IDG News Service – Mobile devices are getting hit by a boom in malware similar to the one that hit PCs starting with the rise of the Web, a security
software executive said Tuesday.
“Mobile platforms, for a lot of attackers, represent a new target-rich environment,” said Chris Doggett, senior vice president,
North America, at Kaspersky Lab. He was addressing a panel discussion at the CTIA Wireless trade show in Las Vegas at which
officials from government and industry laid out the dangers of mobile malware and steps being taken to fight it.
The creators and exploiters of malware are attracted to mobile because smartphones and tablets are increasingly powerful and
most have no protection, Doggett said. (Kaspersky sells mobile security software.) The threats to mobile users are numerous:
Attackers can often find credentials for various accounts by looking at incoming and outgoing text messages, they can get
contact information for work associates as well as family and friends, and they may be able to compromise bank accounts if
users do mobile banking, he said.
Malware on the wired Internet has risen from one new sample discovered per hour in 1994 to 200,000 new samples per day now,
and a similar trend is taking shape on mobile devices, Doggett said. In 2011, Kaspersky discovered just over 6,000 mobile
malware samples, and in 2012, there were more than 30,000.
U.S. mobile users have been left relatively unscathed, according to a white paper released on Tuesday by CTIA, the mobile
industry group that sponsors the show. Fewer than 2 percent of smartphones in the U.S. are infected with malware, compared
with more than 40 percent in some other countries, said John Marinho, CTIA’s vice president of technology and cybersecurity.
There are more than 100 million infected smartphones in China, he said.
As attackers seek that easy target in mobile, they overwhelmingly are looking to Android, Doggett said. Kaspersky estimates
that 94 percent of all mobile malware is written for Android. Google’s mobile OS is easier for them to use because it’s more
open than Apple’s iOS and apps don’t have to go through the Apple security review required for the iTunes App Store. Also,
Android users can download apps from any number of places, though some Android malware has come in software downloaded from
sources that are supposed to be trusted, including Google Play, Doggett said.
Apple isn’t foolproof, as some malware has gotten through the company’s scrutiny, such as the spam-producing “Find and Call”
app discovered last year, he said. But because the bar is higher with iOS, most attackers look elsewhere, he said.
Mobile is one target of a U.S. government effort to close cybersecurity holes in the nation’s critical infrastructure, according
to Ari Schwartz, a senior policy advisor in the Commerce Department’s Office of Policy and Strategic Planning. Following an
executive order by President Barack Obama earlier this year, the Department of Homeland Security and other agencies are working
toward creating a program for companies to take a set of voluntary steps to protect their infrastructure from attacks, Schwartz