As mobile phones and tablets grow in popularity, so does the incentives for attackers
Today?s technology-driven market has given way to the proliferation of mobile phones with advanced features, in order to cater to consumers? need to stay connected. According to IMS Research, sales of smartphones will exceed 420 million devices by the end of this year, accounting for almost 28% of the entire global handset market. They also predicted that annual sales will surpass one billion devices by the end of 2016, accounting for one of every two mobile handsets sold. Furthermore, a report by the Wireless Federation shows that the Asia-Pacific smartphone market is expected to double to 200 million by 2016 at a compounding annual rate of 12.5%.
Owning to their portability and advanced computing features, tablets too are becoming popular devices among consumers. Total tablet computer shipments are poised to increase from 16.1 million units in 2010 to 147.2 million units in 2015. This represents a compound annual growth rate of 56%. According to recent survey undertaken in the US, Apple iPad was the most likely brand of tablet to be purchased followed by the BlackBerry PlayBook, far behind the iPad at only 19%.
However, smartphone and tablet users should be aware that their heavy usage has made them likely targets of security threats. As early as 2006, Trend Micro researchers predicted that the BlackBerry technology could be exploited by cyber criminals. The Android platform, in particular, has become a favourite attack target due to its app distribution model, which makes it completely open to all parties. Trend Micro identified approximately 5,000 new malicious Android apps just this quarter. There has been a 1410% (14-fold) increase in malware attacks on Android based smartphones and tablets itself. This is perceived as due to their increased potential for damage and propagation.
The threats include worms and spyware that track users? Web activity and location, make charges via SMS messages, and more. Often leveraging social engineering and malware, these attacks seek to maintain a persistent presence within the victim?s network so that the attackers can move laterally throughout the target?s network and extract sensitive information. As the name suggests, advanced persistent threats (APTs) typically exhibit persistent behaviour. These are normally considered campaigns rather than ?smash-and-grab incidents,? as attackers need to go deep into a target?s network to get what they want.
Samsung S8500 Wave and Vodafone-HTC Android smartphones have been common targets of cyber criminals. Similarly, it is true that Android tablets are potentially exposed to far more security risks than the iPad.
Applications are one of the major factors that make smartphones and tablets appealing as they are easy to use. However, not all apps users found in app stores are safe to use. Last December, Google removed 50 suspicious-looking apps from the Android market after proving that these used various banks? names without their permission. Also, the popularity of Web browsing via smartphones and tablets has created an opportunity for cybercriminals to expand their target base. In fact, a survey indicated that 44% of users are lax with regard to surfing via mobile phones and only 23% of the respondents utilise mobile phone security software. This lack of vigilance among users makes them vulnerable to Web threats.
Today?s social networking generation is more likely to reveal personal data to other parties in venues like social networking sites. Cyber criminals can also send bad links around and try to steal the social networking credentials of your friends. There is a reason why there is a price for stolen social networking accounts. Target devices are susceptible to attacks anytime, anywhere when remotely accessed.
If your phone or tablet gets infected, don?t panic. Just remove the malicious application and scan your computer with security software if the two devices are often connected. Most importantly, change passwords to your online accounts. When installing apps in your smartphone or tablet, be ready to give out some personal information. Know that a third-party will gain access to your information. Know the app developer?s reputation. The key thing to remember is to think before give an app access to your data. If you have any doubts about giving oversensitive information, don?t do it.
Targeted attacks remain a high priority threat that is difficult to defend. Since such attacks focus on the acquisition of sensitive data, strategies that focus on protecting the data itself, wherever it resides, are extremely important components of defence.
Though many organisations are still uncomfortable with consumerisation, security and data breach incidents in 2012 will force them to face bring-your-own-device (BYOD) related challenges.
The writer is country manager, India & SAARC, Trend Micro
