Mallorie’s Android phone was acting odd, like it was possessed. The thing had a mind of its own, sending garbled texts and gambling. Ghost? Or hacked?
Obviously, someone had access to her credit card. But how? And what could poor Mallorie do to disable this thief?
Millions of mobile devices get infected. But police officers won’t bother with this. Mallorie cancelled her credit card and deleted the “possessed” apps. Then she crossed her fingers.
How do mobile phones get attacked?
A study showed that 86 percent of Android malware employs “repackaging.” Here’s how it’s done:
- Download an application
- Decompile it.
- Add malware.
- Recompile the app.
- Submit it back into public circulation—after changing its name.
- Someone else downloads this changed-name application, and the malicious payload infects their device.
- A repackaging variation, “updating,” involves adding a code that will tag a malicious payload at a later date.
How can you tell your mobile has been infected?
- It begins behaving oddly. Something is off—sometimes slightly, sometimes blatantly, such as the device is sending your address book to a foreign IP address. Hook your mobile to a WiFi and see where it sends information to.
- Unfamiliar charges on the bill. Malware on a phone will produce unauthorized charges. The device is hooked to an accounting mechanism, making it a snap for thieves to send premium SMS text messages or make in-app purchases—which cost you money.
How can you protect your mobile?
- Keep its software up to date: easy to do on iOS but difficult on Android.
- Some phones cannot be updated; these phones have OS vulnerabilities within them, making them open to attack. Users end up downloading malware which uses this OS vulnerability to infect the device.
Android vs. iOS for security
- iOS beats Android for security against malware.
- Apple placed restrictions on application functionality (e.g., premium SMS messages can’t be sent), which is why Android isn’t as secure against malware as is iOS.
- Another reason: Android’s app review process is not top-notch at screening out bad applications (but it’s improving).
- Both Android and iOS allow your personal data to leak out to ad networks. This isn’t considered malicious since a user may wish this to occur.
Scope of Problem
- The verdict isn’t quite out on this.
- Some say the problem is limited just to third-party app sellers and this can be avoided by going to iOS’s or Google Play’s app store.
- Others believe everybody has a compromised application on their mobile.
- More research is warranted to define scope of problem.
Who should protect the user?
- The app maker? The carrier? Or the operating system provider?
- Nobody has taken this responsibility currently. It’s kind of like a “that’s not my problem you downloaded a malicious app that we didn’t write,” or, “You wanted it; I only delivered it—not my problem.”
- The buck is passed because user protection is expensive.
- It would be great if the app store could provide very in-depth screening for all the types of malicious actions that apps can perform.
- The caveat: This isn’t in the platform provider’s best interest because they want their store to carry a lot of applications.
- Stores want more and more apps, and better ones, and don’t want anything to slow that process down.
- Data can be secured when you communicate via a wireless network with a VPN like Hotspot Shield VPN. All web transactions can be secured via https.
Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Android Apps Infected With A Virus
Are you one off the 33% of all mobile phones running the Android operating system? The official Android Market is run by Google and there are over 150,000 applications with an estimated 3.7 billion downloads. More than 250,000 applications have been downloaded with a malicious virus. The LA Times reports “Google is remotely removing virus-infected Android
- What You Should be Aware of When Using Your Android Device
As we all migrate towards using smartphones and tablets, we need to be aware of the risks associated with them. Most of us know that we need to protect our computers with security software, but we don’t always take that precaution with our mobile devices. In fact nearly 75% of Americans do not use mobile
- Is That Mobile Application Invading My Privacy?
Facebook now offers “Home.” Facebook says “With Home, everything on your phone gets friendlier. From the moment you turn it on, you see a steady stream of friends’ posts and photos. Upfront notifications and quick access to your essentials mean you’ll never miss a moment. And you can keep chatting with friends, even when you’re
- Risky Mobile Applications Plague Users
Once you own a smartphone or tablet, you are not likely to give it up. But it is essential that you can understand where the risks are and steer around them as you enjoy your mobile digital life. With the growth in mobile exploding, it is only natural for cybercriminals to move towards that device as
- Mobile Malware is Here: Beware!
iPhones, Androids and other smartphones are much more than just a way to call our friends and family and store their phone numbers. Today’s smartphones have become our most personal computer and contain much more than pictures and contacts. They now allow us to access financial data, bank accounts, and medical information from anywhere at