SlideShare a Scribd company logo

Pocket virus threat

Ali J
Ali J

While mobile malware exists, it remains relatively rare compared to malware on computers. There are several reasons for this, including that mobile users typically do not have administrator privileges, most download apps only from official app stores that monitor for malware, and mobile phones contain less sensitive data than computers. However, as mobile phones take on more functions like mobile payments, they may become more appealing targets for cybercriminals. Companies need to focus more on changing employee security behaviors than worrying only about the technical risks of mobile malware.

TechnologyBusiness
1 of 4
Download to read offline
Difference Engine: The threat in the pocket | The Economist Page 1 of 4 Babbage Science and technology Difference Engine The threat in the pocket Oct 18th 2013, 22:30 by N.V. | LOS ANGELES GIVEN all the talk about mobile malware—Trojans, viruses, keyloggers, phishing expeditions and other scams infecting the phones in people’s pockets—users might be forgiven for thinking cybercrooks are cleaning up at their expense. Truth is, surprisingly few bits of malware have found their way into mobile phones. More by accident than design, smartphones have turned out to be much tougher to infect than laptops and desktop PCs. At least, that is the case at present. Makers of security software would like mobile-phone users to think otherwise. Everywhere Babbage turns these days there is yet another white paper on the threat of mobile malware. Adverts, too—online and in print—warn increasingly of the dangers of texting and talking, searching and surfing without some from of protection against malicious software. Individuals should take note, but the warnings are aimed primarily at IT professionals in firms where employees are allowed to use their own phones and tablets to connect to company networks. Certainly, the BYOD (bring your own device) trend has created security headaches for network managers. It may be one thing for individuals to discover some malicious app they have unwittingly downloaded has racked up large telephone bills by spewing out text messages to pricey pay-to-use services. It is quite another for IT managers to learn that company secrets—contact lists, passwords, authentication keys, business plans and http://www.economist.com/blogs/babbage/2013/10/difference-engine-0/print 1392/08/08
Difference Engine: The threat in the pocket | The Economist Page 2 of 4 confidential memoranda—have been leaking out via employees’ phones to competitors or criminals. While individuals may be hundreds of dollars out of pocket, companies could be on the hook for millions. Mobile malware is still very much in its infancy. Adrian Ludwig, Google’s top security engineer, reckons only one in 100,000 apps downloaded by Android users from all sources, legitimate or otherwise, pose any threat. Researchers at Georgia Institute of Technology and Damballa, a security firm based in Atlanta, agree. After surveying two networks with some 380m users between them, the Georgia researchers found fewer than 3,500 phones with signs of having been infected by malware—ie, one in 108,000. Given that there are around 1.5 billion smartphones and tablets in the world (about the same number as there are desktop and laptop computers), probably fewer than 15,000 mobile devices are harbouring mischievous software of some sort. That is nowhere near enough to attract the attention of criminals. The black-hat botnets they rent by the day, week or month to carry out their nefarious bidding comprise hundreds of thousands of zombie computers that have been infected and hijacked unbeknown to their owners. Such computers present a far easier target for cybercrooks—whether to coral into botnets, or exploit directly for criminal purposes. There are good reasons why smartphones have proved tougher nuts to crack than computers. First, mobile-phone users are rarely administrators by default—unlike, say, users of Windows XP computers, where everyone has administrative privileges unless they have taken the trouble to set up individual user-accounts with separate passwords. The danger, of course, is that administrators (or super-users in Linux-speak) can tinker with the settings of a device’s operating system to their heart’s content. It is possible, of course, to grant such rights to phone users—through jailbreaking an Apple device or rooting and sideloading an Android. Doing so, however, not only voids the maker’s warranty, but can also “brick” the device—turning it into an expensive paperweight. Even so, there are always folk willing to take the risk, to add functions and features to their phones that are not normally available. But doing so exposes them to vulnerabilities which can be readily exploited. One of the more common tricks hackers use is to inject a “secureshell daemon” into a device by embedding it in an e-mail message or a website offering free downloads. Tools like secure shells allow malware to spread quickly across networks, while setting up “packet forwarding” routines to establish bridges between company networks and http://www.economist.com/blogs/babbage/2013/10/difference-engine-0/print 1392/08/08
Difference Engine: The threat in the pocket | The Economist Page 3 of 4 unauthorised servers elsewhere. Fortunately, with jailbreakers and rooters occupying such a tiny corner of the mobile-phone universe, cybercriminals tend not to waste time trying to rip them off. Mainstream computer users make easier and more lucrative targets. Another reason why mobile phones have so far remained largely free of malware is because they lead such sheltered lives. Most users download any apps they want (the average is around 40) from one or other of the two official locations: Google’s Play Store for Android devices, and Apple’s App Store for iPhones and iPads. Both are reasonably well policed. Despite its laissez-faire reputation, Google’s marketplace for apps is curated far better than third-party sites, though nowhere near as rigorously as Apple’s. With 1m apps available for the Android operating system and over 750,000 for Apple’s iOS, users have little need to venture outside their walled gardens. The small minority who visit dubious download sites have only themselves to blame if their phones become infected. Third-party app stores, especially for Android devices, tend to be dens of iniquity. Most offer free apps for downloading pornography or pirate copies of sought-after music, video and utilities as honeypots for the gullible. As a rule, expect anything downloaded from thirdparty sites to come with some form of malware embedded in it. At its least damaging, such downloads may be no more than nuisanceware—software that causes adverts to pop up, unnecessary toolbars to be added to browsers, and home pages diverted to inappropriate sites. Other times, it is just scareware—software that offers to scan the user’s device for viruses and the like, and then requires payment for the full version of the software needed to fix the problem, which probably did not exist in the first place. At its most toxic, by contrast, mobile malware can collect personal data and contact lists, monitor keystrokes, track the phone’s location, even take photographs or video of users and their surroundings. It will then transmit the proceeds back to servers run by organised crime for extortion, identity theft, scams or phishing trips. Because mobile phones, unlike laptops and desktops, are still not widely used for online banking or credit-card transactions, they tend to be of less interest to the cyberworld’s shady characters. However, that is changing. Thanks to improvements in “near-field communication”, phones are beginning to morph into wallets—with all the necessary links to bank accounts and credit cards—so users can http://www.economist.com/blogs/babbage/2013/10/difference-engine-0/print 1392/08/08
Difference Engine: The threat in the pocket | The Economist Page 4 of 4 make incidental payments at stations, convenience stores and elsewhere merely by waving their phone near a terminal. Cybercrooks are, no doubt, watching such developments with interest. Overall, though, it is business that tends to suffer most from follies users have with phones. And the biggest hazard of all is not mobile malware, but data leakage caused by employees losing their phones, or selling sensitive corporate information collected on their mobiles. Gartner, an information-technology consultancy based in Stamford, Connecticut, counsels clients not to get too worked up about malware penetrating their networks through the personal devices employees bring to work. It is the users themselves who are the problem, not their mobile phones. How, for instance, do companies prevent employees from responding to “spear-phishing attacks” in the form of highly personalised and legitimate-looking e-mail or text messages from seemingly reputable sources that seek clarification of various corporate details? Security measures need to focus more on changing social behaviour, rather than trying to solve the relatively minor problem of mobile malware. As for Babbage, he has taken the precaution of activating the Google app on his Android phone and tablet that enables devices to be located, tracked, rung or wiped clean if lost or stolen. He also keeps their WiFi and GPS radios switched off until needed. That saves battery life, and adds an extra layer of protection. He has also installed a popular security suite on both devices that blocks all known malicious software. He is aware that it is not the known threats that are the problem, but the unknown ones (ie, the “zero-day” attacks). Still, he sleeps easier with it there. The only other thing he does religiously is to steer clear of third-party download sites with offers that seem too good to be true. Invariably, they are. http://www.economist.com/blogs/babbage/2013/10/difference-engine-0/print 1392/08/08

Recommended

Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013n|u - The Open Security Community
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malwareSytelReplyUK
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
Panda labs annual-report-2012
Panda labs annual-report-2012Panda labs annual-report-2012
Panda labs annual-report-2012Комсс Файквэе
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportContent Rules, Inc.
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Javier Gonzalez
 

Recommended

Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013n|u - The Open Security Community
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malware10940 img sytr12_mobile_malware
10940 img sytr12_mobile_malwareSytelReplyUK
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 
Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
Panda labs annual-report-2012
Panda labs annual-report-2012Panda labs annual-report-2012
Panda labs annual-report-2012Комсс Файквэе
 
Blue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportBlue Coat 2013 Systems Mobile Malware Report
Blue Coat 2013 Systems Mobile Malware ReportContent Rules, Inc.
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Javier Gonzalez
 
Rpt repeating-history
Rpt repeating-historyRpt repeating-history
Rpt repeating-historyAnatoliy Tkachev
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revistathe_ro0t
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity PredictionsLookout
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notLookout
 
Mobile security
Mobile securityMobile security
Mobile securityhome
 
HinDroid
HinDroidHinDroid
HinDroidHinDroid
 
Cscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesCscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesSejahtera Affif
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_reportIsnur Rochmad
 
Trojan horseofbyod2
Trojan horseofbyod2Trojan horseofbyod2
Trojan horseofbyod2Stephanie Vanroelen
 
M86 security predictions 2011
M86 security predictions 2011M86 security predictions 2011
M86 security predictions 2011subramanian K
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
Top 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOSTop 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOSInnovation Network Technologies: InNet
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatibleLookout
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devicesijmnct
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
 
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLooking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLookout
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 
Vulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesVulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesCSCJournals
 
The Current State of Cybercrime 2013
The Current State of Cybercrime 2013The Current State of Cybercrime 2013
The Current State of Cybercrime 2013EMC
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?acijjournal
 
Mobile security article
Mobile security articleMobile security article
Mobile security articleKulani Mahadewa
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfkostikjaylonshaewe47
 

More Related Content

What's hot

Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revistathe_ro0t
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity PredictionsLookout
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notLookout
 
Mobile security
Mobile securityMobile security
Mobile securityhome
 
Cscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesCscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesSejahtera Affif
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_reportIsnur Rochmad
 
M86 security predictions 2011
M86 security predictions 2011M86 security predictions 2011
M86 security predictions 2011subramanian K
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)Vince Verbeke
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatibleLookout
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devicesijmnct
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESijmnct
 
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLooking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLookout
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCMicrosoft Asia
 
Vulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesVulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesCSCJournals
 
The Current State of Cybercrime 2013
The Current State of Cybercrime 2013The Current State of Cybercrime 2013
The Current State of Cybercrime 2013EMC
 

What's hot (19)

Rpt repeating-history
Rpt repeating-historyRpt repeating-history
Rpt repeating-history
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revista
 
2015 Cybersecurity Predictions
2015 Cybersecurity Predictions2015 Cybersecurity Predictions
2015 Cybersecurity Predictions
 
Feds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or notFeds: You have a BYOD program whether you like it or not
Feds: You have a BYOD program whether you like it or not
 
Mobile security
Mobile securityMobile security
Mobile security
 
HinDroid
HinDroidHinDroid
HinDroid
 
Cscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesCscu module 13 securing mobile devices
Cscu module 13 securing mobile devices
 
2012 nq mobile_security_report
2012 nq mobile_security_report2012 nq mobile_security_report
2012 nq mobile_security_report
 
Trojan horseofbyod2
Trojan horseofbyod2Trojan horseofbyod2
Trojan horseofbyod2
 
M86 security predictions 2011
M86 security predictions 2011M86 security predictions 2011
M86 security predictions 2011
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
 
Top 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOSTop 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOS
 
The New NotCompatible
The New NotCompatibleThe New NotCompatible
The New NotCompatible
 
Malware detection techniques for mobile devices
Malware detection techniques for mobile devicesMalware detection techniques for mobile devices
Malware detection techniques for mobile devices
 
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICESMALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
MALWARE DETECTION TECHNIQUES FOR MOBILE DEVICES
 
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity PredictionsLooking Forward and Looking Back: Lookout's Cybersecurity Predictions
Looking Forward and Looking Back: Lookout's Cybersecurity Predictions
 
A Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDCA Joint Study by National University of Singapore and IDC
A Joint Study by National University of Singapore and IDC
 
Vulnerabilities in Mobile Devices
Vulnerabilities in Mobile DevicesVulnerabilities in Mobile Devices
Vulnerabilities in Mobile Devices
 
The Current State of Cybercrime 2013
The Current State of Cybercrime 2013The Current State of Cybercrime 2013
The Current State of Cybercrime 2013
 

Similar to Pocket virus threat

Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?acijjournal
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfkostikjaylonshaewe47
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSPurna Bhat
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environmentIBM Software India
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveIcomm Technologies
 
Techvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutionsTechvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutionsSaad Ahmad
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats ReportJuniper Networks
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Joseph White MPA CPM
 
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingCorporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingSignals Defense, LLC
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0mobileironmarketing
 
Malware Applications Development.pptx
Malware Applications Development.pptxMalware Applications Development.pptx
Malware Applications Development.pptxFullstackSRM
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxtodd581
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxglendar3
 
Report of android hacking
Report of android hackingReport of android hacking
Report of android hackingdiv2345
 

Similar to Pocket virus threat (20)

Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
 
Mobile security article
Mobile security articleMobile security article
Mobile security article
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
 
CS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptxCS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptx
 
Smartphone
SmartphoneSmartphone
Smartphone
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoS
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to Solve
 
Techvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutionsTechvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutions
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingCorporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
 
Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0Mobile threat-report-mid-year-2018 en-us-1.0
Mobile threat-report-mid-year-2018 en-us-1.0
 
Malware Applications Development.pptx
Malware Applications Development.pptxMalware Applications Development.pptx
Malware Applications Development.pptx
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docx
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docx
 
776 s0005
776 s0005776 s0005
776 s0005
 
Report of android hacking
Report of android hackingReport of android hacking
Report of android hacking
 

More from Ali J

Nelson mondela
Nelson mondelaNelson mondela
Nelson mondelaAli J
 
Manufacturing2013
Manufacturing2013Manufacturing2013
Manufacturing2013Ali J
 
Curbing irans-nuclear
Curbing irans-nuclearCurbing irans-nuclear
Curbing irans-nuclearAli J
 
Australias new-goverment
Australias new-govermentAustralias new-goverment
Australias new-govermentAli J
 
fall-forme education
fall-forme educationfall-forme education
fall-forme educationAli J
 
has-liberalisatio
has-liberalisatiohas-liberalisatio
has-liberalisatioAli J
 
germany chancellor
germany chancellorgermany chancellor
germany chancellorAli J
 
Fundamentals of quantum information theory
Fundamentals of quantum information theoryFundamentals of quantum information theory
Fundamentals of quantum information theoryAli J
 

More from Ali J (8)

Nelson mondela
Nelson mondelaNelson mondela
Nelson mondela
 
Manufacturing2013
Manufacturing2013Manufacturing2013
Manufacturing2013
 
Curbing irans-nuclear
Curbing irans-nuclearCurbing irans-nuclear
Curbing irans-nuclear
 
Australias new-goverment
Australias new-govermentAustralias new-goverment
Australias new-goverment
 
fall-forme education
fall-forme educationfall-forme education
fall-forme education
 
has-liberalisatio
has-liberalisatiohas-liberalisatio
has-liberalisatio
 
germany chancellor
germany chancellorgermany chancellor
germany chancellor
 
Fundamentals of quantum information theory
Fundamentals of quantum information theoryFundamentals of quantum information theory
Fundamentals of quantum information theory
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 

Pocket virus threat

  • 1. Difference Engine: The threat in the pocket | The Economist Page 1 of 4 Babbage Science and technology Difference Engine The threat in the pocket Oct 18th 2013, 22:30 by N.V. | LOS ANGELES GIVEN all the talk about mobile malware—Trojans, viruses, keyloggers, phishing expeditions and other scams infecting the phones in people’s pockets—users might be forgiven for thinking cybercrooks are cleaning up at their expense. Truth is, surprisingly few bits of malware have found their way into mobile phones. More by accident than design, smartphones have turned out to be much tougher to infect than laptops and desktop PCs. At least, that is the case at present. Makers of security software would like mobile-phone users to think otherwise. Everywhere Babbage turns these days there is yet another white paper on the threat of mobile malware. Adverts, too—online and in print—warn increasingly of the dangers of texting and talking, searching and surfing without some from of protection against malicious software. Individuals should take note, but the warnings are aimed primarily at IT professionals in firms where employees are allowed to use their own phones and tablets to connect to company networks. Certainly, the BYOD (bring your own device) trend has created security headaches for network managers. It may be one thing for individuals to discover some malicious app they have unwittingly downloaded has racked up large telephone bills by spewing out text messages to pricey pay-to-use services. It is quite another for IT managers to learn that company secrets—contact lists, passwords, authentication keys, business plans and http://www.economist.com/blogs/babbage/2013/10/difference-engine-0/print 1392/08/08
  • 2. Difference Engine: The threat in the pocket | The Economist Page 2 of 4 confidential memoranda—have been leaking out via employees’ phones to competitors or criminals. While individuals may be hundreds of dollars out of pocket, companies could be on the hook for millions. Mobile malware is still very much in its infancy. Adrian Ludwig, Google’s top security engineer, reckons only one in 100,000 apps downloaded by Android users from all sources, legitimate or otherwise, pose any threat. Researchers at Georgia Institute of Technology and Damballa, a security firm based in Atlanta, agree. After surveying two networks with some 380m users between them, the Georgia researchers found fewer than 3,500 phones with signs of having been infected by malware—ie, one in 108,000. Given that there are around 1.5 billion smartphones and tablets in the world (about the same number as there are desktop and laptop computers), probably fewer than 15,000 mobile devices are harbouring mischievous software of some sort. That is nowhere near enough to attract the attention of criminals. The black-hat botnets they rent by the day, week or month to carry out their nefarious bidding comprise hundreds of thousands of zombie computers that have been infected and hijacked unbeknown to their owners. Such computers present a far easier target for cybercrooks—whether to coral into botnets, or exploit directly for criminal purposes. There are good reasons why smartphones have proved tougher nuts to crack than computers. First, mobile-phone users are rarely administrators by default—unlike, say, users of Windows XP computers, where everyone has administrative privileges unless they have taken the trouble to set up individual user-accounts with separate passwords. The danger, of course, is that administrators (or super-users in Linux-speak) can tinker with the settings of a device’s operating system to their heart’s content. It is possible, of course, to grant such rights to phone users—through jailbreaking an Apple device or rooting and sideloading an Android. Doing so, however, not only voids the maker’s warranty, but can also “brick” the device—turning it into an expensive paperweight. Even so, there are always folk willing to take the risk, to add functions and features to their phones that are not normally available. But doing so exposes them to vulnerabilities which can be readily exploited. One of the more common tricks hackers use is to inject a “secureshell daemon” into a device by embedding it in an e-mail message or a website offering free downloads. Tools like secure shells allow malware to spread quickly across networks, while setting up “packet forwarding” routines to establish bridges between company networks and http://www.economist.com/blogs/babbage/2013/10/difference-engine-0/print 1392/08/08
  • 3. Difference Engine: The threat in the pocket | The Economist Page 3 of 4 unauthorised servers elsewhere. Fortunately, with jailbreakers and rooters occupying such a tiny corner of the mobile-phone universe, cybercriminals tend not to waste time trying to rip them off. Mainstream computer users make easier and more lucrative targets. Another reason why mobile phones have so far remained largely free of malware is because they lead such sheltered lives. Most users download any apps they want (the average is around 40) from one or other of the two official locations: Google’s Play Store for Android devices, and Apple’s App Store for iPhones and iPads. Both are reasonably well policed. Despite its laissez-faire reputation, Google’s marketplace for apps is curated far better than third-party sites, though nowhere near as rigorously as Apple’s. With 1m apps available for the Android operating system and over 750,000 for Apple’s iOS, users have little need to venture outside their walled gardens. The small minority who visit dubious download sites have only themselves to blame if their phones become infected. Third-party app stores, especially for Android devices, tend to be dens of iniquity. Most offer free apps for downloading pornography or pirate copies of sought-after music, video and utilities as honeypots for the gullible. As a rule, expect anything downloaded from thirdparty sites to come with some form of malware embedded in it. At its least damaging, such downloads may be no more than nuisanceware—software that causes adverts to pop up, unnecessary toolbars to be added to browsers, and home pages diverted to inappropriate sites. Other times, it is just scareware—software that offers to scan the user’s device for viruses and the like, and then requires payment for the full version of the software needed to fix the problem, which probably did not exist in the first place. At its most toxic, by contrast, mobile malware can collect personal data and contact lists, monitor keystrokes, track the phone’s location, even take photographs or video of users and their surroundings. It will then transmit the proceeds back to servers run by organised crime for extortion, identity theft, scams or phishing trips. Because mobile phones, unlike laptops and desktops, are still not widely used for online banking or credit-card transactions, they tend to be of less interest to the cyberworld’s shady characters. However, that is changing. Thanks to improvements in “near-field communication”, phones are beginning to morph into wallets—with all the necessary links to bank accounts and credit cards—so users can http://www.economist.com/blogs/babbage/2013/10/difference-engine-0/print 1392/08/08
  • 4. Difference Engine: The threat in the pocket | The Economist Page 4 of 4 make incidental payments at stations, convenience stores and elsewhere merely by waving their phone near a terminal. Cybercrooks are, no doubt, watching such developments with interest. Overall, though, it is business that tends to suffer most from follies users have with phones. And the biggest hazard of all is not mobile malware, but data leakage caused by employees losing their phones, or selling sensitive corporate information collected on their mobiles. Gartner, an information-technology consultancy based in Stamford, Connecticut, counsels clients not to get too worked up about malware penetrating their networks through the personal devices employees bring to work. It is the users themselves who are the problem, not their mobile phones. How, for instance, do companies prevent employees from responding to “spear-phishing attacks” in the form of highly personalised and legitimate-looking e-mail or text messages from seemingly reputable sources that seek clarification of various corporate details? Security measures need to focus more on changing social behaviour, rather than trying to solve the relatively minor problem of mobile malware. As for Babbage, he has taken the precaution of activating the Google app on his Android phone and tablet that enables devices to be located, tracked, rung or wiped clean if lost or stolen. He also keeps their WiFi and GPS radios switched off until needed. That saves battery life, and adds an extra layer of protection. He has also installed a popular security suite on both devices that blocks all known malicious software. He is aware that it is not the known threats that are the problem, but the unknown ones (ie, the “zero-day” attacks). Still, he sleeps easier with it there. The only other thing he does religiously is to steer clear of third-party download sites with offers that seem too good to be true. Invariably, they are. http://www.economist.com/blogs/babbage/2013/10/difference-engine-0/print 1392/08/08