One in 20 Android mobiles and iPhones will be infected by financial malware and Trojans within the next 12 months, according to security company Trusteer.
As smartphones grow in popularity, fraudsters are increasingly researching iOS and Android for vulnerabilities, said Trusteer CEO Mickey Boodaei. Many have effective exploit kits which can automate this process, and carry out large scale operations which compromise websites and force them to distribute malware.
“In my opinion, this all leads to one conclusion – we are about to face one of the worst security problems ever and it won’t be long before we do,” said Boodaei.
While iOS – the operating system that runs on iPhones, iPads, and iPods – is fairly secure, many users choose to ‘jailbreak’ their devices, in order to run applications that are not on the App Store. This makes them much more vulnerable to attack – as the recent Jailbreakme.com hack proved.
“This recent vulnerability is not the first which allows fraudsters to compromise iOS devices and it won’t be the last,” said Boodaei. “Fraudsters will continue to research iOS and discover more vulnerabilities which will allow them to compromise devices and commit fraud. I hope I’m wrong, but a year from now this can become so common that it will not even hit the news.”
Meanwhile, Trusteer reckons that Android’s security architecture is so weak that building a powerful fraudulent Android application that steals and abuses the user’s identity and their bank account details is “almost trivial”. Because the Android Market is by its nature open, distributing malicious applications is relatively easy.
Several malicious applications have already been identified on the Android Market and, although Google removes this malware as quickly as it can, more keep coming. Trusteer claims to have identified malicious applications on the Android Market in the past which have stayed there for weeks before being taken off by Google.
“In order to take down an applications in Google Market we actually had to use contacts within Google which are not available to the average user,” said Boodaei. “The process of identifying and removing malicious applications from the Android Market requires major improvements.”
Trusteer highlights and occasion earlier this year when Man in the Mobile (MitMo) malware was ported onto Android devices. The malware took over the user’s online bank account and injected fraudulent transactions on behalf of the user.
Google parent Alphabet sees market capitalisation surge over $2tn on plan to over first-ever cash…
Google asks Virginia federal court to dismiss case brought by US Justice Department and eight…
Snapchat parent Snap reports user growth, revenues in spite of tough competition, in what may…
Intel shares sag after company shares gloomy revenue predictions, as data centre chip demand hit…
Germany's Tuta Mail says Google broke EU's new DMA rules with March algorithm update that…
US auto safety regulator opens new investigation into adequacy of Tesla Autopilot recall, saying it…