Smartphones and tablets may be the hottest tickets in electronics today, but with that marquee status comes a dark side. Mobile viruses on the rise, and 2010 saw a huge increase in malware on mobile devices, up 46 percent from 2009, says a new threat report from security software maker McAfee.
The increase in mobile malware isn’t unexpected, as smartphones have become more popular in the last year, with smartphones recently passing PCs in sales for the first time ever. Adam Wosotowsky, an engineer at McAfee, says Symbian is the most at-risk mobile platform, though Google Android devices and jailbroken iPhones are popular targets, too.
“I wouldn’t call it unexpected,” he says. “We’ve seen mobile malware growing exponentially year-over-year for a while. It’s much more of a big deal now that smartphones are basically becoming little computers.”
Besides being greater in number, mobile malware is getting more sophisticated, Wosotowsky says. Viruses that infect cell phones typically force the phone to do things like send texts or make calls to specific numbers and at specific times so the malware creator profits. Now that phones are capable of so much more, the viruses that infect them are following suit.
“There are a lot more ways for the criminal enterprise to make money,” he says. “You have the ability to infect the phones and actually build some kind of botnet infrastructure. We have seen indications of ways to start to establish command and control [on phones].”
Seeing “indications” and seeing a virus are two different things, however. Ondrej Vlcek, CTO of Avast, a security software company that gives away its product, says the mobile malware threat, while a problem, isn’t anywhere near as threatening as malware on PCs.
“It’s still relatively small compared to the traditional platforms,” Vlcek says. “Also, the payloads are usually less invasive—sort of like Windows malware ten, fifteen years ago.”
Vlcek is on board with the McAfee report’s conclusions about the vulnerabilities with Adobe products, however. The report says malware developers “heavily” exploited weaknesses in Flash and PDF applications. Flash videos are especially ripe targets, Wosotowsky says, since the application runs code on both the client and server sides.
“Flash is extremely popular and everybody’s using it. That makes it a big target,” he says. “I’m sure Adobe is going to re-architect some of the security that’s associated with it.”