Update June 15, 2011 at 00:09AM UTC – We have received word from Symantec that the company released a free 21-day trial download of their "Norton Mobile Security Beta Application for Android". The app detects and removes malware, remote locate exploits, remote wipe/lock, text blocking and about dozen other features.
Some folks say there is no worry about malware on your mobile phones and tablets. Given the headlines of the past two weeks about security failures, BSN* thinks that sort of an attitude is going to be very painful for some folks sooner than later. Clearly, the modern cyber-criminal can steal more often than the average bank robber and is less likely to get caught.
Last week at Symantec’s "Next @ Norton" press event, we were exposed to examples of all manner of PC and mobile malware. Obviously, Symantec with their Norton brand are in the business of finding and destroying all forms of pesky malware. Therefore, they sound a bit like those folks who claim that just because the Mayan Calendar allegedly ends in 2012, that means the world will end too. However, with Symantec’s years of experience everyone should listen to their ideas.
Why Android is becoming an increasing target for cyber-criminals
Google Android is a target for cyber-criminals. Hugo Barro pointed out in a Google I/O keynote speech that Android is currently being used on 310 different devices and was activated on 100 million phones in 2011. There have been eight versions of Android over the two and a half years of its development. In its early days, Android was focused solely on the mobile phone. Now, the software is extending its reach to tablets, TVs, LCD light bulbs, and a growing set of other devices.
At Next @ Norton, Symantec’s Kevin Hogan and Eric Chien showed examples of how Android is one of the largest targets in the mobile marketplace. Cyber-criminals like the fact that Android is open sourced, and that it has the huge customer base mentioned above, and mostly because their criminal actions can be easily monetized. Remember, malware is all about making money.
The open source design of Android means a cyber-criminal’s efforts get a quick financial return. Hogan went over five straight-forward scenarios for monetizing Android malware. Symantec is projecting a rise in Android malware, including schemes that involve premium billing rates, spyware, search engine poisoning, adware, and pay-per installs.
How Cyber-criminals are infecting Android devices: ways are very similar to conventional computer cracking, with the addition of premium rate billing (i.e. unwanted SMS subscriptions)
Google recently removed less than thirty apps from the Android Store because they were designed around trojanized malware. That doesn’t seem like very many compared to the nearly 300,000 apps in the Android Market. Projections are by Fall 2011 there will be 425,000 Android apps. In-Stat’s research shows Android and Apple users are significantly more likely than BlackBerry users to download mobile apps.
Google’s open approach to the Android Market plays a major part in these problems. Unlike Apple and Microsoft, Google doesn’t test or pre-vet apps submitted to its apps market. Eric Chien showed how cyber-criminals can download an Android app and, using a pre-packaged "Crypter" malware API, create a new Fully UnDetectable (FUD) trojanized app. A FUD crypter can be used to encrypt viruses, remote access Trojan (RAT), keyloggers, spywares, and more to make them undetectable from anti-viruses.
The problem for cyber-criminals is the life expectancy for a new malware app is less than 72 hours before one of the AV (anti-virus) apps decrypts their malware encoding. Because the Android community isn’t commonly fully protected, a lot of money is going into the cyber-criminals? bank vaults while the world, often slowly, learns about the latest Android malware.
If the cyber-criminal is willing to spend up-front money to set themselves up in business, with say $1,500 to $4,500 for the latest malware toolkits, that investment, and little luck, like an attention grabbing news story, can often get them a rapid return on their investment. Premium Rate Billing is a high dollar return malware as Symantec’s graphic below shows:
Premium Rate Billing or how to quickly generate a lot of cash from unsuspecting Android device owners
Part of the problem is the Google Android architecture which can require some legitimate apps access to your personal information. Even seemingly simple games may access your contacts list to experience their next level up in multi-player gaming.
This fall, Google will have a new open accessories API that includes USB 2.0 support libraries. For the first time, Android will support USB devices in the next version of the software for tablets (Honeycombed 3.1) and the next smart phone version (Gingerbread 2.3.4). The USB is another way for malware to gain access to your Android-powered device.
A few of the other significant malware techniques are spyware and malware:
Yes, spyware and adware are old PC techniques. But they work very well on Android phones. With spyware, your GPS location can be uploaded, and if it is determined that you are away from, your house could easily be burglarized. Or your microphone could be turned on and your conversation sent to an audio logger. If you are giving your credit card number for a purchase, that could mean your credit card number is suddenly for sale on a cyber-criminals website.
How does an Android user decide which of the requested permissions is okay, and which permissions are the first step to costing them a lot of money?
Symantec says because the mobile phone and tablet are such personal devices the average user will not allow ultra-restrictive anti-malware apps. Instead their approach is to monitor the mobile devices app installs and track the processes that offload data or audio files. An example of their proposed UI (user interface) is below:
New Norton Security for Android UI
Symantec’s presenters at Next@Norton wanted to make sure everyone in attendance understood that the above UI was a sample beta, and not the final version that will ship this fall. They also said the Android tablet version would look different than the mobile phone version beta shown above. Until their beta product becomes a shipping version, BSN will wait to review the real deal.