There is a commonly held view that the most vulnerable surface is actually the user’s (aka the consumer’s) desktop or laptop. Very few think about mobile devices, as we are all too ready to believe the marketing message of “safety and security” from every single mobile platform store.
While some platforms might be more restrictive than others, they all convey this kind of sense of security that allows vendors to entice consumers towards the promise land of advanced electronic “whatever helps.” Origin and reputation are often unknown, and in some cases, a reputable endorsement lures in consumers into the unknown.
Lately, we’ve seen a rising number of trojans designed for Android devices targeting banking applications. Disguised in emails, these nasty pieces of malware commonly operate by utilizing all communication facilities available.
According to CheckPoint’s security analysts, the Android trojan HummingBad had infiltrated about 85 million devices by mid-2016. All the while, it clicked advertising banners and generated illegitimate revenue of approximately 300,000 USD a month.
Some Android trojans even managed to get to firmware, which as a result compromises every “factory reset” function. OEM’s implanting their very own spyware and leaving backdoors behind is only another alarming fact.
The availability of IMSI-catcher technology shows how bad it actually is. The vast pace in which the rogue technology evolves is astounding to some and no surprise to others.
The mutual and commercial interests of hardware manufacturers, OS vendors, telecommunication companies and other market stakeholders contributes to the problem. A number of security measures are shared with many manufacturers at early stages of system development, which makes it highly likely that information leaks and system can be compromised at a very early stage of its life cycle.
Secondly, a too rigid approach to security would prevent device data access in the way it is most common today. Market researchers and advertisers today take much advantage on the very laissez-faire handled data security.
We learned that even iOS is not immune to such attacks. But considering only the coverage of Android security issues in the industry’s media speaks volumes.
In my opinion, a few things are worth noting:
- Better monitoring and defense of mobile devices would be helpful.
- Backbone infrastructure security management must remain vigilant and innovative.
- Android users should carefully consider their choice of platform.