Barcelona, Spain. Cybercriminals are sneaking a soaring number of malware into smartphones to steal data or even money, with those running on Google’s Android most exposed to security threats, analysts said.
While the Android open concept has gained the hearts of those who find the iPhone too closely managed by Apple, it is also turning out to be the Google operating system’s Achilles heel.
“Something really worrying about the Google model, which is also the beauty of that model, is the openness of the environment,” Cesare Garlati, consumer specialist at security firm Trend Micro, told AFP.
Anyone can create or install an application on an Android phone, Garlati pointed out, as opposed to the Apple controlled Appstore which imposes a layer of screening.
“Android’s security model basically says, it is the responsibility of the end user to judge if an application is secure.
“I think that is asking too much from the user. Who is able to understand if a vendor is legitimate?” he asked.
Trend Micro surveyed independent analysts about security features on the four main mobile operating systems — Apple’s iOS, RIM’s Blackberry, Microsoft’s Windows and Google’s Android — and found that Blackberry was ranked most secure and Android the least.
Blackberry benefitted from the fact that it was originally designed more as a platform than a device, while iOS, ranked second most secure, was tightly controlled by Apple.
Nevertheless, Garlati stressed that “no platform is immune from problems.”
With over a billion people expected to own a smartphone by 2013, cybercheats are increasingly setting their sights on the market.
Several sessions at this year’s Mobile World Congress therefore addressed security, with companies including McAfee, SAP, Kaspersky Lab all trotting out new security products for tablets or smartphones.
Technology company Juniper Networks compiled a “record number of mobile malware attacks” in 2011, particularly on Android phones.
In 2010, just 11,138 mobile malware samples were recorded, but they soared 155 percent to 28,472 in 2011, the company said.
Just under half — 46.7 percent — occurred on Android phones, said Juniper, whose study did not look into Apple breaches.
“The combination of Google Android’s dominant market share and the lack of control over the applications appearing in the various Android application stores created a perfect storm, giving malware developers the means and incentives to focus on the platform,” the group said.
Eugene Kaspersky, chief executive of the eponymous computer security firm, said: “We are pretty sure that this will follow the computer’s evolution,” pointing out that threats had surged from 90,000 in 2004 to some 16 million in 2011, with Internet transactions largely fueling the rise.
Some criminals are hiding “malicious code in legitimate applications” that consumers are downloading unwittingly.
Once they have gained access to data on the phone, they are stealing information that could be used in identity theft or in illegal transactions.
A further incentive for cybercriminals to breach smartphone security is that unlike computers, each phone “has a direct link to money” through the SIM card, Denis Maslennikov, Kaspersky Lab’s senior malware analyst said.
Criminals are able, for instance, to implant so-called trojan horses that prompt phones to send SMSs to premium numbers.
“In 2012, the whole malware industry will become a fact we will have to deal with,” he warned.