SiliconFilter

Mobile Security Takes a Front Row Seat at MWC

/

Not too long ago, nobody really worried too much about mobile security. The worst thing that could really happen to your data on your phone, most people thought, was that you would lose the physical device and somebody could make calls or browse your address book. Today, however, with the proliferation of mobile malware that can do anything from downloading your contacts list to a remote server to sending you pricey premium SMS messages, as well as a general trend toward letting employees use a mobile phone of their own choosing, the issue of mobile security have become far more pressing. This trend was clearly on display at the Mobile World Congress in Barcelona this week, where numerous well-known security firms and even more startups showed off their latest products.

Security and Android

Most of these security products today focus on Android. To some degree, Google's mobile operating system provides the perfect breeding ground for malware, as its open nature allows users to install apps from numerous sources and stores besides Google's official app store. It's far easier then for a malware developer to create an app that exploits flaws in Android's security and get it into circulation than it would be for somebody who wants to create iPhone or iPad malware. Apple, after all, only lets users download from one store and exercises complete control over it.

Kindsight security demo

Earlier this week, I had a chance to talk to Brendan Ziolo, the VP of marketing at Kindsight. The Alcatel-Lucent spin-off provides desktop and mobile security products, but here in Barcelona, the company focused on its newly released mobile security tools for Android.

While there are now numerous Android security tools available, Kindsight takes a somewhat different approach than most of its competitors, as it also works directly with mobile carriers to provide both software to end-users that can scan a phone for known malware as well as detection software that runs on the carrier's servers. The company is working with a number of mobile operators to bring its tools to their users and there is a good chance that you will find its software on your phone at some point in the future. Given the nature of these deals, though, you may never know that it's Kindsight that is running in the background (the carriers are more likely to give it their own name).

What Hackers Can do With Your Compromised Phone

Ziolo showed me a demo of a malware app the company developed for Android. Just by installing a malware-infested clone of Angry Birds, a hacker could – within seconds of starting the app – start spamming your friends with SMS messages, download your address book, locate you and even get access to your phone's camera and see a live stream from it without you ever noticing it.

With the company's software running, of course, users quickly get an alert about what is happening and can then uninstall the application. The scan on the phone itself is similar to a standard anti-virus or malware scan you would run on your desktop. At the same time, the company's software on your carrier's servers also keeps an eye out for suspicious traffic and can even detect some malware it has never seen before.

While there has been some discussion over how widespread the Android malware problem really is today, most reports indicate that it's growing quite rapidly. As Kindsight's Ziolo also rightly pointed out, unlike the early days of desktop malware, hackers can now rely on an established infrastructure for selling personal information and other data, making the whole business even more attractive and lucrative for these criminals.



8:31 am


Good News/Bad News: Spam is Down, Malware is Up

/

Thanks to better spam filtering techniques, most of us probably don’t see too many ads for “herbal Viagra” and similar concoctions in our inboxes these days, but that doesn’t mean spam isn’t still a big business. According to the latest Threats Report by Intel’s online security firm McAfee (PDF), the overall amount of spam went down in the last quarter of 2011. One of the reasons for this, though, is that spammers have gotten a bit smarter and now use a more targeted – and sometimes even personalized – approach.

Spam Down (In Most Countries)

It’s worth noting, though, that while spam was down overall, there were a few countries, including the U.S. and Germany, where spam volume was up slightly compared to last year.

spam_volume_mcaffee_q4_11

Malware Up

While spam is down, though, malware, though, is still growing.

With regard to PCs, the overall growth rate of malware samples McAfee encountered in the last quarter slowed down quite a bit from previous years. At the same time, though, the number of unique malware samples the company found increased.

The company’s researchers also noted that they discovered about 9,300 malicious websites per day in Q4 compared to just about 6,500 in Q3. Most of these sites were hosted in the U.S., followed by the Netherlands, Canada, South Korea and Germany.

Android Malware Still on the Rise

Unsurprisingly, the largest growth area for mobile malware is Android. The last year and quarter were, in McAfee's words, “by far the busiest periods for mobile malware we have yet seen.” The largest growth area here is for-profit SMS-sending Trojans and to bypass the Android Market’s increased security measures, the malware authors apparently use forums and other outlets to distribute their wares.

malware_sample



11:15 am


The Android Market Gets a Bouncer to Keep Malware Out

/

Google just announced that it has added a new layer of security to the Android market to keep malicious software out of the store. Android's generally open structure and the fact that the Android Market doesn't employ the same kind of restrictive policies that Apple put in place for its store mean that it's relatively easy for malicious Android software to be distributed through Google's app store. With this service, which Google calls Bouncer, the company actually runs and analyzes the software on its own infrastructure before the app appears in the store. Interestingly, Google notes that Bouncer has actually been active for quite a while now, but this is the first time the company has publicly acknowledged its existence.

Google notes that so far, Bouncer has reduced the number of malware downloads between the first and second half of 2011 by 40%.

Bouncer looks for known malware, spyware and trojans, but also look for, what Google calls, "behaviors that indicate an application might be misbehaving, and compares it against previously analyzed apps to detect possible red flags." In addition, Google also looks at new developer accounts to ensure that those we were banned once can't just come back under a different name and upload another piece of potentially dangerous software.



12:57 pm