Mobile malware report predicts tough times ahead for smartphone users

According to Luis Corrons, technical director with Panda Security, which assisted in the report, enhancing the security of cellphones - using anti-malware, data protection, management and security audit functions - is a major challenge for any security department.

"We must tackle this threat as soon as possible in order to help protect users' information and businesses. Even though cellphone malware is not a priority for cybercriminals yet, we are starting to see the first major attacks on these platforms", he said.

Against this backdrop, Corrons predicts that the next few months will see significant growth in cellphone attacks, especially on Google's Android operating system.

Over at S21sec, David Barroso, the firm's director of electronic crime and another member of the CNCCS, said that security vendors have long warned about the fact that cellphones would overtake PCs as the primary target for cyberattacks.

"2010 has showed the first signs of that. We believe 2011 will really mark a turning point in this field", he said.

Infosecurity notes the report has some considerable depth, including a detailed history of malware on smartphone, and concluding that, from a purely physical point of view, smartphones feel like very personal devices.

"You carry them around with you and control their operation, which can make you believe they are less accessible to intruders. This false sense of security, combined with phones often linking to personal email applications, social networks and multimedia content, can lead to private and confidential information being stored, sometimes inadvertently", says the study.

This false sense of security, the report adds, can sometimes make users overlook basic precautions such as changing default device security settings.

On the predictions front, the report says that the days of proof-of-concept mobile malware have long gone. Nowadays, it points out, mobile malware is much more often designed for financial gain.

"As predicted by many forecasts made over the past few years, cybercrime is expected to extend to other platforms, either to look for additional propagation and monetisation channels, reinforce its infrastructure or simply attack the second authentication factor (mobiles) used by online banking services", says the report.

As recently seen with the Zeus-Mitmo trojan, the modus operandi adopted by cybercriminals has changed, the study goes on to say.

"The objective is now to multiply the effects of their infections and attacks, affecting as many devices as possible", it adds.

The good news, the report concludes, is that many of the security measures that apply to PCs also apply to smartphones, which means that similar best practices apply.

Users should, says the study, encrypt sensitive information whenever possible using cellular and SMS encryption software, and refrain from storing sensitive information on the mobile.

Remote or automatic deletion of data on the handset should also be used, and users should also monitor their mobiles for unusual events.

On the business front, the report advises firms to take smartphones into account when establishing their corporate security policy. 

What’s hot on Infosecurity Magazine?