Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Stoking worries that smartphones and tablets represent the next frontier for malware, security researchers have discovered a vast botnet on over a million devices in China. The Chinese news agency Xinhua and the BBC report that the botnet makes it so that smartphones can be hijacked remotely, potentially for denial-of-service attacks or other malevolent purposes.

Android devices are reportedly more vulnerable than Apple’s devices, due to the openness of the Android Marketplace. Malware typically finds its way onto an unsuspecting user’s phone or tablet via an app download. Android dominates the Chinese market, which is showing explosive growth; China has almost half a billion mobile users (420 million, more precisely) per the China Internet Network Information Center.

Mobile malware is not anything new, but the scope of the threat reported here appears to be unprecedented in mobile. As recently as September of 2011, it was big news to find 20,000 Android devices communicating with known criminal command and control networks on a given week, per InformationWeek’s Kurt Marko. One of the worst Android botnets to date was called Rootstrap; it was reported to have reached 100,000 compromised devices about a year ago. Back in 2009, it wasn’t uncommon to find headlines–in this publication, say–like “Mobile Malware Isn’t So Bad, For Now.

White hat hackers have shown how easy it is to create Android malware. Hacker Georgia Weidman, for instance, illustrated how malware can worm its way into a phone’s modem driver. Oftentimes, the SMS messaging protocol can be used to control the malware, explains IW’s Marko, since SMS is operated by carriers (and therefore harder for security teams to monitor) and because it’s power-efficient: “botnet operators can have a relatively chatty dialog with their slave devices without tipping the owners off that something might be amiss on their phones,” he writes.

One of the most thorough–and frightening–reports on mobile malware came from Damballa Labs back in 2011. Even then, said Damballa, the mobile market had become “as susceptible to criminal breach activity as desktop devices.” This should almost go without saying, but phones’ and tablets’ very mobility can make them doubly scary as potential malware vectors; consider, too, the implications of the “bring your own” trend, where workers prefer to use their personal devices in office settings.

What can you do to protect yourself against this mobile malware scourge? Chinese authorities have said it’s a good idea to look at your data and call logs to see if anything unusual has cropped up. Marko further recommends that you minimize the amount of data you store locally (particularly sensitive documents), encrypt data when you can, and that you use a mobile device management service like AirWatch or Zenprise.

Naturally, be cautious before downloading any app. If you find yourself completely unable to check your app-downloading impulses, then it’s worth noting that the iOS ecosystem has maintained a pretty strong firewall against these problems, due to its “walled garden” approach to its network. That’s not to say that Apple’s track record is spotless here, though; remember the JailbreakMe exploit?

2 comments. Share your thoughts »

Tagged: Computing, Communications, Mobile

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me