Bruce Schneier: “the Android platform is where the malware action is”

Where is all the malware action at: : “the Android platform" says BT's Bruce Schneier
Where is all the malware action at: : “the Android platform" says BT's Bruce Schneier

He came to this conclusion when he realized that pretty well anyone can develop and publish an application on the Android Market.

There has been, he says, a 472% increase in Android malware samples since July 2011 and, once you have paid a $25 fee, you can post your apps on the site.

“In addition to an increase in the volume, the attackers continue to become more sophisticated in the malware they write. For instance, in the early spring, we began seeing Android malware that was capable of leveraging one of several platform vulnerabilities that allowed malware to gain root access on the device, in the background, and then install additional packages to the device to extend the functionality of the malware”, he says in his latest security posting.

“Today, just about every piece of malware that is released contains this capability, simply because the vulnerabilities remain prevalent in nearly 90% of Android devices being carried around today”, he added.

As a result of this background, Schneier says he believes that smartphones are going to become the primary platform of attack for cybercriminals in the coming years.

As the phones become more integrated into people's lives, he explained, they are simply going to become the most valuable device for criminals to go after.

Interestingly, the IT security veteran notes that malware on portable devices isn't going to look or act the same way as malware on traditional computers and isn't going to spread from phone to phone.

“I'm more worried about trojans, either on legitimate or illegitimate apps, malware embedded in web pages, fake updates, and so on. A lot of this will involve social engineering the user, but I don't see that as much of a problem”, he asserts.

But, says Schneier, he does see mobile devices as the new target of choice and, as a result worries more about privacy violations, as user’s phones know their owner’s location, as well as who you talk to and – with a recorder – what you say. And when your phone becomes your digital wallet, he added, your phone is going to know a lot more intimate things about you.

All of this, he noted, will be useful to both criminals and marketers, and we're going to see all sorts of illegal and quasi-legal ways both of those groups will go after that information.

What’s Hot on Infosecurity Magazine?