Free mobile apps are not 'free' of malware, warns IEEE experts

“The issue with free apps is that you’re paying a price you don’t know about”, said Jeffrey Voas, an IEEE fellow who is also a computer scientist at the National Institute of Standards and Technology.

“Of free mobile applications, approximately 1 in 100 now visibly contain malware – and that doesn’t even account for the ones where the malware is so hidden it’s impossible to spot. This number is growing by the day and with most of these rogue apps offering good functionality for free, it’s easy to be victimized”, he added.

Madjid Merabti, an IEEE senior member and professor at Liverpool John Moores University, said that while the public has been trained to recognize cybersecurity threats associated with their computers, they do not see their smartphones as computers and subject to the same threats.

“Unlike on a PC, where web browsers often give plenty of warning about dodgy websites with warning lights and alerts, the screens on smart phones are too small to display this protection”, Merabti said. “These devices contain identifying information, potentially saved passwords, and authentication details, and are much more likely to be misplaced or stolen than other larger portable computing equipment.”

According to Kevin Curran, a senior member of the IEEE and head of the School of Computing and Intelligence Systems at the University of Ulster, businesses will be the main victims of mobile hacking in 2012.

The number of smartphone users now representing approximately 20% of the mobile market; this growth has led to an explosion in smartphone attacks, both by technical experts and by novices buying tools from dark websites and conducting low-tech but effective scams, he noted.

Curran cautioned against jailbreaking iPhones, which allows users to operate applications from sources other than the Apple Store. “If you jailbreak a phone, you are removing some of the in-built security….It leaves your iPhone vulnerable”, Curran told Infosecurity.

By contrast, any application can run on Android, which significantly increases the risks of getting malware, Curran said. There is also the danger of “fragmentation”, because Android runs on handsets made by different manufacturers and supplied by different carriers. The manufacturers and carriers release security updates at different times. “This is something Android has to address”, he said.

Curran said that a trusted application approach is needed to combat hackers, something he hopes can be in place by 2013. He predicted that the increased number of people hacked via mobile phones in 2012 will motivate the industry and governments to define and implement such a system.

What’s hot on Infosecurity Magazine?