Symantec downplays mobile malware threat

1 Mar 2011

The threat of viruses for smartphones and tablet PCs is overplayed, one of the leading security software companies has said.

“(The year) 2011 is not the year of mobile threats. The hype is not true, but it doesn’t mean you should rest easy,” said Kevin Hogan, senior director of Symantec’s Security Response EMEA team, based in Dublin.

Hogan said there have only been “about half a dozen” different types of malware written for Google’s Android operating system, such as the Geinimi Trojan, which was a hidden extra when people downloaded a game to their smartphones. The few explicit examples that exist like this are almost exclusively Chinese in origin and aimed largely at the Chinese market, Hogan added.

Geinimi Trojan’s capabilities

Geinimi has 34 commands, which include taking note of all numbers contained on the phone, and the ability to remotely use the hijacked phone to call another number or send an SMS without either showing up in the phone’s call history. Other features of the malware are apparently harmless, such as the ability for a controller to change the phone’s wallpaper.

What’s more, Geinimi was only partly built before it was released. “We don’t expect to see too many more Geinimis. We’re going to see banking Trojans,” said Hogan. “Quantitatively, we’ll see more threats. Qualitatively, I don’t think we’ll see a massive change.”

The mobile phone operating system market is more fragmented than its PC equivalent, and this partly helps to explain why attacks against smartphones aren’t as prevalent yet. “Especially now, the imperative (for attacks) is financial, so attackers aren’t going to waste time on a platform that doesn’t have a sufficient number of users,” Hogan said. Symantec considers smartphones and tablets part of the same “ultraportable” category, as distinct from laptops and desktop PCs.

Hogan also suggested Apple’s iOS may be more secure than Google’s Android platform. That’s not because it’s inherently any better, but simply because Apple’s closed approach to apps and hardware makes it difficult for users to install unauthorised programs on their handsets – which is essentially what a virus needs to do in order to infect a system. Jailbroken iPhones are most at risk because that protection is bypassed, Hogan said.

Malware risk to Android

With Android, there are many third-party app stores where programs may not have been vetted by Google and the risk of people downloading poorly designed apps, or ones containing malware, is that much greater. It’s also likely to be a bigger target for attackers before long, since many analysts are forecasting that Android shipments will surpass iPhone numbers this year, in what is a growing market.

Symantec has already put in place a strategic team to spot emerging smartphone threats, Hogan said. “The game changer, if anything, will be Android. Its third-party apps are the key – the openness (of the platform) and the fact that it’s selling well globally. That, I think, brings a whole new situation. We’re only starting to see the services that will be built on Android.”

An example of this can be found in the latest version of Android, code named Gingerbread. It includes near-field communications capability – in effect, the ability to act as a payment terminal. “When people start to do things like pay for something by swiping their phone, that’s when they become more interesting for hackers,” said Hogan.

Another potential risk with Android is the detailed geolocation information that it produces. Hogan believes this is as much a personal privacy issue as a data security concern, and said it points to a new direction the industry will have to follow. “When we deal with mobile devices, the issue is a lot bigger than just malware. It’s about security in a much broader perspective. I don’t think that security for these devices will be perceived in the same way as security for personal computers. The challenge for us is to get out of thinking about the old way of security.”

Gordon Smith was a contributor to Silicon Republic