But iOS users aren’t immune ….
By James DeRuvo (doddleNEWS)
Recent reports are that mobile smartphone security breaches are on the rise in both Android and iOS devices. Android devices took the brunt of the exploits as security firm Kaspersky reported that during the second quarter of 2012, 14,900 new malicious programs targeted the Android platform. And what’s even more concerning is that more than half of the exploits were Trojan horses designed to steal data from smartphones and install additional exploits from within. But iOS hasn’t gotten off scott free either….
“Judging from existing trends, we should expect that cyber-criminals will soon shift to more personalized attacks. This is primarily about malware hunting for confidential data with which to steal money from users’ credit cards.” – Kaspersky
Kaspersky says that a quarter of the trojans are designed to send SMS text messages which charge money to a user’s credit card account that is linked to their cellphone. SMS Text messages became a popular way to donate money to disaster relief organizations, and this seems to ride piggy back on top of that.
And the exploit has also been found to be establishing a beach head on iOS devices as well, as an iOS security “researcher” by the name of pod2g, published the results of his study that iOS has a vulnerability in it that it intercepts SMS text messages and spoofs the return phone number without the user knowledge. If they respond to the text, the sensitive data can easily be intercepted.
“One of these options enables the user to change the reply address of the text. If the destination mobile is compatible with it, and if the receiver tries to answer to the text, he will not respond to the original number, but to the specified one.” – Pod2G report
This exploit comes fresh off the heals of another security flaw that was found in Apple’s iCloud support capability that would allow cyber-criminals to socially engineer entry into a user account and take it over. The same exploit also affected Amazon. Both companies have sense plugged those holes with revised security procedures in tech support situations.
Android users also have an issue with 1 in 5 exploits that can seize complete control over an infected device. The Trojan can then use key loggers and phone home utilities to upload sensitive bank information to the bad guys when users try to make in app purchases or buy new apps that interest them.
“In the near future, we expect not only more malware, but more effective and dangerous malware targeting Android. Judging from existing trends, we should expect that cyber-criminals will soon shift to more personalized attacks. This is primarily about malware hunting for confidential data with which to steal money from users’ credit cards”, said Yuri Namestnikov, Senior Malware Analyst at Kaspersky Lab.
Now while there may be an exploit that has been identified, Apple has the advantage in that their app system is closed and approvals are required from the single portal (unless, of course, a user jailbreaks their iOS device and gets their apps from Cydia). Google has also instituted an approval process, but the Android portal is more open source with multiple App stores that include Google Play, Amazon’s Android Store, and a host of third party app stores that can easily be co-opted. As such, Android users are far more likely to get infected – even through a suspect app on the Google App Store – than iOS users will be. But still, users are advised to be sure they understand the permissions they grant if they choose to install an app before they actually install it.