As the Bring Your Own Device (BYOD) trend gathers momentum so do concerns about the security implications. The good news, according to network software vendor Nominum, is that data theft directly attributed to end-user mobile devices still represents the minority of cases. The bad news is that the bad guys are starting to recognise, and exploit, the unique capabilities of mobile malware.
Craig Sprosts, Nominum’s vice president of platforms and applications, says: “Today’s mobile malware has advanced capabilities not seen with traditional malware. These capabilities include tracking a user’s exact location, accessing various forms of communication (SMS, MMS, email, instant messaging, etc.), access to detailed contact information, listening to a user’s messages, making unauthorised calls, and more.”
And there is more bad news. While most of the malware written specifically for mobile devices is designed to profit directly from the owner of the infected phone, for example, by dialling premium numbers that generate revenue for the owner of the number, Nominum says it is only a matter of time before these unique capabilities are used more widely against enterprises as well as consumer individuals.
To understand the prevalence of mobile-specific malware, Nominum sampled several billion domain name server (DNS) queries and analysed patterns in the DNS traffic to determine which mobile devices were infected and the most common infection types. It found infected devices across multiple mobile operating systems, including Apples iOS, but said: “Our data indicated that Android devices presented the greatest risk. All of the top five mobile malware variants targeted Android.”
Nominum identified the top five nasties as:
- Noncompatible is drive-by Trojan malware which can infect Android phones via their mobile web browsers. When the browser’s download is completed it will ask for user permission for installation. After infection, the android phone works as a proxy.
- Smspacemwill change the phone’s wallpaper and send SMS messages to all the phone contacts.
- Lena is capable of rooting an Android phone device without asking user permission. After gaining a root access Lena can start to communicate with its command site, download additional components and update binaries once these have been installed.
- Netisend can retrieve phone information like IMEI, IMSI, model and installed apps from infected Android devices. After downloading it will ask permission to connect to the Internet and to open a backdoor with its command domain site.
- Basebridge exploits the netlink message validation to get Android phone root access and can disable installed antivirus software, download additional malware components, and open a backdoor with its command site.
Nominum concludes: “Mobility has transformed how people work and has the potential to substantially increase productivity across industries but enterprises need to think beyond the impact of infected mobile phones and look holistically at protecting all the connected devices on their network. Doing this requires building more security into communications networks beyond the enterprise firewall and communications. Service providers are in a unique position to help fill this void.”
About FieldTec
FieldTec are leaders in field workforce and asset management solutions for local Government and utilities. Their dedicated mobile workforce management solution FOCUS provides organisations the ability to collect data about both planned and reactive works at the worksite, and view that information in the office in real time resulting in better operational decisions and improved customer service.
To find out more about FieldTec’s mobile workforcement management solution www.fieldtec.com
For more information: