Feeds

Sophos downplays Android malware threat

Doesn't blend. Won't spread

Internet Security Threat Report 2014

Updated Android users have little reason to fear an immediate onslaught of malware despite the demonstration of a rootkit-based attack at last week's Defcon conference, according to a leading anti-virus supplier.

Researchers at Spider Labs demonstrated proof-of-concept malware that could access messages and emails on an Android smartphone.

Chester Wisniewski, a senior security advisor at Sophos who attended the presentation, was underwhelmed.

He pointed out that the demo was carried out on an already jailbroken HTC Legend. And, crucially, the researchers at Spider Labs failed to explain how end users might be at risk from malware along the lines of the proof-of-concept tool developed by the Spider Labs team. "They developed a rootkit but there's no way to install it," Wisniewski told The Reg. "No method of propagation was demonstrated."

A spokewoman for Trustwave, parent firm of Spider Labs, explained that it was never the intention to develop a remote hack for the purposes of the demo. Even with a local hack plenty might be achieved as evidenced by the latest iPhone jailbreak exploit.

"The focus of the talk was the implications of a kernel level rootkit on a smart phone," she explained. "They chose Android in their research because it was Open Source and they could get access to many of the phone's kernel source code off the Internet. They did NOT develop a remote exploit for propagation because that was not the focus of the research."

"Exploits that would allow malware or a rootkit to be installed are discovered all the time. Just last week, someone discovered a flaw in iPhone PDF reader that allows a simple "jailbreak". With an exploit, all it would take is a rogue app armed with an exploit and a payload".

Droid bots

Sophos has yet to see any examples of Android malware in the wild. Two or three worms targeting jailbroken iPhone devices appeared last year but the attacks have not reappeared as carriers have learned lessons from the outbreak and applied improved security controls, such as filtering SSH connections.

The likelihood of malware migrating onto new platforms is one of the key themes of a review of the security landscape by Sophos, published on Tuesday.

Microsoft is likely to respond to the success of the iPad with the launch of its own tablet-style device. A tablet-ready version of Windows 7 is already well advanced but the technology is likely to inherit the security problems of its desktop cousins, even if Microsoft takes a "walled garden" approach to application delivery, according to Sophos.

Whether the security problems of full-blown Windows platforms will be sufficiently addressed on the new platform remains to be seen; but with the browser being based on Internet Explorer and Adobe apparently working hard on Flash integration for the new platform, malware problems seem inevitable.

The Sophos report (pdf) goes on to suggest that Linux-targeting mobile attacks are likely to increase as devices running webOS and MeeGo (Nokia’s plan for a new mobile platform) become more commonplace in the market. The point is made in passing, without any substantiation, and sits oddly with the attempts by Sophos to downplay the threat of Android-based malware.

The study also charts general trends in the mainstream (desktop) malware landscape. Sophos’s global network of labs received around 60,000 new malware samples every day in the first half of 2010, an average run rate of one new sample every 1.4 seconds per day every day. In the same period last year the rate was 40,000 samples per day. By that reckoning VXers have increased production by 50 per cent. Adobe came out a close second to Microsoft as hacker targets during the first six months of 2010, according to Sophos.

Booby-trapped websites and email in malware, which has returned as a hacker favourite over recent months, remain security menaces to businesses. Hackers often use vulnerabilities to plant malware or redirections to hacking portals on legitimate websites. These tactics - along with the prevalence of free hosting providers in Europe that offer minimum setup times to business and hackers alike - resulted in France, Italy and the Netherlands all joining the top ten of malware hosting countries since the start of the year.  United States (42.29 per cent) and China (10.75 per cent) remain the top two malware hosting menaces. ®

This story was updated to add comments from Trustwave

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.