Android's future in the enterprise is looking increasingly
shaky after several damning reports emerged this month slating the security
risk posed to consumers and enterprises by the operating system.
Separate reports from Kaspersky Lab, M86 Security, AV-Test
and Juniper Global Threat Centre all warned that the open source approach of
the operating system was the critical flaw that had opened it up to an
"alarming" increase in malware.
That open source nature was the main reason that increasing
numbers of cybercriminals were dumping attempts to hack iOS, as well as
reducing the resources focused on discovering weaknesses in Java, according to
three of those companies.
According to Juniper, during the period from July to
November, Android saw a 472% rise in malware attacks. The mobile security group
said that the lack of security controls on the Android Store, as well as the
sole requirement to open up a developer's account being a payment of $25, left
it open to attack.
It added that the lack of ongoing subscription meant that
attacking Android had a low risk, but high return on investment for hackers;
hence the reason so many were shifting their focus to the platform.
It warned that Google's refusal to even consider basic
checks to ensure that apps contain no malware meant that because: "no one
checking to see that your application does what it says, just the world's
largest majority of smartphone users skimming past your application's
description page with whatever description of the application the developer
chooses to include," meant that the search giant was risking destroying
consumer and enterprise confidence in Android.
November alone saw an increase of 111% increase on the
amount of malware generated during October. October itself saw an increase of
108% on September's figures.
Juniper's investigation found that 55% of all malware
released into the Android Store was spyware. The majority of other attacks came
in the form of applications that send texts to premium rate numbers.
While the company avoided describing iOS more secure than
Android, it did say Apple's extremely proactive approach to screening all
software uploaded onto the App Store had prevented malware spreading on the
platform.
Another company that has stressed that iOS is not naturally
more secure than Android is Kaspersky Lab. Earlier this year, several senior
researchers at the company warned that amount of malware infecting jailbroken
devices was a sign that the platform was not necessarily more secure.
However, they - as with Juniper - praised Apple's strict
approach to App approval, as well as a refusal to allow companies access to
root systems (something which Kaspersky Lab admitted meant it wasn't able to
offer security software on the platform) had prevented any malware outbreaks.
Its latest report stated that Android had now firmly
overtaken every other mobile platform - including Java - to become the prime
focus for malware writers. It said that the percentage of malware written for
Android stood at 46% of all mobile malware in October 2011, but that it is
increasing exponentially, and it expects it to pass the 50% mark before the end
of the year.
According to Kaspersky Lab, the percentage of malware
written specifically to steal personal data increased by 30% during September.
October saw that figure rise by another 34%. It warned that while the vast
majority of new malware continued to target data such as contacts, numbers, and
GPS coordinates, a small - but worrying - amount were designed to intercept
mobile banking services, specifically the one-time passwords banks send to
their customers.
That trend was also noted by M86 Security. It describes the
rise in malware aimed at mobile banking as "one of the most troubling
trends" it has come across. It warned that mobile malware solutions were
in their infancy, and that enterprises that took the decision to allow
Android-based devices onto their networks need to set strong rules around their
use.
Its warning came just days after one of the leading
anti-malware testing organisations AV-Test described the majority of Android
anti-malware scanners as "near to useless".
Its study found that the two most popular anti-malware
solutions - Antivirus Free and GuardX Antivirus - failed to detect even a
single virus. Both failed to detect any malware during a manual test where
there were 172 pieces to be discovered, or during the installation of ten known
infected applications.
The four reports come on the heel of similar reports from
McAfee, security firm Lookout, and market research firm Retrevo.
Article Credit: http://www.itp.net
No comments:
Post a Comment