For decades, Microsoft Windows has been the platform of choice for malware creators. As the dominant operating platform on PCs it was a lucrative target for many kinds of malware. However, with the transition to mobile computing there’s a new target for the bad guys. Android.
According to Stephen Cobb, a distinguished security researcher for the IT security company ESET, “Android is like early Windows.” It’s now the locus for security attacks and prevention — even if it’s not getting as much attention in this regard as Windows used to.
“There’s so much malware on Android, you’d think it would be a huge deal,” Cobb said. And the growth of is “huge,” he added, “both in the number of malware exploits and their increasing sophistication. The rate of growth in Android malware is impressive, and scary.”
ESET did a live demo at this week’s RSA conference in San Francisco. They downloaded an infected app, which then rooted the phone and opened it up to whatever the attacker wanted to do with it — even dumping out the device’s entire contents in a few seconds over the internet.
Why isn’t more published about the security holes in Android? “It’s death by 1000 cuts,” Cobb said. It doesn’t empty out the entire bank accounts of infected users, more often it’s used for premium-rate SMS fraud against mobile carriers, “which isn’t bankrupting anyone immediately. They’re flying under the radar.”
The mobile platform you use does make a difference. “The Apple model of a closed shop, from a security standpoint, is a very good thing,” Cobb said. Apple’s OS X and iOS are both pretty secure to start with, and with iOS and the App Store, “Apple is moving that from a physical environment to a software environment.”
“We sell an anti-virus product for Android,” Cobb noted. “No one sells anti-virus for iOS.”
When will we see security improvements being made in Android? “Quite frankly, I expect to see it improve when sales start getting impacted,” Cobb said.
Cobb did add that “In some circles it is already having an effect… I wouldn’t use an Android phone for my personal stuff.”