Mobile devices increasingly vulnerable to malware

September 27, 2012

Smartphones and tablets could be the next target for malware developers, after a survey found that 95 percent of mobile devices reach the market with no security features installed.

The recent report from Juniper Research, entitled "Mobile Security Strategies: Threats, Solutions & Market Forecasts 2012-2017" revealed that as more products are snapped up by corporate and personal consumers, the demand for security products will increase. Although security features and data loss prevention software do not come as standard on the majority of devices, users will be aware of potential cybercriminal threats and protect themselves accordingly.

Analysts estimate that 20 percent of mobile devices currently have a third-party security software application, with some vendors including key features such as 'Track the Device' or 'Lock and Wipe' as part of the basic application package. The report also considers that users have become more aware of the risks of identity theft, with stolen smartphones or tablets a prime target for cybercriminals.

Bring your own device
The report highlights the popularity of BYOD policies in the workplace, with the number of employee-owned tablets and smartphones expected to overtake protected company devices. Industry analysts estimate that there will be nearly 350 million devices used by workers in the office or through telecommuting by 2014, another area of concern that they believe should be addressed by the makers and sellers of any personal technology.

"With the increasing popularity of smartphones, mobile threats are on the rise," said Michela Menting, a cyber security analyst. "This has implications for security at the corporate level as well as for individual privacy. The mobile application security market is rife with vendors offering their wares. The priority now for end-users is understanding the issue at hand and finding the right offering that best suits their needs."

With mobile devices now used as entertainment systems as well as for communication purposes, malware can be introduced in a number of ways. In the first six months of 2012, studies conducted by ABI Research said that unique malware variants grew by 2,180 percent, reaching an estimated total of 17,349. Mobile security revenue is projected to be worth $398 million by the end of the year and, to date, it is believed that 130 billion security apps have been downloaded into tablets and smartphones. However, the threat to the mobile world is still very real, and the authors of the report believe that security software needs to be installed at source.

"Bundling mobile security apps along with other managed services will not only provide incremental revenue for the service providers, but will also help them guarantee better customer satisfaction," wrote Nitin Bhas, one of the authors.

Safeguards not being implemented
These latest figures highlighting the vulnerability of mobile devices is also borne out by the U.S. Government Accountability Office's recent Report to Congressional Committees, which suggested that three out of every ten smart phones could be infected with malware.

"Federal agencies and private companies have promoted secure technologies and practices through standards and public-private partnerships," stated the report. "Despite these efforts, safeguards have not been consistently implemented."

According to the report, security incidents connected to phones or tablets grew by 155 percent in 2011, and vulnerabilities increased by 93 percent. Figures show that malware affected 500,000 Android-based phones in the first six months of 2011, while over 40,000 devices became vulnerable to cyber attack in May 2012.

"The IT industry needs to look for the next cyber threat coming from wireless devices," said Gabriel Knight, a spokesperson for IBM. "Although smartphones are the primary targets of malware, they are not alone. The Kindle Fire and other wireless devices fit into the malware criteria for infesting and spreading viruses. The cyber attacks are becoming more prevalent, and anything that connects to the Internet is at risk."

-McAfee Cloud Security