Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

5% of iPhones/Android handsets to be infected in next 12 months

The situation, says Mickey Boodaei, CEO of the firm, is not helped by the fact that the Google Android security architecture is not currently up to the challenge.

The bad news, he explained, is that fraudsters have all the tools they need to effectively turn mobile malware into the biggest customer security problem we've ever seen.

They are, however, lacking just one thing - customer adoption. The number of users who bank online from their mobile devices is still relatively low.

"Additionally, transactions are not yet enabled for mobile devices on many banks' websites. Since online fraud is mostly a big numbers game, attacking mobile bankers is not yet an effective fraud operation", he says in his latest security blog.

"But [you can] expect a change. In a year from now this is all going to look completely different as more users start banking from their mobile phone and fraudsters release their heavy guns", he adds.

The lack of an effective security architecture Android is singled out in Boodaei's electronic wrath, which he says makes it easy for fraudsters to generate powerful fraudulent applications and distribute these applications.

Fraudsters, he asserts, can easily build applications that have access to sensitive operating system resources such as text messages, voice, web traffic, and much more.

"Users installing these applications do get a message with a list of resources the app is requesting access to but would usually ignore it as many applications request access to an extensive list of resources", he says.

"Most of the malicious applications which hit Android are not financial. However, in May this year we've seen the Man in the Mobile (MitMo) malware - which has previously attacked Symbian, Blackberry, and Windows phones - being ported to Android as well," he adds.

And the Apple iOS platform notes Boodaei, is also not as safe as people think, as a jailbroken iOS device does not enforce access control - as seen on the iTunes app portal - and allows any application to do whatever it likes on the device.

Unfortunately, he says, many users jailbreak their devices as they want to run all sorts of applications that are not on the iTunes app store.

"But what's more unfortunate is that vulnerabilities in iOS could allow malicious websites to jailbreak a device and infect it with malware without the user's consent or knowledge", he says.

According to Boodaei, 50% of mobile handsets in the US are now smartphones, with 38% of users accessing banking applications on their handset.

Fraudsters, he says, are researching iOS and Android for vulnerabilities, and they now have effective exploit kits which can automate the process.

"In my opinion, this all leads to one conclusion - we are about to face one of the worse security problems ever and it won't be long before we do", he says.

Against this backdrop, the Trusteer CEO recommends that users should check the rating, user reviews, and comments for each mobile application they download and avoid low rated and/or new applications.

Users should also carefully review the permission requested by Android applications when they install them and - for all smartphone users - owners should regularly install updates for their mobile device


What’s Hot on Infosecurity Magazine?