
Itās a common tale in the computing world: once you achieve popularity you become a target for hackers. And so it was for Android, Googleās smartphone operating system.
In the week that the IT analysis company Gartner confirmed US sales of Android were those of Appleās illustrious iPhone, other reports noted that the system had for the first time been infected by a piece of profit-seeking malware. Online security company warned that Android had been hit by an SMS trojan ā a program hiding a piece of code that secretly sends text messages to premium rate numbers owned by crooks.
While those who downloaded the trojan-containing media player may be surprised when their next phone bill hits the mat, this piece of smartphone-based malware will have raised few eyebrows among security researchers. After all, the on-board computing power of todayās smartphones makes them as capable of running malware as they are of playing Scrabble.
Advertisement
The real significance of this attack is that it marks an evolution in mobile malware, says Kevin Mahaffey, chief technology officer of San Francisco-based smartphone security maker . Instead of writing malware to impress their peers, the authors of this smartphone trojan are after money.
āMalware on the PC has hit three relatively distinct milestones that we could classify as āegoā, āprofitā and āpoliticalā. This cycle looks like it will repeat itself for mobile phones, only significantly accelerated,ā he says.
Permissive society
The growth of smartphone malware featured prominently at last monthās in Las Vegas, Nevada. There, Lookoutās researchers highlighted programs that were supposed to provide eye-pleasing backgrounds for Android phones but turned out also to surreptitiously harvest contact details and location information. Itās been a small step from hackers demonstrating the systemās weaknesses to those seeking to exploit security holes for profit. Others demonstrated attacks affecting iPhones and Windows-based smartphones.
But it wasnāt supposed to be like this. Modern smartphones were supposed to have secure operating systems. For example, Android apps are forced to work with a āpermissionsā mechanism that restricts the operations that the app can undertake. If an app wants to be able to read location data, it should have to get permission from the user.
As the Lookout researchers have demonstrated, however, users often have a poor grasp of what an app may reasonably need access to and may not routinely deny unreasonable requests.
Trespassing in Appleās garden
For its part, Appleās iPhone operates under a strict āwalled gardenā approach. Apps must go through an approval process before they are available through its store and unless an app has gone through that process, iPhone users canāt download it.
Not even the walled garden can always keep out attacks from a new wave of money-seeking malware, however. Last month a developer called Thuat Nguyen was for what Apple called āfraudulent purchase patternsā that led to an apparent surge in demand for Nguyenās apps ā at one point he occupied 42 of the top 50 apps-by-revenue slots in the book section.
Users determined to escape the Apple garden have the option of ājailbreakingā their mobile devices ā which effectively removes the limitations that Apple has placed on what applications the phone can run.
A new website called allows iPhone, iPad and iPod Touch users to do this just by visiting the website. The page uses two vulnerabilities in Appleās mobile-device operating system iOSĀ 4 as a means to break into the system and perform the jailbreak.
But that level of convenience might prove to be a double-edged sword. If iPhones can be compromised by directing users to specific websites, hackers may be able to install other malicious code through websites once the devicesā security has been breached.
Read previous Innovation columns: Reinventing urban wind power, Mastering the art of 3D film-making,A real live Grand Prix in your living room, Google may know your desires before you do, Shrewd search engines know what you want, The tech refresher Russiaās spies needed, Smarter books aim to win back the kids, Microsoftās Kinect isnāt just for games, 19th-century tech makes a smarter iPhone, Invisibility cloaks and how to use them, Methane capture gives more bang for the buck, Slipping into the wireless white space.