Manufacturers Of Mobile Phones Need To Take The Security Of Their Devices More Seriously

By Author: EC-COUNCIL
Total Articles: 68
Comment this article

There have been an increase of malware infections in smart phone devises lately, and it will get worse. The year 2010 alone has shown a drastic increase in malware on mobile devices. NetQin, a Chinese mobile security firm, reports that 2.53 million Android devices in the world were hit with malware or viruses earlier this year, with most infections taking place in China.
The Chinese security firm speculates the flood of low-cost, “white box” Android phones available and rise in popularity in the country is partly to blame. White box phones often run outdated versions of software and do not have the level of support and patches provided by bigger carriers.
The Android Market is said to be the source of most malware, responsible for 57 percent of infections. Google has since stepped up monitoring of the Android Market in recent weeks and has pulled a number of Android apps for terms of service violations, including malware. Google also removed the offending apps remotely from phones by invoking a kill switch, which is a security measure built into the Android system that allows Google to remotely remove apps from ...
... user’s phones.
Mobile malware was moving into the realms of larger-scale cyber criminality. In 2010 an increase in monetized malware and malware targeting privacy was observed on mobile platforms. Towards the end of 2010, the infamous Zeus gang, known for targeting online banking, started to show an interest in infecting mobile phones and released a new version of their bot which propagated a Trojan for mobile phones.
Authorities in the United Kingdom on Tuesday have arrested 19 individuals alleged to be connected to the Zeus gang; a massive fraud ring that stole tens of millions of dollars from hundreds of consumers and small to mid-sized businesses in the U.K. and the United States. Members of the group, described as 15 men and 4 women between the ages of 23 and 47, are thought to be part of a sophisticated, multinational computer crime operation that stole almost $10 million over a three month period and may have netted more than $30 million.
A variant of the Zeus banking Trojan targeting BlackBerry smart phones was recently detected by security researchers at Trend Micro. With more users using their phones to get up-to-date alerts on their bank account balances, to add funds, or to receive password hints, mobile malware has become a lucrative attack vector for cyber-criminals. The BlackBerry Zitmo flies under the user’s radar because it does not have a graphical user interface, and it can remove itself from the list of applications attackers. Mobile banking users unaware of the infection on their phone would be inadvertently giving away their bank account information.
In a related story, Skype announced on Friday the discovery of vulnerability in their Skype Android app that could potentially expose stored, private information on phones infected by malware. The exposure affects Skype users who already have or may install a malicious app that could exploit the vulnerability. Skype is investigating the issue that may result in a patch in the coming days.
Researchers have long warned that mobile malware would become more sophisticated as smart phones became more popular and powerful. With the latest round of malicious applications found on Android Market and a number of iPhone malware prototypes, all mobile users need to exercise more caution clicking on links to unfamiliar Websites or downloading applications on to the phone.
For information security professionals, they can increase the information security of mobile phones by increasing their knowledge and skills with highly technical and advanced training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of highly technically skilled information security professionals.
CAST will provide advanced technical security training covering topics such as Advanced Penetration Testing, Digital Mobile Forensics training, Application Security, Advanced Network Defense, and Cryptography. These highly technical and advanced information security training will be offered at all EC-Council hosted conferences and events, and through specially selected EC-Council Authorized Training Centers.
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other information security training programs offered in over 84 countries around the globe. EC-Council has trained over 90,000 individuals in technical security training and certified more than 40,000 security professionals. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency in the lack of highly technically skilled information security professionals.