We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

David Zax

A View from David Zax

Earworms: The Rise of Mobile Malware

Is your phone the next great malware vector?

  • January 21, 2013

Stoking worries that smartphones and tablets represent the next frontier for malware, security researchers have discovered a vast botnet on over a million devices in China. The Chinese news agency Xinhua and the BBC report that the botnet makes it so that smartphones can be hijacked remotely, potentially for denial-of-service attacks or other malevolent purposes.

Android devices are reportedly more vulnerable than Apple’s devices, due to the openness of the Android Marketplace. Malware typically finds its way onto an unsuspecting user’s phone or tablet via an app download. Android dominates the Chinese market, which is showing explosive growth; China has almost half a billion mobile users (420 million, more precisely) per the China Internet Network Information Center.

Mobile malware is not anything new, but the scope of the threat reported here appears to be unprecedented in mobile. As recently as September of 2011, it was big news to find 20,000 Android devices communicating with known criminal command and control networks on a given week, per InformationWeek’s Kurt Marko. One of the worst Android botnets to date was called Rootstrap; it was reported to have reached 100,000 compromised devices about a year ago. Back in 2009, it wasn’t uncommon to find headlines–in this publication, say–like “Mobile Malware Isn’t So Bad, For Now.

White hat hackers have shown how easy it is to create Android malware. Hacker Georgia Weidman, for instance, illustrated how malware can worm its way into a phone’s modem driver. Oftentimes, the SMS messaging protocol can be used to control the malware, explains IW’s Marko, since SMS is operated by carriers (and therefore harder for security teams to monitor) and because it’s power-efficient: “botnet operators can have a relatively chatty dialog with their slave devices without tipping the owners off that something might be amiss on their phones,” he writes.

One of the most thorough–and frightening–reports on mobile malware came from Damballa Labs back in 2011. Even then, said Damballa, the mobile market had become “as susceptible to criminal breach activity as desktop devices.” This should almost go without saying, but phones’ and tablets’ very mobility can make them doubly scary as potential malware vectors; consider, too, the implications of the “bring your own” trend, where workers prefer to use their personal devices in office settings.

What can you do to protect yourself against this mobile malware scourge? Chinese authorities have said it’s a good idea to look at your data and call logs to see if anything unusual has cropped up. Marko further recommends that you minimize the amount of data you store locally (particularly sensitive documents), encrypt data when you can, and that you use a mobile device management service like AirWatch or Zenprise.

Naturally, be cautious before downloading any app. If you find yourself completely unable to check your app-downloading impulses, then it’s worth noting that the iOS ecosystem has maintained a pretty strong firewall against these problems, due to its “walled garden” approach to its network. That’s not to say that Apple’s track record is spotless here, though; remember the JailbreakMe exploit?

Want to go ad free? No ad blockers needed.

Become an Insider
Already an Insider? Log in.

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.