Wave your smartphone; buy a latte. Sounds great, doesn’t it? But before running off to participate in Silicon Valley’s next new thing, you might want to think about a scary downside to mobile commerce: the vulnerability of smartphones to hackers.
A new report by McAfee, a vendor of anti-virus software, says that better security around networks has prompted hackers to seek new targets, and the mobile app store is one of the most tempting. Because the market for Android apps is less controlled than Apple’s App Store, security researchers have seen a rash of attacks against that platform this year. With the exception of phones using the long-established Symbian platform, Android devices were the most likely to be targeted during the first three months of this year, according to the report.
In March, a researcher who posts on the Reddit security site under the name Lampolo found that more than 50 applications available via the official Android Market contained malware; the booby-trapped apps may have been downloaded up to 200,000 times.
One nasty trick that Lampolo noticed involved pulling a legitimate app off the Android Market, inserting malware into it and then publishing it on another site with a similar name. Super Guitar Solo for example was originally Guitar Solo Lite, a legitimate app. It’s worth noting that Google removed the bogus app from the Android Market very quickly and posted a tool to help users recover from the attack, according to the McAfee report.
Still, anyone who downloaded the poisoned app, or one of the others, probably had no way to know about the danger or was aware that their phone was infected with a virus known as Android/DrdDream. Mobile malware can simply be annoying, or it can silently steal login information or other personal data stored on the phone. (And according to reports, more malware popped up onto to Android Market over the Memorial Day weekend.)
What’s more, after Google created the tool to remove the DrdDream infections, a hacker gang created malware that masqueraded as the tool, which in turn created a backdoor to let the hackers into the phone and steal data, the McAfee researchers said.
It doesn’t appear that the Android platform is inherently less secure than iOS, which powers iPhones and iPads. Why then has it been attacked so much? Hackers have used one of Android’s most attractive features, its openness, against it. “In the case of Android apps, most phones allow the ‘side-loading’ of apps and are not restricted to getting them from a centralized app store, as they must with Apple. This openness means that Android app developers, or others, could post Android apps on their web sites and attempt to attract users to install them,” the report says.
Sign up for Computerworld eNewsletters.