7 key actions to beat app malware and other mobile threats: Internet Scambusters #460
Smartphones and mobile devices have taken just a few years to become essential accessories for virtually everyone but it's taken cybercriminals only a year to create hundreds of app malware programs that threaten our mobile security.
Apps -- an abbreviation for "applications" -- are the mini programs you can download for free or at low cost to turn smartphones and tablets into versatile information and game-playing devices.
But on some of these devices they may also carry a dangerous payload, as we explain in this week's issue.
Time to get going...
App Malware Threatens Smartphones and Tablets
While most of us exercise caution before downloading an executable file to our PCs, some of the same people don't hesitate to install them onto mobile devices, like smartphones and tablets, without worrying about app malware.
After all, apps -- "applications" -- are nothing more than executable mini-programs and deserve the same precautions that you use on your desktop computer.
Let's be clear at the outset that we're not talking about Apple products like the iPad and iPhone here, so-called iOS devices. That's because Apple retains full control over the apps and the way they actually run on these devices and vets each one before making them available at its App Store.
(There's a small exception to this vetting rule, when users knowingly alter access to their iPhones and iPads -- known as "jailbreaking" -- which allows them to install apps from other sources. But that's at their risk and Apple doesn't approve of it. Apple's official response is that jailbreaking voids the warranty.)
The real app malware problem that, even now, is only just emerging, is with non-iOS devices, notably phones and tablets using the Android operating system, which is the most common system on smartphones and is being installed on a growing number of tablets, those 7 to 9-inch flat touch-screen devices similar to the iPad.
For those who don't know, an operating system is the basic platform that manages the way a device runs -- rather like Windows does on PCs.
Unlike Apple's iOS, Android is an "open system." It was created and is managed by Google but basically any mobile manufacturer can use it and adapt it to their own devices.
There's an official Google app outlet known as Android Market but there are also lots of other app sources, including the online retailer Amazon, and scores of other, little-known organizations.
What these individual market operators do to check for app malware is beyond the scope of this report.
But, in a comment published in the tech magazine Information Week recently, Robert Vamosi, author of the book When Gadgets Betray Us, warns that the app malware threat is growing fast.
"Cybercriminals are realizing that, unlike PCs, mobile devices aren't very well secured," he told the mag.
And according to another source, LookOut Mobile Security, three out of every 10 Android users face the risk of a malware infection this year.
In a report published in August, LookOut says the number of Android app malware programs jumped from 80 at the start of this year to 400 by June, claiming up to 1 million victims.
"As mobile devices grow in popularity, so do the incentives for attackers," the firm said, citing the emergence of payment systems that use mobile devices as another reason crooks target them.
It's not just Android devices that are being targeted either. According to the latest quarterly report from another security firm, McAfee, cell phone malware is also being seen on BlackBerry and Symbian devices.
(If you don't know what type of operating system your phone uses, ask your service provider.)
And, of course, no matter what type of mobile device you use, even Apple products, you are always vulnerable to the threat of phishing if you respond to a malicious text message or visit a bogus website pretending to be a genuine page.
LookOut lists the key mobile threats as:
- From apps -- malware, spyware, privacy threats (apps that gather information about your location and usage), and vulnerabilities within genuine apps that, sometimes unintentionally, open the way for hackers.
- From the Internet -- phishing, programs that automatically download when you visit an infected web page, and those that take advantage of weaknesses in supporting programs like PDF readers and Flash players.
- From cellular networks -- weakness in software that links to other devices and services, like Bluetooth, Wi-Fi, messaging systems, and "Wi-Fi sniffing" which enables others to intercept transmissions on unsecured networks.
Read the other main highlights of the LookOut report, Mobile Threat Report:
7 Key Steps
So what can you do to reduce the risk of app malware or a phishing hit?
Here are 7 key steps:
- Use only well-known app download markets. That's not a guarantee but it significantly reduces the likelihood of an app malware payload.
- 2. If you're interested in downloading a particular app, run an online search on its name to see what others say about it or to check for malware reports.
- Beware of text messages from unknown sources, especially any purporting to come from your bank or credit card company.Never use the contact numbers they give -- get their real number from the phonebook or the card.Check out our earlier Scambusters report on phishing tricks and other cell phone scams, The 10 Most Common Cell Phone Scams and How to Avoid Them.
- Install security software. These programs are still in their infancy on mobile devices, but, for example, LookOut, mentioned above, and security firm Symantec (Norton) have recently released Android apps.These start with free versions but you can also pay to upgrade to premium editions.
- Keep your apps and your operating system up to date. Hackers are always looking for ways of breaking into even the safest devices.Apple, Google and other operating system providers, as well as the people who produce apps, frequently update them and, while some makers might automatically notify you of a new version, it's your responsibility to check for updates too.(See your manual or check online for how to do this -- sorry, but we don't have the resources to provide guidance.)
- We advise you not to "jailbreak" or, as it's called on other systems, "root" your device.It may give you more control over your device but it definitely makes you more vulnerable to app malware.
- Use the same precautions you would on a PC when visiting websites, checking that the location shown in the address bar is correct.
Smartphones and tablets are the fastest growing sector of the technology market.
The capability of these devices is changing so rapidly it's had to keep pace with them, let alone the threats that accompany them.
When it comes to security, a good basic principle, as Item 7 above suggests, is to treat them with as much caution and respect as you do with PCs.
Even if they're secure right now, well-developed safety habits will help you stand against app malware and other mobile threats in the future.
That's a wrap for this issue. Wishing you a great week!