Android risk of cyber crime is growing fast

Malware targeting the Android smart phone has risen by a factor of five in less than a year, according to a recent report from Lookout Mobile Security.

The number of malware applications has risen from 80 in January to more than 400 in June. Between a half million to 1 million people were affected by Android malware in the first half of 2011, according to the report.


Related coverage:

Going mobile? The people are already there 

Google alerts infected users that they've been compromised


Case in point: Two days ago, Dinesh Venkatesan of CA Technologies reported a new Android trojan that can steal account passwords and Social Security numbers by recording phone conversations.

“As it is already widely acknowledged that this year is the year of mobile malware, we advise the smart-phone users to be more logical and exercise the basic security principles while surfing and installing any applications,” said Venkatesan in his post.

Most threats to Android devices are malware and spyware, said the firm. Of the threats Lookout detected in June 2011, 48 percent were malware and 52 percent spyware. The most prevalent type of malware attack in the first half of 2011 was repackaging, whereby a hacker adds malicious code to a legitimate application and then republishes the doctored application to an application market or download site.

“The repackaging technique is highly effective because it is often difficult for users to tell the difference between a legitimate app and its repackaged doppelganger,” said the report.

Repackaging, though, is only one of a variety of ways that hackers are attacking mobile devices, and the variety of ways that they can compromise devices continues to increase. A newer, similar model is the “upgrade attack.”

"We've started to see [attackers] publish a clean app, then wait for a while before offering an update that's infected," said Kevin Mahaffey, co-founder and CTO of San Francisco-based Lookout in a ComputerWorld article Aug. 3.

"Because most people automatically update their apps, there's less time that the malware is on the market before it's installed by a lot of people."

Although many government agencies have begun adopting mobile devices, including the State Department, the General Services Administration and the Department of Defense, they may not be prepared to fight these attacks.

A recent report by the General Accounting Office found the DOD unable to keep pace with cyber threats, reported GCN July 26.

Additionally, “because mobile platforms are new, often introducing new APIs and security models, even skilled developers aren’t always aware of best security practices,” noted the report.

Yet one of the biggest issues is not limited to mobile devices: that is users transmitting sensitive data without proper encryption, noted the report.

About the Author

Kathleen Hickey is a freelance writer for GCN.

Featured

  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.