US Government Says Android Mobile OS Is Top Malware Target
When it comes to malware attacks, there is one mobile operating system (OS)—Android—that walks away with the dubious honor of being recognized as the number one target by two US security agencies.
According to a recent memo released by the Department of Homeland Security and the Federal Bureau of Investigation to first responders such as police, fire, EMS, and security personnel, Android is the world’s most widely used technology and was the target of 79 percent of malware attacks in 2012.
Why? Dominant market share, along with its open source architecture, makes Google’s Android the primary target for exploitation by malicious malware attacks. Another contributing factor is that 44 percent of Android users aren’t up-to-date with their software.
According to the memo, subscribers are
using versions 2.3.3 through 2.3.7—known as Gingerbread—which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions. The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date.
Some of the known security threats mentioned in the report are:
- SMS (Text Messages)—Trojans represent nearly half of the malicious applications circulating on older Android OS.
- Rootkits—Malware that hides its existence from normal forms of detection, logging the user's locations, keystrokes, and passwords without the user's knowledge. In late 2011, a software developer's rootkit was discovered running on millions of mobile devices.
- Fake Google Play Domains—Created by cybercriminals, these sites trick users into installing malicious applications that enable malicious actors to steal sensitive information, including financial data and log-in credentials.
In a graph depicting malware threats to mobile operating systems for 2012, the overall results tallied as follows: Google’s Android, 79 percent; Nokia’s Symbian, 19 percent; BlackBerry, 0.3 percent; Microsoft’s Windows Mobile, 0.3 percent; Apple’s iOS, 0.7 percent; and others, 0.7 percent.
However, ABC News quoted Jeff Forristal, chief technology officer of Bluebox Security and a presenter at the Black Hat 2013 conference, who warned that Apple’s iOS should not be viewed as being without security risk. "If you go to the CVE (Common Vulnerabilities and Exposures) database, you'll find 238 security problems specific to iOS devices," he said. "Everything has security risks."
The report offers several security suggestions for users, including updating the OS, and installing and regularly updating antivirus software. On Google’s security blog, Android Security Engineer Adrian Ludwig published “Dude, where’s my phone? Simple steps to protect your Android device this summer,” which includes information about a new service that helps locate your lost phone—whether it’s buried in the couch cushions or left behind somewhere else.