Hayter, who is currently working on developing a testing program for mobile malware at ICSA Labs, said evaluating mobile malware is especially difficult because of the multiple mobile platforms and the dearth of available malware samples for analysis.
Mobile malware, says the ICSA program manager, is geographically centered at the moment, primarily targeting headsets in Northern Europe and Southeast Asia, with most – at this juncture -- affecting the Symbian mobile operating system.
In addition, the security gaps exist in both the operating systems themselves, and the applications they run, said Hayter.
Gathering and analyzing mobile malware samples is a tall order at present, Hayter contended. “There is very little malware that actually crosses the line between the mobile device and the PC”, he said. Few examples do exist, such as Comwarrior and Bluetooth-related malware.
“There is a lot more talk about [mobile malware] this year, but I’m not sure the treat has changed any”, he continued. “However, with the explosion of smart devices, such as Android, we can expect to see a bit more happening on this front.” Hayter said this will also include tablet devices, as they gain in popularity.
As for the security engrained in mobile apps, Hayter did not hesitate to offer up criticism of application stores offered by companies like Apple or Google’s Android. “I’m not sure that they are doing a whole lot here”, he declared. “They leave it up to the end users to do their quality assurance testing for them.”
He said these app stores lack a sufficient method for testing the security of the apps they offer, and simply wait for the user to get infected – and then provide feedback – before taking action.
Hayter predicted that the surge of mobile malware would not likely happen this year, but as the Android operating system gains market share, he expects the explosion of malware affecting smartphones and other mobile devices to take place very soon.
“I’m not sure people are aware that their mobile phone is susceptible the way their PC is”, Hayter lamented. “This smart device they have in their hands now is a whole lot more than a phone, and it has a whole lot more computing power then they expect.” Education about this simple fact, says the ICSA researcher, is the key to turning around this attitude among the smartphone user base.
“You have a huge education opportunity with the mobile community, to let them know that it’s more than just a phone. It’s an intelligent computing device, and it’s susceptible to threats in the future.”