Mobile Malware Report Predicts 'Significant' Uptick in Cellphone Attacks

iPhone and IBM Simon

On the heels of a recent study warning about mobile malware emerging as the new frontier of cyber crime comes another report that discusses the evolution of both smart devices and the threats that target them.

The “Smartphone Malware Report,” by Panda Security and Spain’s National Cyber-Security Advisory Council, follows the historical milestones of mobile devices, starting with IBM Simon, the first smartphone designed in 1992, as well as discusses security issues, threat vectors, and predictions for the future.

Boosting the security of cellphones is a major challenge for any security department,  and the threat must be dealt with as soon as possible to help protect users’ information and businesses, said Luis Corrons, technical director of PandaLabs.

“Even though cellphone malware is not a priority for cyber crooks yet, we are starting to see the first major attacks on these platforms,” he said. “We predict that the next few months will see significant growth in cellphone attacks, especially on Google’s Android operating system.”

Detailing the evolution of the mobile malware, the report discusses how Cabir, the first malicious code for smartphones appeared in 2004. The malware was soon followed by Pbstealer, one of the first binary files that could steal confidential information from cellphones; Ikee.A, the first-ever iPhone worm that changed the wallpaper to an image of Rick Astley; and the more recent malicious application Droid09 that infiltrated the Android Market.

The report also highlights future threat scenarios, including:

  • Cellphones as a new method of payment
  • Online banking applications for cellphones
  • User tracking (using GPS technology)
  • Advanced social-engineering attacks

Unlike the previous generations of cellphones that were vulnerable to local Bluetooth hijacking, the report said, modern smartphones are susceptible to the same risks as PCs.

“New attack vectors will increasingly be exploited by fraudsters as online banking services use these devices as second authentication factors given the current convergence between PCs and cellphones,” the report concluded.


You may also be interested in...

GSA Eyes ‘On-Ramp’ Solicitation for OASIS Small Business IDIQ’s Six Subpools

The General Services Administration has announced plans to issue a solicitation as an on-ramp for the six subpools of the One Acquisition Solution for Integrated Services Small Business contract vehicle. GSA’s Federal Acquisition Service said in a presolicitation notice published Friday that it expects to award 30 contracts for subpool 1, 20 contracts for subpool 3 and eight each for subpools 2, 4, 5B and 6 of the OASIS SB indefinite-delivery/indefinite-quantity contract.

SSL to Design Methane Emission Detection Satellite; Richard White Quoted

Maxar TechnologiesSSL subsidiary has received a contract from Environmental Defense Fund to design and define requirements for a small satellite designed to detect and monitor methane emissions from oil and gas facilities worldwide. MethaneSAT is a small form-factor satellite that will work to provide high-resolution images to help detect and measure low- and high-emission sources in regions that constitute more than 80 percent of global production of oil and gas per week, Maxar said Thursday

Booz Allen’s Sarah St. Clair on Lessons Learned From HR Tech Upgrade Project

Sarah St. Clair, vice president responsible for human resource services at Booz Allen Hamilton, told Diginomica in an interview published Tuesday about the company’s experiences and efforts to address challenges associated with upgrading its HR technology system. St. Clair discussed Booz Allen’s move to execute the Workday project to manage recruitment operations and mentioned some of the actions the company made to mitigate negative impacts associated with project implementation.