Mobile Security Weekly – Android Threats On The Rise

After focusing heavily on iOS over the past few weeks, this week’s edition brings us back to Android.

By far the most popular mobile platform worldwide, it’s unique ecosystem is key to many of it’s advantages alongside many of it’s shortcomings from a security perspective. The following news items from the past week highlight exactly these issues.

Study Reveals Large Increase in Android Threats, Especially Mobile Payments

A new joint report from Kaspersky Lab and INTERPOL, based on data from over 5 million Android smartphones and tablets between 2013-2014, shows a substantial increase in the number, variety and severity of threats.

The incentive for attackers is obvious: Recent data from IDC indicates that Android holds around 85% of the mobile market, with iOS a distant second. That, together with the fact that the Android platform is also less secure than its rivals due to the existence of 3rd party marketplaces, makes the game of Android malware one with good odds for attackers.

Between August of 2013 and March 2014, the number of attacks per month exploded – from 69,000 per month to almost 650,000. In that same timeframe, the number of users attacked also increased rapidly, from 35,000 to 242,000. Russia, India, Kazakhstan, Vietnam, Ukraine, and Germany were the countries with the largest numbers of reported attacks. It’s worth noting that almost 60% of malware detections are related to some form of theft.

Why is this Significant?

This report should serve as a wake-up call for enterprises, banks, and mobile users that are growing increasingly reliant on mobile devices.  As Google Wallet and Apple Pay slowly enter the market, securing both the services as well as the devices themselves has to be a top priority.

Google and Apple Encryption Policies Raise Questions Regarding User Privacy

The changes that both Google and Apple have made to their mobile OSs (Android and iOS) that automatically encrypt the data on users’ devices have been receiving a lot of positive feedback from security and privacy communities. However, the law enforcement and political worlds are claiming that is an inherently negative step.

Apple’s new system automatically enables disk encryption once the user sets a passcode on an iPhone, and Google’s new system for Android is similar. Users now have better protection with less effort on their end. The changes to iOS and Android mean that devices running the most recent OS versions of the operating systems are protected by encryption, and can’t be decrypted by Apple or Google. Neither Apple nor Google will possess the decryption keys, so even in the case of a warrant – they’ll have nothing to hand over.

Why is this Significant?

We can’t really deny the fact that this issue will make smartphones even better havens for criminal data and potentially harm criminal investigations. Looking at it from an enterprises perspective is slightly different. Encryption is an important part of keeping company data safe, but will do nothing to protect a device from getting infected in the first place. Experience teaches us that threat actors will eventually find a way to bypass these controls rather than just give up.

Several Popular Android Apps Discovered to Have Malicious Twins

Researchers have discovered several new apps that have been cloned and have malicious versions of the app being distributed via various methods online. This is of course not an especially new method of attack (and has been in the news recently), but new apps are always worth paying attention to.

The apps in question are QuickPic, iNoty, and Bluelight Filter for Eye Care. An interesting point, is that the apps will install and function normally, but have malicious code hiding inside (unlike others that may just have an innocent icon but will reveal themselves to be malicious once installed).

The malicious versions aren’t being downloaded from the official Google Play store. These three are being hosted on cloud-based file sharing service Baidu Cloud (in the past, others were posted on 3rd party marketplaces). The malicious code seems to focus mainly on monitoring incoming SMS messages – something that can be used for fraud, theft and other forms of social engineering.

Why is this Significant?

This serves as a warning both for users of these specific apps as well as those who don’t. Google’s Play store may be relatively safe, but as long as Android apps aren’t exclusive to one store, all users should be careful when downloading a new app and pay attention to links, references and unusual device behavior.