SEOUL, SOUTH KOREA: 'Zombie smartphone' expected to emerge --AhnLab cautions users to use Smartphone vaccines and the official market
AhnLab Inc , a provider of integrated security solutions, today announced major mobile security threat trends in 2011 and Threat Predictions for 2012. According to AhnLab, 2011's major mobile security threats include: the explosive increase in the number of the malicious code that make direct billing; malware disguised as famous applications; increasing numbers of privacy-violation applications; malicious codes target personal commercial information.
Major mobile security issue predictions for 2012 are: mass distribution of malicious codes that exploit vulnerability of applications and OS; rootkit that attacks kernel; emergence of 'zombie smartphone' and botnet; and localized mobile malware that targets specific region.
Major Mobile Security Threat Trends in 2011
1) Mass distribution of malicious codes that exploit vulnerability of application and OS
The most widely used malware distribution channel for Window-based PC is to compromise a website to distribute malware to many users who do not have updated software patches for the vulnerabilities. This same method is expected to be used for mobile environments as the number of smartphone users has constantly increased and, consequently, more web pages are accessed through smartphones. Just like a PC, mass distribution of malicious code to mass users could result in a significant security threat. Attackers will also try to exploit the vulnerabilities of SNS (social network service) or email applications.
2) Development of rootkit that attacks smartphone's kernel
Rooting of Android OS or 'jail breaking' the iPhone generally exploits applications' vulnerabilities. These methods enable the users to get 'super user' permission, allowing for full control of the kernel of the operating system. While super user permission allows users to control many restricted functions of the smartphone, this mighty authority can bring serious security threats when in the wrong hands. For instance, the attackers with super user permission can delete the system to disable all functions of the smartphone, or install undeletable malicious applications. The possibility of distribution of kernel-attacking technology could sharply increase as the number of mobile malware is increasing.
3) Emergence of 'zombie smartphone' and botnet
Zombie smartphone, the smartphone that has been infected by bot and can be used to perform malicious tasks under remote direction, can emerge as the new security threat, if the mass distribution of malicious code prevails. Attackers can use smartphones to deliver DDoS (distributed denial of service), just like they use zombie PCs. A malicious code that attempts to establish botnet, which is a Zombie smartphone's network, was found in the third party market in China.
4) Localized mobile malware that targets specific region
Although 2011 was a year where various malicious codes for mobile devices were found, most malware targeted large targets including Europe, Russia and China. However, reflecting on the fact that there are small countries with large amounts of smartphone users, such as Korea, it is expected that attackers will turn their attention to those markets. There is a strong possibility that new types of malware that reflect the local mobile environment could be developed.
Major smartphone malware trends in 2011
1) Explosive increase in the number of the malicious codes that perform direct billing
Malicious applications that perform direct billing were the bulk of Android based threats in 2011. This type of malware exploits the fact that the smartphone OS includes calling and texting functions by using premium call settings. When the device is infected with this type of malware, it sends text messages to a certain number that generates a premium fee to the sender without permission from the user. Android-Trojan/Pavelsms is the most recently malicious code discovered in a scam app, which is also known as the 'ruFraud'.
2) Malicious applications disguised as famous applications
Some malware were disguised as famous applications that have a significant number of users, such as Google Search, Google+, Angry Birds, Opera, and Skype. This type of disguised malicious code is mainly distributed in the third party market. It is difficult for the user to determine the authenticity of the application as these malicious applications look exactly the same with real ones from names to icons. Repackaging type malware is another form of disguise-type malware which functions just as normal applications, but adds malware into the program for redistribution.
3) Increasing numbers of privacy-violation applications
As smartphones contain personal information more relevant to daily life with calls, text messaging, cameras and GPS functions, the leakage of this type of information could intrude users' privacy. For instance, malware like "Android-Spyware/Nicky" collects user location information, text transmission records, and call history. This malware can also wiretap calls by recording the calls with a voice recording function. In 2012, the number of this type of 'digital stalking' malicious codes is expected to grow.
4) Malicious codes target personal commercial information
It was found that Zues, the notorious malicious code that steals online banking information, also operates in various mobile environments. The malicious code called Zitmo (Zues In The Mobile) was first discovered in Symbian and Blackberry, and is recently found in the Android Platform. Zitmo in Android has disguised itself as an online banking security product. It taps text transmission history to penetrate a two-factor authentication system that requires two factors, including OTP (One Time Password) and text messaging, for authentication.