The smartphone threat
One the main selling points for Google’s Android smartphone operating system is that it is an open platform, with developers free to write and publish applications for it, in contrast to Apple’s tightly controlled iOS.
However, the ubiquity of the platform has seen it rise significantly in market share compared with iOS, to the point that 43% of smartphones sold worldwide in the second quarter of 2011 were Android units, compared with 18% running the Apple operating system, according to Gartner.
Today, security vendors AVG and Symantec have both released studies warning that as the number of functions performed by smartphones grow, so too will their attractiveness to cyber criminals.
John Harrison, group product manager for Symantec, says the question is when and how criminals will establish a way to make money from hacking smartphones.
"They haven’t been overly successful at monetization as yet,” Harrison says.
"On the desktop side they’re able to make so much money with things like fake antivirus, but in the mobile space there isn’t software at the same price point.”
One of the most common methods currently in use is known as ‘Premium SMS’, whereby criminals set up a premium-rate SMS number, then disseminate malware which makes the infected smartphone send messages to that number, without the owner’s knowledge.
Yuval Ben-Itzhak, chief technology officer for AVG, says given that few people check their bills closely, the scam can continue undetected for some time.
"Well-organised criminal gangs are now letting mobile phone operators handle the money collecting part by focusing on mobile phones and setting victims up for charges that will appear on their phone bill some time later,” Ben-Itzhak says.
"Not only is it a lot easier, it also scales to tremendous volumes making money by stealing small amounts from very large groups of victims.”
Harrison says a lot of people don’t understand how easy it is to add malicious code to legitimate applications.
"You can just go out and grab a real copy of some software, take it to your desktop, add some Trojan code, and upload it straight to another site,” Harrison says.
"You might be online and see a free copy of something you want. Well, nothing’s free in software.”
Both reports add that the introduction of digital wallets – the ability to make payments with smartphones via Near-Field Communication (NFC) – will take smartphone hacking to a whole new level.
"That’s the one area we’re really concerned about and continue to watch,” Harrison says.
"Banks and retailers are going to do everything they can to push it. That’s why we’re doing the research now.”
Go here to read Symantec’s Motivations of Recent Android Malware report, and here for AVG’s Community Powered Threat report.