Be a fly on the wall on any Android vs iOS debate and you are bound to hear a fair bit about Android’s malware problem. iOS users and advocates never shy away from pointing out how Android is beset with malicious apps and the ease with which devices can be infected. Yes, they are right. Malware is everywhere and not hard to run into.
That however has not stopped the juggernaut growth of Android. Not only is it the world’s most popular smartphone OS, Android is increasingly being used in embedded systems, for home appliances and in other non-traditional avenues (Android-based treadmills, anyone?). People talk about Android malware in the here and now, but as the domination of the OS increases, the various channels and devices available to hackers, attackers and just plain ne’er-do-wells multiply.
Riddles with malware
Experts believe the proliferation of Google’s OS and its application in various kinds of devices poses a certain threat to home users, businesses and also governments. Stefan Tenase, the Senior Security Researcher at Kaspersky Lab’s Global Research & Analysis (GRAY) Team insists that as more and more devices get Android, the instances of malware will explode and grow exponentially. Tenase attributes the rise of malware to Android’s dominance in the market, but pointed out that having Android everywhere is a scary scenario, based on current malware figures.
“Between 2006 and 2010, we found 1160 instances of Android malware. 2011 was the year that changed the mobile malware world. We found 2137 samples of malware in the month of December alone, beating the total figure of the past five years. In 2012, this figure increased sixfold and in the first half of 2013 alone, we have detected more than 57,000 new malware specifically targeting Android,” Tenase told us in an interview during the launch of the company’s Kaspersky Internet Security – Multi Device (KIS-MD) offering which protects Windows, OS X and Android machines. The multi-device solution will be launched in India this October.
Consider this scenario: You have an Android smartphone and maybe even a 2013 Nexus 7. But what about the new TV you want to buy? Will you be tempted by the proposition of a Smart TV that runs on Android? New fangled game consoles have already started riding the Android wave and future iterations may come with Kinect-like camera accessories. Soon you will be able to buy a new Samsung refrigerator that has a touch display in the front and runs Android with apps that help you control the various functions of the fridge. There are now consoles for fitness equipment that run a modified version of Android. Android is being used for in-car, in-flight entertainment systems and also takes care of navigation. All of these will naturally be able to connect to the Internet and thus are potentially open to cyber attacks. A survey told Kaspersky that a household has on an average 4.5 devices and the device diversity will continue to expand as more form factors come into the market. Essentially, Android could soon cover every inch of your home and dominate all activity, leisure or business. So, it wouldn't be a stretch to say your home could soon be under attack from Android malware.
Nearly all new malware targets Android
Tenase believes the big problem comes from the fact that software updates to block security vulnerabilities will not be rolled out to all devices with the same priority. Manufacturers are not known for being lightning quick when it comes to software updates even for fast-moving devices like smartphones and tablets. Devices with long-commitment periods like televisions and refrigerators are likely to be less of a priority for them, according to Tenase, who envisions malware coming out from every possible avenue to specifically target individuals in addition to blanket access.
The Romania-based security expert said that devices like televisions and refrigerators are also less likely to be updated by consumers themselves. “Imagine your Android-based Smart TV being taken over by a malicious app such as FlexiSPY, which can spy on you through the HD webcam on the TV as well as hijack its communication functions to steal your financial and personal data.” Threat to human life is apparent too with the possibility of malware in automobiles and fitness equipment. Without mentioning the likes of Tizen and Sailfish OS, Tenase also said that platforms that can run or emulate Android apps will also be a target for malware.
The rise of Android malware over the past year is astounding
Dmitry Bestuzhev believes Android malware will not just be used to spy on you or steal your financial data. The applications of malware for Android will increase tremendously with the advancement in smartphone hardware. Bestizhev is the head of the Kaspersky GRAY Team in Latin America, and he believes as smartphones advance, they will be used for international attacks. Multi-core processors are the norm these days in high-end smartphones and a compromised device may be used for mining digital currency such as Bitcoin or for launching DDoS attacks. “Mobile malware is a reality. Our devices contain a lot of interesting data. Additionally, increased phone capabilities like better CPUs, more memory are driving attractiveness ahead for attackers,” Tenase said.
With the discovery of the ‘Master Key’ vulnerability, it has become more important than ever to use the Play Store for Android and the official app stores for other platforms. Tenase and Bestuzhev advised caution when using third-party marketplaces to get apps as these are the most common source for malware. But there’s just no stopping malware on Android. With SMS Trojans being the most popular way of infecting devices, it seems one doesn’t even need to install a malicious app to become a victim. And we haven’t even scratched the surface when it comes to malware. The problem is about to get much worse as Besthuzev points out, “This year alone we found more than 50,000 samples of malware for Android, but for Windows we find more than 200,000 samples every day. It won’t be too long before the same happens for Android.”
Cover image: Smartphone Malware on Shutterstock
Publish date: August 27, 2013 2:46 pm| Modified date: January 7, 2014 11:54 am
Android Malware, Android malware instances, Android vs iOS malware, Kaspersky Internet Security - Multi Device, Kaspersky Internet Security Android, Kaspersky Internet Security PC, Malware, Master key malware android