A new report [PDF file] from the U.S. Government Accountability Office (GAO) cites a Juniper Networks study which found that the number of malware variants aimed at mobile devices has risen from about 14,000 to 40,000 in less than a year, an increase of approximately 185 percent.
“The auditors write that cybercriminals may use a variety of attack methods, including intercepting data as they are transmitted to and from mobile devices and inserting malicious code into software applications to gain access to users’ sensitive information,” writes GovInfoSecurity’s Eric Chabrow. “These threats and attacks are facilitated by vulnerabilities in the design and configuration of mobile devices, as well as the ways consumers use them. Common vulnerabilities include a failure to enable password protection and operating systems that are not kept up to date with the latest security patches.”
“The GAO said that protection will have to be a multi-pronged effort that takes into account all parties,” Infosecurity reports. “For instance, mobile device manufacturers and wireless carriers can implement technical features, such as enabling passwords and encryption to limit or prevent attacks. Meanwhile, consumers can adopt key practices, including setting passwords, using two-step authentication and limiting the use of public wireless connections for sensitive transactions, which can significantly mitigate the risk that their devices will be compromised.”
“[The GAO] called on the Federal Communications Commission to pressure manufacturers and wireless carriers to set standards for mobile security,” Federal News Radio reports. “It also said the Department of Homeland Security and the National Institute of Standards and Technology need to set performance metrics to measure their public awareness efforts.”