Awareness of mobile security is ‘there' but this is just one part of it.
In recent conversation with AVG chief technology officer Yuval Ben-Itzhak and senior security evangelist Tony Anscombe, they told SC Magazine that awareness of security on PCs had been achieved, but there was some way to go on mobile.
Ben-Itzhak said: “We can put the spotlight on Facebook, but also in LinkedIn, people spend time on their phones so we will see more spending on security for phones this year. Once a product receives five per cent market share, then malware appears, and we are starting to get mass attention.”
A recent survey of 5,107 smartphone users from the UK, US, France, Germany and Brazil by AVG found that yet 70 per cent of consumers are unaware of security features on their device that allow data to be deleted remotely. This was after it found that one in four stored intimate photos or videos on a smartphone or tablet.
Anscombe said that this showed that there was uncertainty around control over mobile devices, particularly if you lost a device where a user could be socially engineered ‘as they already have half of your credentials'.
He said: “We asked if they do their banking on their phone and 36 per cent said yes while 78 per cent do it on their PC. 80 per cent said that they were aware of the threat, so this showed that there is a perception of insecurity. When it comes to banking, people are aware that they need something, they buy a PC and it comes with anti-virus, but when you buy a phone it doesn't come with anything and you begin downloading apps.”
Research released by Appthority found that of 50 Apple and Android applications assessed, 100 per cent sent and received unencrypted data on iOS, compared to 92 percent on Android. It also found that 60 per cent of apps tracked user location on iOS, compared to 42 per cent on Android. Finally 60 per cent of the iOS apps shared user data with third parties, as opposed to 50 per cent running on the Android platform.
Ben-Itzhak said that the lifetime of applications can be very short and as more and more people demand content from outside their specified application stores, that if an attacker were able to infect a phone, it would be used as a botnet rather than to steal something – because people are not banking on their phones.
“So it becomes part of the ecosystem as you can have a premium number in a country and this makes the life of the hacker ten times easier,” he said.
“We see an increase here; it is not quite at the stage of PC malware yet though. BlackBerrys now run Android apps too, so this can open a backdoor and allow an attacker to exploit two platforms and once that is connected to a PC, it can be used as a way to transfer malware.”
The rise of mobile malware has been well covered and researched, and each year I will receive many predictions that this will be the year that there is an explosion. The likelihood of malware for mobile reaching the level of PC is unlikely for some time due to the quantity of platforms and inherent security of the devices.
But if attackers knew these sort of statistics and could put the time and effort into targeting specific users, then we would be in all sorts of trouble.