Sunday, August 4, 2013

Introduction

As smartphones become more and more popular, and their connectivity and processing power increase, they are attracting more attention from malware writers around the world.

"A big tree attracts the woodsman's axe."
-- English proverb

Computer security experts have predicted since 2009 that viruses (actually "malware", which describes all types of malicious software) will hit smartphones. It appears that 2011 will be the year of smartphone viruses. This hub will go into some detail on how do you get smartphone viruses, what sort of damages can a smartphone virus do, and what you can do to protect yourself.

What Can Happen With a Smartphone Virus / Malware / Trojan

First of all, the proper term is "malware" which describes all sorts of malicious software, not just a virus, or trojan, or logic bomb. Malware describes everything malicious.

Any way, malware can do the following (all are actual cases):

  • Send messages to "premium service" SMS numbers that cost extra money, similar to calling 1-900 or 976 numbers
  • Send your personal information to unknown parties
  • Turn your phone into a part of a botnet so others can execute commands remotely for nefarious purposes, such as spam, DDOS attack, and more.
  • Give others ability to monitor your phone calls and text messages
  • Open you to blackmail, if something embarrassing can be found and sent elsewhere
  • Trick you into entering financial information, such as account number, birth date, and more
  • Even stuff on your PC... if you connect your PC to your smartphone
  • and more...

This is a threat you need to take seriously. And here are some examples.

Android Hacked App Turns Your Phone into a Botnet Zombie

Symantec, a world leader in malware detection and computer security, reports that Android malware is on the rise, and they have just detected a hacked version of the popular "Steamy Window"(February 2011)available through Chinese websites that turns your phone into a botnet zombie. Once your phone had been zombified, hackers can remotely control your phone to:

  • send premium text messages
  • block text messages,
  • add bookmarks,
  • force your browser to visit certain websites
  • and more

iPhone Worm Hacks Jailbroken iPhones into Botnet Zombie

You think only Android phones can be zombified? Sorry, Apple iPhone was first targeted. Symantec reported on this worm in June 2010. If you jailbroke your iPhone, but did not change your default SSH password (easily found on Google) this worm, known as the Ikee Worm, will allow someone to remotely control your phone from afar.


HTC Phone In Europe Was Loaded With Botnet Virus

In March 2010, Panda Research, maker of Panda Anti-virus, found that some HTC phones sold in Spain by Vodafone, was infected with a variant of the Mariposa Botnet. As soon as you connect the phone to a PC, the payload attempts to drop the botnet software onto your PC.

If you do not have an anti-virus on your PC, you may be infected just like that.

iPhones are Vulnerable to Scareware

Intego, the Mac Security Blog, found a Dutch Hacker sending ransomware to iPhones back in November 2009! Technically it's not ransomware, as your phone will work fine. However, this Dutch hacker can remotely scan your phone, reveal your vulnerability, and will send you instructions on how to fix it if you send him $5 Euros. So it's technically scareware, but it's a real threat.

If he can see your phone by remote, what ELSE can he see, one wonders?

Phishing Bank App Steals Account Information

Sophos Internet Security, in January 2010, found that some malware writers were releasing fake bank apps targeting smaller credit unions into Android Marketplace. The clear intent is to steal account information from those customers. Fortunately for the customer she called the credit union for assistance, and the credit union quickly realized they have a phishing scam on their hands, as they do NOT have an Android app!

Stolen Apps Steals Info, Roots Your Phone

Android Police got a tip-off from a reader... There are trojan apps in Android Market that was taken, repackaged with malware droppers, then released into Android Market under a slightly different name. Dozens of such apps were released by this "developer".

The trojan will steal your phone's unique ID and other information, and even execute system-level code through a root-exploit.

This super-trojan has been dubbed "DroidDream", and Google has already pulled all the apps by the developer. Android Police reported that XDA has a special patch that should disable the vulnerability.

iPhone Password Can be Hacked in Six Minutes

Let's say you lost your smartphone. That would be a disaster, as it has all your contact information. If you bank with your phone, even worse! It may have personal information in there!

Okay, you locked it with a password. It's safe, right?

Not quite. Some German researchers broke an iPhone's password (with a computer's help) in six minutes.

Scary, isn't it?

Chinese Phone Tapper/Tracker Arrives as Virus

NetQin Security of China reported that "X Undercover", a cellphone surveillance app that can be spread as an attachment, has infected over 150,000 phones in China. The app can reveal GPS coordinates, turn your 2-way call into 3-way call (i.e. tap your phone call), and more. It is being sold as a way for parents to track their child, boss checking up on subordinates, or jealous husband checking on wife (and vice versa).

Okay, okay, what do I do now?

Did I scare you enough? it is actually not that difficult to secure your phone.

Set a Password or Lock Pattern

While passwords and lock patterns can be hacked, it takes time to hack it. Setting a password will give you time to do some other security measures... such as remote wipe.

Use a Password Manager

LastPass or KeePass can be cross platform and give you security without affecting usability too much. Use a different password for every login would give you far better security.

Do NOT Lend Your Phone to Any One

Someone can install malware into your phone, whether intentionally or not, while it is in their possession. Yes, that includes your children.

Load a Security Package that includes Scan, Phone Tracker and/or Remote Wipe

If you lost your phone, you need to be able to locate it, and/or remotely wipe it clean so nothing from you can be stolen. (And those apps cost $$$, no way around it). Remember, if they have the phone in their possession, they can hack it.

The Security Package should also update itself and scan for malware threats upon every install.

Do NOT Click on Mail Attachments or Links (unless you're sure)

This is same as PC... Do NOT trust attachments or links, even if they appear to be from legitimate sources, unless you are sure.

Do NOT Download / Install Apps from Unknown Sources

By default iPhones only get apps from iTunes Store, and Android only get apps from Android Marketplace. You have to explicitly bypass those restrictions, and that opens you to vulnerability. There are a LOT of pirated stuff out there, promising free apps, but how do you know what are really in those apps?

(ANDROID) Even if it came from legit sources, have some common sense!

Just because it's on Android Marketplace does NOT mean it's automatically safe and legit. Google does NOT inspect all apps.

The fake apps were distributed through Android Marketplace, but they come from unknown developers. Look for reviews and direct links to Android Market or Appbrain instead of downloading sound-alike apps.

(ANDROID) Check those app permissions!

When you install an app on Android, it asks you for certain permissions. When an app asks for more permissions than it should (the fake Steamy Windows app asks permission for "sending and receiving SMS") you should abort the install.

Beware of Abnormal Phone Behavior

  • Does your phone seem far more sluggish than usual?
  • Did you notice strange charges in your phone bill?
  • Does your battery not last as long as before?
  • Does your internet data usage seem much higher than usual?

Make Backups!

Make backup of all information so you can restore them if you have to.


Conclusion

If you do NOT have a security package loaded, you should get one immediately, and set a password on your smartphone. You may not get hit by smartphone malware, but there is no point in taking chances, is there?

For Android, the big names are already on the Scene

  • Norton Mobile Security
  • Lookout Mobile Security
  • AVG / DroidSecurity Pro
  • Webroot Security
  • Trend MicroMobile Security

For iPhone security, please refer to this guide from eSecurity.

Be safe out there.

More On Smartphones

  • The Myth of "Exploding Droid Phone" Now Busted
    On December 3rd, 2010, news spread that a man in Texas, Aron Embry, was wounded by an exploding Droid 2. Quoting the news from the Daily Mail... Aron Embry, 30, from Texas, said he was getting in his car...
  • 7 Weirdest Android Phones of 2011 Volume 1: Most Fun...
    Here are some of the weirdest Android phones of 2011 (and 2010). Did you know that Lamborghini made an Android smartphone? Find out more here.
  • The 7 Weirdest Android Phones of 2010: largest scree...
    Android phones enjoyed a very good 2010. This is the year when it overtook Apple and Blackberry and gathered over 25% of market share, and will soon eclipse Symbian and become the top Smartphone operating...
  • 7 Weirdest Android Devices Ever: Microwave? Espresso...
    Here are the 7 Strangest Android devices (including but NOT limited to phones) that exists... Did you know there is an Android-powered espresso machine? Find out more here.
  • previous What is DigiNotar, SSL, Security Breach, and how does it affect you? What did get hacked? Now what?
    What is DigiNotar, SSL, Security Breach, and how does...
  • next Myth of
    Myth of "Exploding Droid X Phone" Busted: why battery...
Discover More Hubs
  • Internet Protection and Mobile Security On Your Smart Phone
    Internet Protection and Mobile Security On Your Smart Phone
  • Android Soft Keyboard Alternatives: Comparing 51 different (free) input methods from ABC Keyboard to ZetaType for Droid
    Android Soft Keyboard Alternatives: Comparing 51 different (free) input methods...
  • Must-Try Free Tower Defence/Defense games for Motorola Droid (and Android phones) Best Value!
    Must-Try Free Tower Defence/Defense games for Motorola Droid (and Android...
  • BlackBerry Keyboard On An Android Phone?: Enter The Motorola Droid Pro
    BlackBerry Keyboard On An Android Phone?: Enter The Motorola Droid Pro
  • How to delete internet cookies on Droid or Android phones
    How to delete internet cookies on Droid or Android phones
  • How to solve an iframe injection caused by Trojan malware
    How to solve an iframe injection caused by Trojan malware
  • 7 Weirdest Android Phones and Devices of 2011 Volume 5: watches, Walkman, smallest, and more
    7 Weirdest Android Phones and Devices of 2011 Volume 5: watches, Walkman,...
  • More Best Must-Try Free Android Games July 2010 (High end or low end phones)
    More Best Must-Try Free Android Games July 2010 (High end or low end phones)

  • Should You Worry? - Malware Virus Security Concerns iPhone

    www.shouldyouworry.com/malware-virus-security-concerns-iphone-vs...

    Malware Virus Security Concerns iPhone vs. Android Smartphones ... Safety Tips for Smartphone Users: Malware and viruses can ... Always lock your phone. Only ...

  • Smartphone viruses - threats, malwares and cures

    www.phonearena.com/news/Smartphone-viruses---threats-malwares-and...

    With smartphones it's different - a malware can take control of your ... I didn't even know you could get a virus on your phone. ... 10 iPhone and Android apps ...

  • Protect Your Smartphone from Mobile Malware TechHive

    www.techhive.com/.../protect_your_smartphone_from_mobile_malware.html

    That means hackers are increasingly targeting smartphones and their users, ... iPhone owners have only one ... there was a 76 percent rise in Android malware in ...

  • Can my smartphone get a virus? - ABC15 Arizona KNXV-TV

    www.abc15.com/.../consumer/data_doctor/can-my-smartphone-get-a-virus

    ... iPhone and Android users access apps to install on their smartphones, but how and where you get your ... app with malware (also helps if you lose your phone ...

  • Viruses & Malwares can infect Smartphones and mobile devices ...

    james-ong.com/.../76/viruses-malwares-can-infect-smartphones-and...

    Malware can come in the form ... Thats shown by the success of Apples iPhone. Its users are among the first to do ... initially for Android phones only, ...

  • Smartphone malware protection: Six steps for fighting cybercrime

    searchconsumerization.techtarget.com/tip/Smartphone-malware...steps...

    It doesnt matter what kind of smartphone malware protection users have on their ... smartphones, primarily because the Android ... can provide only so ...

  • Smartphone - Wikipedia, the free encyclopedia

    en.wikipedia.org/wiki/SmartphoneHistory Operating systems Features and applications Application stores

    Android iPhone Windows Phone note; ldpi ... HTC and RIM only make smartphones and their worldwide profit shares are at 9% and 7%, ... Malware, Mobile virus, ...

  • Can my Smartphone get a Virus?

    www.datadoctors.com/help/kenscolumns/column.cfm?id=21815

    ... iPhone and Android users access apps to install on their smartphones, but how and where you get your ... app with malware (also helps if you lose your phone ...

  • Can my Smartphone get a Virus?

    www.datadoctors.com/help/kenscolumns/column.cfm?id=21815

    ... iPhone and Android users access apps to install on their smartphones, but how and where you get your ... app with malware (also helps if you lose your phone ...

  • Does your smartphone really need antivirus software? - PC Advisor

    www.pcadvisor.co.uk/...your-smartphone-really-need-antivirus-software

    We constantly hear about the dangers of viruses and malware on smartphones, ... is only a small part of their ... Android vs iPhone vs Windows Phone vs ...

  • How does your mobile malware protection rank? Android and Me

    androidandme.com/2012/03/applications/how-does-your-mobile-malware...

    AV-Test recently inspected 41 different malware detection apps for Android ... its users rather than play on their ... virus protector on my phone. I am smart ...

  • Should You Worry? - Malware Virus Security Concerns iPhone

    www.shouldyouworry.com/malware-virus-security-concerns-iphone-vs...

    Malware Virus Security Concerns iPhone vs. Android Smartphones ... Safety Tips for Smartphone Users: Malware and viruses can ... Always lock your phone. Only ...

  • Viruses & Malwares can infect Smartphones and mobile devices ...

    james-ong.com/.../76/viruses-malwares-can-infect-smartphones...devices

    Malware can come in the form ... Thats shown by the success of Apples iPhone. Its users are among the first to do ... initially for Android phones only, ...

  • Android Viruses

    savedwebhistory.com/k/android-viruses

    do all android viruses /malware come from apps? ... Smart phone malware: ... It's sort of like a Norton Anti- Virus for your Android phone, only it's ...

  • Do Smartphones Get Viruses? - LockerGnome

    www.lockergnome.com/windows/2010/09/20/do-smartphones-get-viruses

    Do Smartphones Get Viruses? ... to get a virus from surfing ... accessible group of smartphone users. One of the side-benefits to only getting applications ...

  • Report: Android Has Become the Ultimate Malware Platform

    www.tomshardware.com/news/android-malware-smartphone-avg-virus...

    Security software company AVG recently released its second quarter threat report. Besides the usual updates on desktop-focused malware, rootkits and malicious ...

  • First Trojan Malware Virus Detected for Android Smartphones ...

    www.technewsdaily.com/932-first-trojan-malware-virus-detected-for...

    Security experts have discovered what they say is the first Trojan malware virus directed at smartphones running Googles Android operating system. Kaspersky Lab ...

  • How secure are Apples iPhone and iPad from malware, really ...

    nakedsecurity.sophos.com/2012/06/29/apple-mobile-device-security

    And what happens if you get malware on your iPhone, ... you can get free anti-virus software for Android from ... How often do Android users get updates to their ...

2 comments:

  1. Android is such a very nice technology for now its very good idea
    to write an article like yours that was very good i have a
    smartphone online store
    i need to write some blogs so i can boost my sales in my online
    store atleast i have a idea now thanks for you.

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete

Subscribe to RSS Feed Follow me on Twitter!