious software for phones, its becoming glaringly obvious.
What we don't have is people focused on finding, removing, and spouting a product yet like Norton/McAffee/AVG/whatever.
Who is to say a lot of phones are infected but no one yet knows. I bet most users, if their email was compromised, would assume they were hacked via a computer, not tracked via their phone, which could easily be the case.
I just installed Hero of Sparta, non-market place game for free. I swear, that's the last non-market place app I'll install on my phone. For those that are interested, url = http://www.gameloft.com/android-hd-games/?adid=147865
It is possible that 2011 might be a year in which there could be some unspecified increase in what could loosely be termed malware that might be targeted in whole or in part to infect certain devices that might be considered mobile devices under certain definitions of mobile or device.
If you feel you have to lead off with a statement that your prediction is essentially the same one you've been making for the past six years and it has yet come true, maybe you should leave off setting a deadline for the thing.
"Sacrifice for the good of The State" - The State
I doubt this is going to be a repeat of Windows, where a combination of massive marketshare and blatant negligence on the part of Microsoft led to an epidemic of worms.
But, there's also a very real threat, even on systems like iOS where users and even Apple assume that they have control of the platform, hackers prove them wrong constantly.
For instance a month or 2 back, jailbreakers were able to just visit a website through mobile safari and execute one exploit after another to compromise the entire system and install unapproved software like Cydia. That's a rare alignment of exploits, but who can really say it won't happen again via a malicious attacker?
I seem to recall a similar prognoses at the end of last year. Seems not to have happened. I suspect the trend will continue.
To much money on phone bills. .
5 minutes for it to start.
Random crashes for no reason (particularly media player).
The actual telephone part of it had so many quirks it was only semi usable as a phone.
Internet was dodgy at best and I live next (2 miles) to a new tower
I got a new phone like my old one from 4-5 years ago couldn't be happier but now I have a BB Storm that's basically an mp3 player and did I mention media player crashes a lot requiring a 5 min reboot
Comment removed based on user account deletion
the Windows Mobile aka WinPhone will really take off in 2011
I went to battle M.C. Escher, but drew a blank.
Nokia 2115i. It makes calls and sends texts. That's it. Not even internet access or a camera. (Though it does have a flashlight.) No need to fear viruses or spyware.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
... rampant blogosphere speculation about everything. Just like the year before it.
year of...
Year Of...
YEAR OF!!!!
Holy crap, get over it! Stuff will happen next year. Some of that stuff will be expected. Of that expected stuff, some will live live up to expectations while the other will not. And there will be surprises!
"The mobile component, which targeted Symbian Series 60 devices or BlackBerrys, intercepted one-time passcodes used to verify transactions."
So that thing can be used for banking too? Huh, I'll tell my wife....
"All great things are simple & expressed in a single word: freedom, justice, honor, duty, mercy, hope." --Churchill
It's been on MY desktop since 199x!
do you know how hard I worked on my Angry Birds scores?
It doesn't really matter since passwords are already the weakest link in online security.
2011 is the year of Linux on netbooks. Or was that desktops. Anyway, I'm sure its a year of something linux related...
tylenol's new pill for textually transmitted diseases.
Our apps are already watching us beyond what we've authorized. How is that not malware?
Stop the brainwash
How can I install a firewall and AV software on my iPhone 3gs ?
I've unlocked and jailbroken it so I can customize it MY way and use it on the carrier of MY choice but I really want more than just a wink and a promise from Apple that I'm safe.
2011 will be the year of viruses on linux!
http://blogs.mcafee.com/mcafee-labs/windows-mobile-trojan-sends-unauthorized-information-and-leaves-device-vulnerable
it is possible but it is not like the market of Windows PCs has shrunken significantly so there's plenty to continue feeding on there as opposed to trying to attack low resource embedded devices like phones.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
Malware is profitable when it can infect a huge number of systems. Without a monoculture of mobile operating systems malware isn't profitable enough to develop.
didn't they ask us this last year? This question feels awfully familiar...
It doesn't really matter since passwords are already the weakest link in online security.
It's not that type of password. You are already logged in to your banking site using username and password. Then you decide to send money to someone, and one of the ways of doing 2-factor authentication available to you is to have the bank send you a 1-time password by SMS, which you then type into the computer. The one-time password is bound to the specific transaction you were requesting, and the sms contains some information about the transaction (like the destination account number and amount), so if the account number or amount is not what you wanted you know something is wrong.
So unless the bad guys have malware on your phone AND on your pc, they can't steal your money.
Of course, this is in europe. In the US two-factor authentication means password+"what is your mother's maiden name". And no, this is not a random anti-american rant. Most US banks still do not have 2-factor authentication, while all that I know of in europe do, in some form or another. Also, a security guy from a US bank I spoke to at a conference told me they don't do two factor authentication because users don't want to remember more passwords (thus proving he does not understand what is 2-factor authentication). Also, he said that when you want to do something "suspicious" like sending money to a new destination, they start to ask you security questions (like "what is your mother's maiden name").
Comment removed based on user account deletion
But not for the reasons given. If you go to light in a box and browse all the android 2.1 pads for sale, all of them warn you not to attempt to re-install or change the OS. this warning is not given for some propriatary reason but simply because there is no assure path to a perfectly safe re-install of the android software and drivers.
Thus there are going to ba a gazillion android pads walking around that cannot be patched. It's a safe bet there are security holes to be discovered in this. Once that happens it's going to be like windows has been with the sea of mobile zombies.
The iphones are different. You are constantly offered updates. (which brings up the problem with jailbreaking-- you can't update easily for fear of busting the jailbreak.)
Now phones may be a different matter. If the phone companies are able to push updates it may be a lot safer.
Some drink at the fountain of knowledge. Others just gargle.
I thought 2011 was going to be the year of the Linux Desktop
I feel confused. Hey, if you're at it make it the year of reading too.
Users — while generally aware of threats aimed at their desktop computers and laptops — have a good chance of being caught flat-footed with their mobile phones
BWAHAHAHAHAHAHAHA! I stopped reading after this sentance.
Advanced operating systems are maintained in such a way that they don't run malware, for example, they are updated automatically so regularly that there is a disincentive to create malware, same as you get rid of graffiti with a regimen of immediately painting it over. Mac OS and iOS, for example. It's the not-advanced operating systems which are easy targets, graffiti magnets.
"iPhoneOS/Android/RIM/W7 so malware writers can hardly target all platforms at once" - by Artem Tashkinov (764309) on Wednesday December 22, @10:45AM (#34641654)
As long as the phones in question run a BSD based IP stack, then, , they already have a defense built in. That defense is a HOSTS file (all the user has to do is fill it with data for blocking out known bad sites/servers/hosts-domain names etc.).
HOSTS work on the "blacklist" principal here: You block out the bad sites, you can't enter them. You can't enter them, you cannot be infected/infested - simple.
Not only that, but you can block out adbanners that eat up bandwidth (and have been known to infect you more than a few times over the years now).
You can also speed up access to your fav. sites using HOSTS also, hosts work on the "whitelist" principle here
(In doing the latter, you also avoid DNS request tracking logs too (in avoiding using DNS altogether for those said favs of yours), you also avoid downed/crashed DNS servers & you still reach your fav. sites, PLUS you additionally/lastly avoid DNS redirected/poisoned (or otherwise hijacked) DNS servers also).
APK
P.S.=> I've already done this on an ANDROID phone, it works excellently for better online SPEED, SECURITY, & even a "touch of added extra 'anonymity'" too (via the ADB (android debugging bridge) & it's PUSH/PULL commands (after mounting the system mountpoint with READ + WRITE priveleges), loading a 24.5mb size HOSTS file, & seeing it work well for the purposes I noted above) & pre-built HOSTS files are out there, & they're regularly updated, such as this one -> http://www.mvps.org/winhelp2002/hosts.htm ... apk
I've used Nokias exclusively for the last 6 years. S60 2nd edition allowed you to install any apps from anywhere, and there were quite a few trojans and other apps written for it, around 2004-05. .SIS file) and then install it.
S60 3rd edition made it harder to do so by requiring all apps to be signed by Symbian, and earlier they only gave out certificates to companies rather than individuals. Nevertheless, there were (are) ways to self sign an install package (a
Even then - the phone warns you that the application is not signed, so there's no way anything can silently install itself without user intervention.
The second most common vector for exploits is the browser. No matter what short sighted US tech blogs may say - Symbian is the world's most widely used OS, with over 2 billion devices sold to date. How come we haven't yet seen a browser based exploit for the internal Webkit browser?
A google search for 'Symbian 3rd edition malware' shows up hardly one or two examples - and reading the descriptions, they rely on social engineering to fool the user into getting installed.
The same rules apply as on desktop OSes - namely not to open/install unknown applications etc. What would be worrisome would be a browser exploit, where just visiting a link can compromise your phone, or some sort of silently installed malware. The former has yet to be proved and the latter can only happen through (all too common) user stupidity, so this leads me to conclude that Symbian at least is safe for the present.
Also bear in mind that Nokia pushes out firmware updates much more regularly than other phone manufacturers; even upto 2 years after launch (the 5800 Xpressmusic is a case in point), so you can expect security fixes, if found, to be available faster. Sucks to be in the US with a carrier subsidized handset though.
"..One hosts to look them up, one DNS to find them, and in the darkness BIND them."
With PC sales on decline they are looking for new markets. They crying wolf for several years already. That kind of FUD provoked Nokia to introduce digital signing for Symbian OS apps, which effectively killed developers community. That caused Symbian OS becoming increasingly irrelevant and eventually caused its death(or at least zombification). Which in turn destabilized Nokia position and could be cause of the death of Nokia itself.
according to statistics published last month by analyst firm Gartner
That line right there shows this is total bullshit paid for by someone trying to sell AV for phones. Anytime I read a line like above with the word "Gartner" in it I don't believe a word of it.
...had malware years ago, but they introduced measures to stamp them out. This was the move from Symbian 7 to Symbian 8. IINM, this was the reason for the introduction of capabilities.
Max.