Why smart phones are targets: Popularity is up, security is down

More people are adopting tablets and smart phones, which don't get the same level of security attention as PCs, Georgia Tech researchers say.

Smart phones and tablets will increasingly become targets for malware attacks not only because of their growing popularity but because security steps for the devices are often difficult or ignored, according to a newly released security advisory report out of Georgia Tech.

"Mobile applications are increasingly reliant on the browser," said Patrick Traynor, GTISC researcher and assistant professor at the Georgia Tech School of Computer Science. "As a result, we expect more Web-based attacks against mobile devices to be launched in the coming year."

The Emerging Cyber Threats Report 2012, presented at last week's Georgia Tech Cyber Security Summit 2011, focused specifically on the rise of vulnerabilities from mobile browsers and applications that are reliant on an Internet connection. In one example, researchers discussed that smart phone users aren't as aware as desktop and laptop users when a malicious link is clicked due to the smaller screen size and disappearing address bar.

Another reason the fact that Internet security protocol information is either lacking or hard to access on mobile devices. "If you're a security expert and you want to see the [Secure Sockets Layer] certificates for a site from your mobile phone browser, it is extremely difficult to find that information -- if it's there at all," said Traynor. "And if a security expert can't verify a connection and a certificate, how do we expect the average user to avoid compromise?"

The report points to not only the lack of verification by security experts, but also the lack of overall problem solving when vulnerabilities do arise. The report cited that device constraints and "tension between usability and security" make it difficult for security experts to devote time to debug issues.

This is evident in that, unlike traditional Web browsers, mobile browsers rarely get fixes for issues that arise over time. "One of the biggest problems with mobile browsers is that they never get updated," said Dan Kuykendall, co-CEO and chief technology officer for NT OBJECTives. "For most users, their operating system and mobile browser is the same as it was on the phone’s manufacture date. That gives the attackers a big advantage."

Another disadvantage to mobile security is in the case of how quickly a patch or fix can be applied on the rare instances of updates. While fixes can be turned around in a matter of days for a specific vulnerability, it can take months to roll out, due to OS limitations and carrier testing and regulations, giving would-be attackers plenty of time to exploit the hole before going unpatched.

Georgia Tech's security report forecasts that attacks will become more sophisticated and numerous in the next few months, especially for those targeting the Android and iOS platforms. During the study, researchers have noticed an evolution of attacks on these two mobile OSes that rival computer viruses.

"The Zeus-in-the-Mobile (ZitMo) and several other examples of Android malware are acting more like traditional bots by communicating with a command-and-control (C2) architecture," said Gunter Ollmann, vice president of research for Damballa, in the report. "This marks an evolution beyond premium rate fraud and other tactics that do not rely on C2, and makes mobile devices as suscep­tible to criminal breach activity as desktops."

While criminal breeches of tablets and smartphones and the spreading of malware are growing risks in the mobile security landscape, researchers at Gergia Tech also point to these same devices being used to spread harmful programs to desktops.

Researchers noticed an uptick of security incidents involving the upload of harmful software through a mobile device connected to a traditional PC. This attack, while not new, had previously been associated with the transfer of malware through USB devices.

The threats report advises that with the growing increase of smartphone and tablet attacks, security protocols need to evolve with the attacks, especially in the enterprise setting.

"As mobile devices become an increasingly attractive target in the integrated economy, it is critical for orga­nizations to adopt a multi-faceted strategy that leverages the right combination of security best practices with business technology requirements," said Tony Spinelli, senior vice president and chief security officer of Equifax.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.