Site   Web

August 28, 2013

Federal Law Agencies Warn Android a Bigger Malware Threat than Ever

Being top dog comes at a price.

Android may be the most widely-used Smartphone operating system, but it is also the most targeted with a whopping 79 percent of all 2012 mobile malware designed to attack its systems, according to a government study obtained by Public Intelligence.

A joint report from the U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) indicates Google’s Android platform is also a primary target because of its open source architecture.

“Industry reporting indicates 44 percent of Android users are still using versions 2.3.3 through 2.3.7-known as Gingerbread-which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions,” the report reads. “The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date.”

Android malwareMeanwhile, only about 19 percent of 2012 malware attacks targeted at Nokia’s Symbian system, while less than one percent each were aimed at Apple’s iOS software, Microsoft’s Windows and BlackBerry.

The roll call release document, which is aimed at police, fire, EMS and security personnel, did not indicate just how many federal, state and local government employees use Android versions 2.3.3 to 2.3.7, which remain vulnerable to hackers.

According to the report, roughly 50 percent of the malicious applications plaguing older Android operating systems are SMS text messages. To reduce the risk, users can install Android security suites on their devices.

Other problems include:

• Rootkits — This is a type of malware that hides its existence from normal forms of detection.

“In late 2011, a software developer’s rootkit was discovered running on millions of mobile devices,” the report reads. “Rootkits often go undetected and can log usernames, passwords, and traffic without the user’s knowledge — a serious security risk in a government enterprise setting.”

As a mitigation strategy, the report suggests installing the Carrier IQ Test — a free application that can detect and remove malicious software.

• Fake Google Play domains — These are sites created by cyber-criminals to fool Android users into installing fake or malicious apps from a fake Google Play store. The report says only IT approved updates should be permitted.

“Users should install and regularly update antivirus software for Sndroid devices to detect and remove any malicious applications,” the report reads.

DHS FBI AndroidThreats