On Wednesday, February 27th, Webroot’s Security Intelligence Director (Grayson Milbourne) and Senior Mobile Analyst (Armando Orozco) presented at the RSA Conference in San Francisco. Their topic, Android Malware Exposed – An In-depth Look at its Evolution, is an expansion on their previous year’s presentation, highlighting the severity of Android malware growth. Focusing on the history of operating system releases and the diversity across the market, as well at the threat vectors and behaviors in the evolution of Android malware, the team has established strong predictions for 2013.
In 2012, Android became the dominant mobile operating system (OS), but even with updates released by Google, the market was shown to be very diverse in versions still in use. With 6 different versions of Android still in use in the mobile environment, security is not equal across all phones. And with adoption rates of the newer versions inconsistent, often older OS-powered phones are left vulnerable to attack. The two big recent releases for Android were Ice Cream Sandwich in December 2011 and Jell Bean in July 2012, both bringing a number of security focused improvements designed to keep the users and their data safe.
As a breakdown, here is a security focused breakdown of the numbers relating to the mobile environment.
- 59% agree mobile devices create a high security risk
- 49% think mobile device security is a high priority
- 74% are very concerned with data loss/protection
- 70% are very concerned with mobile malware
- 43% reported lost or stolen devices
- 23% reported malware infected devices
- January 2012 – 13k samples
- January 2013 – 180k samples + 65k PUA
As Android devices continue to rise in popularity in the market, malware focused on the OS will continue to evolve. From SMS phishing to rogue applications, infections in updates to website drive-by’s, there are a slew of threat vectors at the disposal for any group attempting to access to these devices. Working within the holes in Android security, these malicious attacks focus on permissions within the phone’s OS, opening up access to data, settings, and connections.
With it all comes the predictions for the future of Android attacks. While some have been implemented and seen in the market already, the recent year has shown a greater advance in the sheer number of malware attacks on the mobile OS.
SMiShing (SMS-phishing): Consumers continue to get tricked by texts that appear as urgent, legitimate calls-to-action.Ransomware: These Trojans block access to device functionality as a method to exploit users.Premium-SMS Trojans: These profitable Trojans secretly call or text premium numbers.Banking attacks: Expect an increase on banking attacks in the form of man-in-the-middle attacks and capturing SMS messages.Drive-by-downloads: Expect exploit kits to include modules specifically for smart devices.
As always, ensure you are downloading applications from secure sources, have unnecessary open connections turned off when not in use, and a strong protection software installed. Phone security is just as serious as computer security, and it is always advised that users take the necessary steps to prevent themselves from becoming a victim.
For a complete transcript of the RSA Conference presentation, along other security leading blogs, be sure to subscribe to the Webroot Threat Blog and check back daily.