Will 2011 Be the Year of Mobile Malware? 111
alphadogg writes "Perhaps one of the most common predictions of the last six years has been that mobile malicious software will suddenly proliferate, driven by widespread adoption of smartphones with advanced OSes. None of those prognostications has really come to fruition, but it's likely that the coming year will bring a host of new malicious applications. Users — while generally aware of threats aimed at their desktop computers and laptops — have a good chance of being caught flat-footed with their mobile phones. In the third quarter of this year, up to 80 million smartphones were sold around the world, which accounted for about 20 percent of the total number of mobile phones sold, according to statistics published last month by analyst firm Gartner. Experts say the threats against those devices are going to come in several categories, including rogue applications. In September, researchers from security vendor Fortinet discovered a mobile component for Zeus, a notorious piece of banking malware that steals account credentials. The mobile component, which targeted Symbian Series 60 devices or BlackBerrys, intercepted one-time passcodes used to verify transactions."
Nope (Score:1)
Re: (Score:2)
No, it won't.
This. Anytime you spot the formula "Will 'x' be the Year of 'y'" - particularly on slashdot - the answer is ALWAYS no. I think it has to do with that particular phrasing. Nobody ever seems to ask 'Will 2011 be the Year of 365 days' or something similar. It's always outlandish...
Re: (Score:1)
Will 2011 be the year Windows kills off OSX and Linux and Microsoft takes control of the mobile market? Oh, the 2nd prompts the original suggestion: year of mobile malware.....
Re: (Score:1)
Current_year = n
Year_of_Linux_Desktop = N+1
By this reasoning, we are only 1 year away! I can already see everyone I know switching their PIII computers from XP to Debian or Gentoo!
Re: (Score:2)
2011 will be the Two thousand eleventh Year of the Common Era/Anno Domini.
Re: (Score:2)
Re:Nope (Score:4, Insightful)
No, but X will be the year of poorly written and poorly researched trade magazine articles about Y.
Re: (Score:2)
With bad things, a year of the "foo" can happen, such as (IIRC) 2000 when the E-mail based worms slammed Windows networks, or 1994 when USENET was hit by the spam heard around the world. Those are times when the first salvo is fired starting the conflict in earnest (1994 when the spammers and cancelbots started, and 2000 when malware went from "just" the pirate scene to being able to wind up on anybody's desktop anywhere.)
Right now, malware is relatively rare on phones. However, there are things which are
Re: (Score:2)
This. Anytime you spot the formula "Will 'x' be the Year of 'y'" - particularly on slashdot - the answer is ALWAYS no. I think it has to do with that particular phrasing. Nobody ever seems to ask 'Will 2011 be the Year of 365 days' or something similar. It's always outlandish...
Another tell is any time you spot reference to Gartner, you can pretty much stop reading.
Its a race between Gartner and JD Power and Asshats to see who can provide the best cooked analysis and micro-category awards that money can buy.
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
... because it will be the Year of the Linux Desktop (tm)(r)(c)!
In first (Score:2)
Re: (Score:2)
<snoot>It's been on MY desktop since 199x! </snoot>
I don't think dual booting counts in the "year of" context. And I say this as a Linux user since 1994, I even have the Yddrasil plug-and-play CD to prove it. ;-)
Re: (Score:1)
Not only that, but 2012 will be the Year of the Linux Desktop also. And that is not a contradiction
It is the year of the Linux desktop.
It has always been the year of the Linux desktop.
Yes it will. (Score:3)
But not for the reasons given. If you go to light in a box and browse all the android 2.1 pads for sale, all of them warn you not to attempt to re-install or change the OS. this warning is not given for some propriatary reason but simply because there is no assure path to a perfectly safe re-install of the android software and drivers.
Thus there are going to ba a gazillion android pads walking around that cannot be patched. It's a safe bet there are security holes to be discovered in this. Once that hap
Re: (Score:2)
Wrong.
The warning about re-install has nothing to do with an "assured path to perfectly re-install".
It has everything to do with carrier lock downs, and to a lesser extent with manufacturer locked downs.
As for their inability to be patched, that too is FUD. They can and do receive OTA or wifi system upgrades and patches as needed.
Check your zipper. Your Apple Fanboy is showing.
Re: (Score:2)
He does have a point though -- Some Android device makers tend to be lazy when making updates available for their platform, so compared to advertising a device that hasn't shipped, fixing holes on already sold equipment is quite low on their priority list.
The ironic thing -- Android's update mechanism is standalone. When the updates do arrive, they are either already pushed to the device, or easily downloaded via OTA. Contrast this to iOS devices which must be updated via iTunes.
Backing down from an updat
None have come to fruition? (Score:2)
Oh I can think of a couple [tomshardware.com]
Albeit, Jailbroken iPhones are less Secure than... umm... whats the term for that? Non-jailbroken? Jailfixed? StillJailed? Anyways.
Point is that some people have started writing malicious software for phones, its becoming glaringly obvious.
What we don't have is people focused on finding, removing, and spouting a product yet like Norton/McAffee/AVG/whatever.
Who is to say a lot of phones are infected but no one yet knows. I bet most users, if their email was compromised, would assume
Re: (Score:3)
What we don't have is people focused on finding, removing, and spouting a product yet like Norton/McAffee/AVG/whatever.
Go wash your mouth out with soap, right now!
Can you imagine how god-awful slow people's phones will become after installing Norton Mobile 2011? And I bet the 'uninstall' process involves reflashing the device, too.
Please no, for the love of all smartphones everywhere, please DO NOT speak this 'solution' out loud where others might hear it. If you speak it's name you give it power, after all...
Re: (Score:2)
When I sync the phone, my contacts and apps, etc. - get backed up. Worst case scenario, I do a reset-to-factory, then retrieve the backup of my contacts and emails, the apps get downloaded and installed again.
(of course this assumes the user knows they have malware in the first place)
Re: (Score:3)
Since when did marketers ever care about whether you actually need whatever product they're hawking?
Windows has already trained most of the public to perceive virus scanners as essential system tools.
Re: (Score:2)
And I bet the 'uninstall' process involves reflashing the device, too.
I applaud your optimism but I suspect the uninstall process may require a good-sized hammer.
Re: (Score:2)
And I bet the 'uninstall' process involves reflashing the device, too.
Utter nonsense. Nothing short of cracking the case and soldering in a JTAG interface will remove that spawn of Satan.
Re:None have come to fruition? (Score:5, Informative)
What we don't have is people focused on finding, removing, and spouting a product yet like Norton/McAffee/AVG/whatever.
Oh we [f-secure.com] don't [smobilesystems.com], do [avg.com] we [norton.com]?
Re: (Score:2)
I sit corrected.
Re: (Score:2)
What we don't have is people focused on finding, removing, and spouting a product yet like Norton/McAffee/AVG/whatever.
Oh we [f-secure.com] don't [smobilesystems.com], do [avg.com] we [norton.com]?
If Viruses did not exist, it would be necessary for AV companies to create them.
The Joker exists because of Bat Man. Bat Man exists because of the crime in Gotham. Both Bat Man and The Joker can use their resources to fight or cause crime.
Darth Vader exists because of the Jedi, the Jedi Order exists because of crime in the Universe. The Force can be used for good and evil.
It's a Yen & Yang sort of thing. Good and Evil are relative terms, subject to interpretation.
Crackers exist because of Hackers. AV
Re: (Score:3)
All sarcasm aside if GP is referring to the incident I'm thinking of that was only because people never changed the root password after jailbreaking. More recently with the iOS PDF exploit tools to help users protect themselves were available to jailbroken users [ithinkdiff.com] 3 days after it was widely known (release of Jailbreakme.com which used the exploit). "Jailed" devices had to wait for a fix from Apple which came 10 days after. This is still a good response time and should not be taken as a bash on Apple, it do
Maybe it might could (Score:4, Insightful)
It is possible that 2011 might be a year in which there could be some unspecified increase in what could loosely be termed malware that might be targeted in whole or in part to infect certain devices that might be considered mobile devices under certain definitions of mobile or device.
If you feel you have to lead off with a statement that your prediction is essentially the same one you've been making for the past six years and it has yet come true, maybe you should leave off setting a deadline for the thing.
Re: (Score:2, Funny)
"If you feel you have to lead off with a statement that your prediction is essentially the same one you've been making for the past six years and it has yet come true, maybe you should leave off setting a deadline for the thing."
2011 is going to be the Year of the Linux Desktop.
Re: (Score:2)
It is possible that 2011 might be a year in which there could be some unspecified increase in what could loosely be termed malware that might be targeted in whole or in part to infect certain devices that might be considered mobile devices under certain definitions of mobile or device.
Also: TERRORISTS!
... er, ooga booga.
Not really (Score:3, Insightful)
Re: (Score:3)
The first two are irrelevant.
The remaining points can all be made irrelevant by the website that will jailbreak your iPhone using a PDF, all you have to do is swipe.
Clearly there are some exploits you can hide to open up someone's Phone.
Re: (Score:2)
Re: (Score:2)
LoB
Re:Not really (Score:5, Interesting)
Mobile phones (OS) don't have any form of autorun
So?
You cannot run .exe/.cmd/.com/.lnk attachment from e-mail
Correct. On the iPhone, you just had to visit a *website*, ffs.
Seriously, this statement is beyond short-sighted. It's one zero-day vulnerability from being completely false.
A lot of users still ... don't ever install a single extra app
Again, who cares? All you need is a hole in one of the stock apps, and voila, users are hosed. Moreover, given how slow mobile phone operators are in updating the OSes on their network (the Android situation being the most obvious), a vulnerability like that could be a) near universal, and b) very slow to close.
Unless Apple/Google becomes careless it's hard to believe that malware authors can (frequently) penetrate their app stores
See above. This point is, well, pointless.
There is still some variety: iPhoneOS/Android/RIM/W7 so malware writers can hardly target all platforms at once - so outbreaks are hardly possible
Please... you need only target one of those platforms to hit millions and millions of people. That's by far lucrative enough to make it worthwhile.
Frankly, I think the only reason you haven't seen this yet is because most malware is directed at turning a machine into a zombie, something for which a mobile device isn't that useful. But the minute someone can, for example, break an iOS device or Android device and start snarfing passwords, it'll become a far more interesting target.
Re: (Score:2)
you haven't seen this yet is because most malware is directed at turning a machine into a zombie
I admit to not reading the article, but this is my concern here. Is mobile malware the same definition?
I have an android phone. Permissions are such I can tell if an app wants "unneeded" permissions in some cases. An (offline, single player) game that needs no permissions, or maybe wants to have "disk access" (save a little game state) sounds safe.
On the other hand, certain apps (gmail, you name it) need lots of
Re: (Score:2)
Re: (Score:2)
some do have autorun, some have autorun that's hard to setup, some autorun that's simple to setup, some autorun that needs crypto keys to use. some however do have autorun that you _want_ to use that relies on a exploit on the phone.
however.. "2003 is going to be the year of the mobile malware, 2004 is going to be the year of the mobile malware, 2005 is going to be the year of mobile malware...", as long as I've been in the industry, the next year has always been that, the year of the malware. why? because
Re: (Score:1)
The rest begin like yours. Zing!
Yea (Score:2)
I doubt this is going to be a repeat of Windows, where a combination of massive marketshare and blatant negligence on the part of Microsoft led to an epidemic of worms.
But, there's also a very real threat, even on systems like iOS where users and even Apple assume that they have control of the platform, hackers prove them wrong constantly.
For instance a month or 2 back, jailbreakers were able to just visit a website through mobile safari and execute one exploit after another to compromise the entire system
Re: (Score:2)
For instance a month or 2 back, jailbreakers were able to just visit a website through mobile safari and execute one exploit after another to compromise the entire system and install unapproved software like Cydia. That's a rare alignment of exploits, but who can really say it won't happen again via a malicious attacker?
The most amusing part of that was walking through the local Apple store and noticing Cydia on one of the iphones. Checked the rest of them and realized someone had gone around and jailbroken every iphone in the store, I got a good laugh out of that.
Isnt that now? (Score:2)
I seem to recall a similar prognoses at the end of last year. Seems not to have happened. I suspect the trend will continue.
Re: (Score:2)
Quit doing it wrong. I had a storm for a year and a half and aside from the time it took to perform routine software updates it was hassle-free as a phone, media player, and everything else.
Are you suggesting that... (Score:3, Funny)
Re: (Score:1)
Re: (Score:2)
God forgive him, for he knows not what he says.
Glad my phone is dumb (Score:1)
Re: (Score:1)
Your phone sends and receives data which it to some extent manipulates. While unlikely that you'll ever have any problem, don't think yourself safe ;)
Re: (Score:2)
My HP-45 calculator has a 10 digit LED display, you insensitive clod!
2011 will be the year of.... (Score:2)
... rampant blogosphere speculation about everything. Just like the year before it.
year of...
Year Of...
YEAR OF!!!!
Holy crap, get over it! Stuff will happen next year. Some of that stuff will be expected. Of that expected stuff, some will live live up to expectations while the other will not. And there will be surprises!
Symbians (Score:2)
So that thing can be used for banking too? Huh, I'll tell my wife....
Re: (Score:1)
There's a substantial penalty for early withdrawal, though.
That's not really a problem (Score:2)
It doesn't really matter since passwords are already the weakest link in online security [slashdot.org].
It's about 2-factor authentication... (Score:4, Interesting)
It doesn't really matter since passwords are already the weakest link in online security [slashdot.org].
It's not that type of password. You are already logged in to your banking site using username and password. Then you decide to send money to someone, and one of the ways of doing 2-factor authentication available to you is to have the bank send you a 1-time password by SMS, which you then type into the computer. The one-time password is bound to the specific transaction you were requesting, and the sms contains some information about the transaction (like the destination account number and amount), so if the account number or amount is not what you wanted you know something is wrong.
So unless the bad guys have malware on your phone AND on your pc, they can't steal your money.
Of course, this is in europe. In the US two-factor authentication means password+"what is your mother's maiden name". And no, this is not a random anti-american rant. Most US banks still do not have 2-factor authentication, while all that I know of in europe do, in some form or another. Also, a security guy from a US bank I spoke to at a conference told me they don't do two factor authentication because users don't want to remember more passwords (thus proving he does not understand what is 2-factor authentication). Also, he said that when you want to do something "suspicious" like sending money to a new destination, they start to ask you security questions (like "what is your mother's maiden name").
Re: (Score:2)
Unless you're doing your banking from your Internet-enabled smart-phone...
Of course not. (Score:2)
2011 is the year of Linux on netbooks. Or was that desktops. Anyway, I'm sure its a year of something linux related...
Re: (Score:2)
That sounds like 2010 to me. And 2009. And maybe a bit earlier...
Already happening! (Score:4, Insightful)
Our apps are already watching us [wsj.com] beyond what we've authorized. How is that not malware?
So the big question is (Score:1)
How can I install a firewall and AV software on my iPhone 3gs ?
I've unlocked and jailbroken it so I can customize it MY way and use it on the carrier of MY choice but I really want more than just a wink and a promise from Apple that I'm safe.
will Windows Phone 7 be _that_ popular in 2011 (Score:2)
it is possible but it is not like the market of Windows PCs has shrunken significantly so there's plenty to continue feeding on there as opposed to trying to attack low resource embedded devices like phones.
LoB
Re: (Score:2)
regarding the Vista comment, FYI, Microsoft is always trying to convince people that their products aren't really all that bad.
LoB
Re: (Score:2)
Bullshit alert:
Windows Mobile (PocketPC) malware (Trojans, specifically) have nothing at all to do with Windows Phone 7. The application runtimes are completely different, and application sideloading is very limited on WP7 anyhow (which I personally dislike, but which nonetheless makes Trojans rather difficult to spread). There was definitely malware for WinMo, but that's a dying platform. Besides, any OS that allows users to install/run arbitrary software will have Trojans; it's happened to every significa
Re: (Score:2)
It really was a dumb article considering how many iPhone,Androids and Blackberrys have already been shipped. The only thing very new for 2011 is Windows Phone 7. Time will tell.
LoB
Not without a monoculture. (Score:2)
Malware is profitable when it can infect a huge number of systems. Without a monoculture of mobile operating systems malware isn't profitable enough to develop.
Re: (Score:2)
but... (Score:1)
didn't they ask us this last year? This question feels awfully familiar...
Re: (Score:2)
Isn't 2011 the year of the Linux desktop? (Score:2)
I feel confused. Hey, if you're at it make it the year of reading too.
Driven by smartphones with not-advanced OS' (Score:2)
Advanced operating systems are maintained in such a way that they don't run malware, for example, they are updated automatically so regularly that there is a disincentive to create malware, same as you get rid of graffiti with a regimen of immediately painting it over. Mac OS and iOS, for example. It's the not-advanced operating systems which are easy targets, graffiti magnets.
On Symbian malware/exploits (Score:2)
I've used Nokias exclusively for the last 6 years. S60 2nd edition allowed you to install any apps from anywhere, and there were quite a few trojans and other apps written for it, around 2004-05. .SIS file) and then install it.
S60 3rd edition made it harder to do so by requiring all apps to be signed by Symbian, and earlier they only gave out certificates to companies rather than individuals. Nevertheless, there were (are) ways to self sign an install package (a
Even then - the phone warns you that the appli
Security sw peddlers are becoming desperate (Score:2)
Symbian (Score:2)
...had malware years ago, but they introduced measures to stamp them out. This was the move from Symbian 7 to Symbian 8. IINM, this was the reason for the introduction of capabilities.
Re: (Score:1)
Re: (Score:2, Insightful)
Re: (Score:2)
Its not about losing work to a systems crash or phone splash down in the toilet bowl.
Its about content being stolen by malware.
Re: (Score:3)
"...and passwords for your bank, online stores, Google (Docs (where you're writing your half-finished novel))..."
That sort of fuckup could be regarded as "LARTing by events". I don't leave passwords or important work on my phone. Ever.
Re: (Score:2)
I don't leave passwords or important work on my phone. Ever.
Well you will. So get used to it.
Probably they will be in an encrypted password vault, dozens of which are available for Android or iPhone.
Your credit cards will be moving to the phone. Tap to pay terminals are springing up everywhere. Near Field Communication chips are being introduced into cell phones. They are already HUGE in Japan.
You will still need to password enable payment, but you won't be carrying a wallet full of risky credit cards in the future.
And those digital car keys? The rush to push bu
Re: (Score:2)
"Well you will. So get used to it."
Asserted conclusions /= proof.
"Probably they will be in an encrypted password vault, dozens of which are available for Android or iPhone."
Mine will be unused.
"Your credit cards will be moving to the phone. Tap to pay terminals are springing up everywhere. Near Field Communication chips are being introduced into cell phones. They are already HUGE in Japan."
I give a shit what is HUGE in Japan?
"You will still need to password enable payment, but you won't be carrying a wallet
Re: (Score:2)
I know sales
DIE (Score:5, Funny)
Re: (Score:2)
Yes, in fact we do. We also know how hard everyone else in your contact list worked on their Angry Birds scores. And we're selling it for big money soon.
Just kidding here, but that's my real concern with this.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
I just installed Hero of Sparta, non-market place game for free. I swear, that's the last non-market place app I'll install on my phone.
Why, did it change your restaurant finding apps to only show "Hell" as an option for dining? ;)