Android smartphones ‘less resistant’ to security threats – Symantec


28 Jun 2011

Android phones are less resistant to most key security threats, a Symantec report suggests. However, it says mobile phones have better in-built security than PCs.

The findings were revealed in a white paper titled A Window into Mobile Device Security, which examines the security implications of different mobile operating systems.

“Mobile security threats are beginning to mutate and multiply. Cyber criminals will go where the money is and they know people are increasingly using mobile devices to buy goods and store personal data. As long as consumers remain relatively relaxed about mobile security, cyber criminals stand to reap the rewards,” said Sian John, Norton mobile security expert.

The white paper also looked at some of the biggest mobile threats of 2011.

Malicious apps

One threat coincided with the supposed “Rapture” on 21 May 2011, the date a US preacher said would mark the end of the world. A trojanised version of an application called ‘Holy F***ing Bible’ was available on unofficial Android marketplaces.

The malicious app would lay dormant within the smartphone, waiting for it to restart. When it did, a process called ‘theword’ would attempt to contact a host computer and, according to Symantec, would send “unpleasant” texts to contacts within the phone.

Another included Android.Geinimi, which posed as a game, but actually included a trojan which opened the phone to intruders.

Symantec also pointed out that cyber criminals have been taking advantage of free apps on the Android Market, modifying them with malicious code to access people’s personal information. This was seen with Pjapps and Rootcager in March. Apps revolving around games, sex sites and music types were targeted.

Google released a patch to combat Rootcager in March called Market Security Tool, which was automatically sent to phones infected with the malware. However, a malicious version of this app was created, allowing a command-and-control server to send text messages from the phone. Google then removed the app from the marketplace.

Recommendations

The white paper recommends that smartphone owners should set a password to lock their phones and to set up a remote wipe functionality.

It suggests users should pay special attention to the permissions each app asks for and tells users not to store sensitive data within the calendar, notes or media library.

It advises users not to jailbreak their phones. Users should back up their data and check with their work systems administrators before accessing work-related items on their smartphones.

The paper says users should always download apps from their official stores, as apps available there are less likely to be malicious.