
It鈥檚 a common tale in the computing world: once you achieve popularity you become a target for hackers. And so it was for Android, Google鈥檚 smartphone operating system.
In the week that the IT analysis company Gartner confirmed US sales of Android were those of Apple鈥檚 illustrious iPhone, other reports noted that the system had for the first time been infected by a piece of profit-seeking malware. Online security company warned that Android had been hit by an SMS trojan 鈥 a program hiding a piece of code that secretly sends text messages to premium rate numbers owned by crooks.
While those who downloaded the trojan-containing media player may be surprised when their next phone bill hits the mat, this piece of smartphone-based malware will have raised few eyebrows among security researchers. After all, the on-board computing power of today鈥檚 smartphones makes them as capable of running malware as they are of playing Scrabble.
Advertisement
The real significance of this attack is that it marks an evolution in mobile malware, says Kevin Mahaffey, chief technology officer of San Francisco-based smartphone security maker . Instead of writing malware to impress their peers, the authors of this smartphone trojan are after money.
鈥淢alware on the PC has hit three relatively distinct milestones that we could classify as 鈥榚go鈥, 鈥榩rofit鈥 and 鈥榩olitical鈥. This cycle looks like it will repeat itself for mobile phones, only significantly accelerated,鈥 he says.
Permissive society
The growth of smartphone malware featured prominently at last month鈥檚 in Las Vegas, Nevada. There, Lookout鈥檚 researchers highlighted programs that were supposed to provide eye-pleasing backgrounds for Android phones but turned out also to surreptitiously harvest contact details and location information. It鈥檚 been a small step from hackers demonstrating the system鈥檚 weaknesses to those seeking to exploit security holes for profit. Others demonstrated attacks affecting iPhones and Windows-based smartphones.
But it wasn鈥檛 supposed to be like this. Modern smartphones were supposed to have secure operating systems. For example, Android apps are forced to work with a 鈥減ermissions鈥 mechanism that restricts the operations that the app can undertake. If an app wants to be able to read location data, it should have to get permission from the user.
As the Lookout researchers have demonstrated, however, users often have a poor grasp of what an app may reasonably need access to and may not routinely deny unreasonable requests.
Trespassing in Apple鈥檚 garden
For its part, Apple鈥檚 iPhone operates under a strict 鈥渨alled garden鈥 approach. Apps must go through an approval process before they are available through its store and unless an app has gone through that process, iPhone users can鈥檛 download it.
Not even the walled garden can always keep out attacks from a new wave of money-seeking malware, however. Last month a developer called Thuat Nguyen was for what Apple called 鈥渇raudulent purchase patterns鈥 that led to an apparent surge in demand for Nguyen鈥檚 apps 鈥 at one point he occupied 42 of the top 50 apps-by-revenue slots in the book section.
Users determined to escape the Apple garden have the option of 鈥渏ailbreaking鈥 their mobile devices 鈥 which effectively removes the limitations that Apple has placed on what applications the phone can run.
A new website called allows iPhone, iPad and iPod Touch users to do this just by visiting the website. The page uses two vulnerabilities in Apple鈥檚 mobile-device operating system iOS聽4 as a means to break into the system and perform the jailbreak.
But that level of convenience might prove to be a double-edged sword. If iPhones can be compromised by directing users to specific websites, hackers may be able to install other malicious code through websites once the devices鈥 security has been breached.
Read previous Innovation columns: Reinventing urban wind power, Mastering the art of 3D film-making,A real live Grand Prix in your living room, Google may know your desires before you do, Shrewd search engines know what you want, The tech refresher Russia鈥檚 spies needed, Smarter books aim to win back the kids, Microsoft鈥檚 Kinect isn鈥檛 just for games, 19th-century tech makes a smarter iPhone, Invisibility cloaks and how to use them, Methane capture gives more bang for the buck, Slipping into the wireless white space.