Slashdot Mirror

← Back to Stories (view on slashdot.org)

Will 2011 Be the Year of Mobile Malware?

Posted by CmdrTaco on from the predictions-makes-me-yawn dept.

alphadogg writes "Perhaps one of the most common predictions of the last six years has been that mobile malicious software will suddenly proliferate, driven by widespread adoption of smartphones with advanced OSes. None of those prognostications has really come to fruition, but it's likely that the coming year will bring a host of new malicious applications. Users — while generally aware of threats aimed at their desktop computers and laptops — have a good chance of being caught flat-footed with their mobile phones. In the third quarter of this year, up to 80 million smartphones were sold around the world, which accounted for about 20 percent of the total number of mobile phones sold, according to statistics published last month by analyst firm Gartner. Experts say the threats against those devices are going to come in several categories, including rogue applications. In September, researchers from security vendor Fortinet discovered a mobile component for Zeus, a notorious piece of banking malware that steals account credentials. The mobile component, which targeted Symbian Series 60 devices or BlackBerrys, intercepted one-time passcodes used to verify transactions."

9 of 111 comments (clear)

  1. Maybe it might could by Hijacked+Public · · Score: 3, Insightful

    It is possible that 2011 might be a year in which there could be some unspecified increase in what could loosely be termed malware that might be targeted in whole or in part to infect certain devices that might be considered mobile devices under certain definitions of mobile or device.

    If you feel you have to lead off with a statement that your prediction is essentially the same one you've been making for the past six years and it has yet come true, maybe you should leave off setting a deadline for the thing.

    --
    "Sacrifice for the good of The State" - The State
  2. Not really by Artem+S.+Tashkinov · · Score: 3, Insightful
    I haven't read the article but the summary seems to be somewhat exaggerated:
    • Mobile phones (OS) don't have any form of autorun
    • You cannot run .exe/.cmd/.com/.lnk attachment from e-mail
    • A lot of users still ... don't ever install a single extra app, and use their smartphone only as a contact list manager, calender and alarm clock
    • Unless Apple/Google becomes careless it's hard to believe that malware authors can (frequently) penetrate their app stores
    • There is still some variety: iPhoneOS/Android/RIM/W7 so malware writers can hardly target all platforms at once - so outbreaks are hardly possible
    1. Re:Not really by Abcd1234 · · Score: 4, Interesting

      Mobile phones (OS) don't have any form of autorun

      So?

      You cannot run .exe/.cmd/.com/.lnk attachment from e-mail

      Correct. On the iPhone, you just had to visit a *website*, ffs.

      Seriously, this statement is beyond short-sighted. It's one zero-day vulnerability from being completely false.

      A lot of users still ... don't ever install a single extra app

      Again, who cares? All you need is a hole in one of the stock apps, and voila, users are hosed. Moreover, given how slow mobile phone operators are in updating the OSes on their network (the Android situation being the most obvious), a vulnerability like that could be a) near universal, and b) very slow to close.

      Unless Apple/Google becomes careless it's hard to believe that malware authors can (frequently) penetrate their app stores

      See above. This point is, well, pointless.

      There is still some variety: iPhoneOS/Android/RIM/W7 so malware writers can hardly target all platforms at once - so outbreaks are hardly possible

      Please... you need only target one of those platforms to hit millions and millions of people. That's by far lucrative enough to make it worthwhile.

      Frankly, I think the only reason you haven't seen this yet is because most malware is directed at turning a machine into a zombie, something for which a mobile device isn't that useful. But the minute someone can, for example, break an iOS device or Android device and start snarfing passwords, it'll become a far more interesting target.

  3. Are you suggesting that... by Fibe-Piper · · Score: 3, Funny

    the Windows Mobile aka WinPhone will really take off in 2011

    --
    I went to battle M.C. Escher, but drew a blank.
  4. Re:None have come to fruition? by jeffmeden · · Score: 5, Informative

    What we don't have is people focused on finding, removing, and spouting a product yet like Norton/McAffee/AVG/whatever.

    Oh we don't, do we?

  5. DIE by mark72005 · · Score: 4, Funny

    do you know how hard I worked on my Angry Birds scores?

  6. Already happening! by Jeppe+Salvesen · · Score: 3, Insightful

    Our apps are already watching us beyond what we've authorized. How is that not malware?

    --

    Stop the brainwash

  7. Re:Nope by characterZer0 · · Score: 3, Insightful

    Will X be the year of Y?

    No, but X will be the year of poorly written and poorly researched trade magazine articles about Y.

    --
    Go green: turn off your refrigerator.
  8. It's about 2-factor authentication... by js_sebastian · · Score: 3, Interesting

    The mobile component, which targeted Symbian Series 60 devices or BlackBerrys, intercepted one-time passcodes used to verify transactions.

    It doesn't really matter since passwords are already the weakest link in online security.

    It's not that type of password. You are already logged in to your banking site using username and password. Then you decide to send money to someone, and one of the ways of doing 2-factor authentication available to you is to have the bank send you a 1-time password by SMS, which you then type into the computer. The one-time password is bound to the specific transaction you were requesting, and the sms contains some information about the transaction (like the destination account number and amount), so if the account number or amount is not what you wanted you know something is wrong.

    So unless the bad guys have malware on your phone AND on your pc, they can't steal your money.

    Of course, this is in europe. In the US two-factor authentication means password+"what is your mother's maiden name". And no, this is not a random anti-american rant. Most US banks still do not have 2-factor authentication, while all that I know of in europe do, in some form or another. Also, a security guy from a US bank I spoke to at a conference told me they don't do two factor authentication because users don't want to remember more passwords (thus proving he does not understand what is 2-factor authentication). Also, he said that when you want to do something "suspicious" like sending money to a new destination, they start to ask you security questions (like "what is your mother's maiden name").