We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

David Zax

A View from David Zax

Earworms: The Rise of Mobile Malware

Is your phone the next great malware vector?

  • January 21, 2013

Stoking worries that smartphones and tablets represent the next frontier for malware, security researchers have discovered a vast botnet on over a million devices in China. The Chinese news agency Xinhua and the BBC report that the botnet makes it so that smartphones can be hijacked remotely, potentially for denial-of-service attacks or other malevolent purposes.

Android devices are reportedly more vulnerable than Apple’s devices, due to the openness of the Android Marketplace. Malware typically finds its way onto an unsuspecting user’s phone or tablet via an app download. Android dominates the Chinese market, which is showing explosive growth; China has almost half a billion mobile users (420 million, more precisely) per the China Internet Network Information Center.

Mobile malware is not anything new, but the scope of the threat reported here appears to be unprecedented in mobile. As recently as September of 2011, it was big news to find 20,000 Android devices communicating with known criminal command and control networks on a given week, per InformationWeek’s Kurt Marko. One of the worst Android botnets to date was called Rootstrap; it was reported to have reached 100,000 compromised devices about a year ago. Back in 2009, it wasn’t uncommon to find headlines–in this publication, say–like “Mobile Malware Isn’t So Bad, For Now.

White hat hackers have shown how easy it is to create Android malware. Hacker Georgia Weidman, for instance, illustrated how malware can worm its way into a phone’s modem driver. Oftentimes, the SMS messaging protocol can be used to control the malware, explains IW’s Marko, since SMS is operated by carriers (and therefore harder for security teams to monitor) and because it’s power-efficient: “botnet operators can have a relatively chatty dialog with their slave devices without tipping the owners off that something might be amiss on their phones,” he writes.

One of the most thorough–and frightening–reports on mobile malware came from Damballa Labs back in 2011. Even then, said Damballa, the mobile market had become “as susceptible to criminal breach activity as desktop devices.” This should almost go without saying, but phones’ and tablets’ very mobility can make them doubly scary as potential malware vectors; consider, too, the implications of the “bring your own” trend, where workers prefer to use their personal devices in office settings.

What can you do to protect yourself against this mobile malware scourge? Chinese authorities have said it’s a good idea to look at your data and call logs to see if anything unusual has cropped up. Marko further recommends that you minimize the amount of data you store locally (particularly sensitive documents), encrypt data when you can, and that you use a mobile device management service like AirWatch or Zenprise.

Naturally, be cautious before downloading any app. If you find yourself completely unable to check your app-downloading impulses, then it’s worth noting that the iOS ecosystem has maintained a pretty strong firewall against these problems, due to its “walled garden” approach to its network. That’s not to say that Apple’s track record is spotless here, though; remember the JailbreakMe exploit?

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today
More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.