IN A VERY short period of time, millions of people around the globe have become increasingly reliant upon smart phones and other mobile devices. People use these devices not just for making phone calls, which is merely one of their myriad functions, but for taking pictures, making videos, keeping notes, listening to music, reading e-mail – both personal and work-related - and even for conducting bank transactions. Thus, these small devices have become an alternative way to store photos, contacts, personal and corporate data, passwords and other confidential information, making them more and more susceptible to cybercrime. Antivirus specialists warn that cybercriminals have already created a considerable amount of malware geared specifically towards mobile devices, and predict that this threat will grow significantly. Mobile service providers in Slovakia confirm this trend.
“The increasing occurrence of malware on mobile platforms is predictable,” Robert Šefr, a presales security consultant at the Czech arm of networking and IT security products and services distributor COMGUARD, told The Slovak Spectator, in reference to the prediction by security technology company McAfee of a significant increase in mobile malware. “For hackers this is a new market, and everybody is going to try to profit from it as much as possible. The number of mobile devices, especially with the Android operating system, is increasing and so is the usage of mobile devices for making payments, for example, via NFC, or as an authentication token for critical operations like money transfers in banks.”
ESET, a Slovak IT security company that develops security against cyber threats, also predicts a significant increase in mobile malware.
“The main threats resulting from the growth of malware created for mobile phones is the loss of money and sensitive data – in many cases also corporate [data] – as well as identity theft,” Zuzana Hošalová, public relations specialist at ESET told The Slovak Spectator.
ESET identifies mobile exploit kits and SMS Trojans as the current most dangerous forms of malware. Hošalová explained that the hacker, by using an exploit kit, can do pretty much anything with a mobile phone and the data stored on it. SMS Trojans covertly subscribe the victim to various premium messaging services in order to generate illicit revenue for cybercriminals. The user discovers the attack only after receiving an unusually exorbitant invoice from the mobile operator. Recently ESET also observed USSD code attacks on certain types of mobile phones, which can result in the user losing all of the data stored on the mobile phone, or, by accidentally pressing one button, re-sending under his name a malicious email created by the hacker.
According to Šefr, the Android platform is the primary target for attacks due to its open-source nature. iOS, Windows Phone and Blackberry use much more closed platforms.
All platforms can become easy targets if the manufacturer’s built-in OS defences have been disabled through “jailbreaking” or “rooting” (which is done by more advanced users to “unlock” their devices by removing manufacturer restrictions to make them more open or modifiable), said Šefr, adding that, “in that case, they are not operating the system’s safety mechanisms and applications are free to do anything”.
ESET agrees that Android is more prone to attacks than other platforms.
“The reason is its ever growing popularity and also because after generating a malicious application, it is relatively simple to put it on Google Play,” said Hošalová. “This service, sooner or later, finds out that there is something wrong with this application, but if it is already on Google Play, some users can already download it.”
Malware experts do not see any significant differences between countries in terms of mobile malware.
“Mobile devices, the same as PCs, are connecting to the internet and we are visiting the same sites, downloading applications from those same sources, and so on,” said Šefr. “I don’t think that the situation varies significantly from country to country.”
Hošalová agrees that malware threats created for smart phones spread globally and tend to arrive in Slovakia after a delay of several months, after they have already hit bigger countries.
Šefr warns of the low usage of anti-virus software on mobile phones.
“Most users are not motivated to install antivirus software on their devices; they fear the loss of performance and do not have personal experience with any threats,” said Šefr, adding that people start to focus on security the moment their own time, data and financial loss comes into play.
According to Hošalová, people are gradually realising that a mobile phone is actually a small computer packed with data, which one would not want to give to a stranger.
“Especially companies, which provide their employees with smart phones with access to corporate e-mails or data, are starting to realise this,” said Hošalová.
Mobile operators are aware
Mobile operators in Slovakia are aware of the growing mobile threats, which they ascribe especially to the growing popularity and increasing usage of mobile devices. But Telefónica Slovakia, which provides mobile services under the O2 brand, regards the problem as still marginal and maintains that as long as users are taking basic security precautions with their devices, there is no serious risk. Slovak Telekom, on the other hand, warns that the growing popularity of mobile devices brings a significant increase in the volume and quality of mobile malware.
O2 and Orange Slovensko consider all unknown and unverified applications to be risky. Tomáš Palovský, spokesperson for Slovak Telekom, listed SMS Trojans and various forms of spyware or phishing (whose goal is to obtain user information like logins, passwords, contacts, photos and other personal data) as the most commonly spread forms of mobile malware.
“These may be particularly dangerous, especially in the case of banking applications,” said Palovský.
In general, Telefónica Slovakia believes Slovak users are more aware of the possible risks compared with the rest of the world, and thus behave responsibly, according to Martina Jamrichová, company spokesperson.
Orange Slovensko and Slovak Telekom are less optimistic.
“Awareness of malware threats is still relatively low in the case of Slovak users, even though it is increasing,” said Palovský. “In spite of this the number of clients who currently protect their devices via mobile security applications is very low. From the viewpoint of the operator, we have also registered relatively lukewarm responses from clients to warnings, for example, about insufficient protection, a weak password or recommendations to change the configuration.”
Orange’s clients acknowledge the existence of threats only to a limited degree.
“This is why we try to warn our clients about these threats and educate them more,” Alexandra Piskunová, media relations coordinator at Orange Slovensko, told The Slovak Spectator. “By connecting clients [through their mobile devices] to the internet, there arises a large volume of security threats.”
Orange Slovensko recommends not clicking on unknown links in emails from unknown sources.
“The best protection is not to install unreliable software and to note which functions the installed software requires,” said Piskunová, adding that often it is difficult without deep analysis to recognise what, apart from an interesting game, for instance, the software in question actually does. “We recommend reading available information about software before installing it onto a device.”
Mobile operators in Slovakia are watching mobile malware trends closely, assessing current risks and cooperating with digital security experts. They offer their own security services as well as mobile security products by anti-virus companies, and instruct their clients to use mobile devices in a secure way to avoid infections.
18. Feb 2013 at 0:00 | Jana Liptáková