App attacks: How can mobile users stay safe?
New academic research and a string of attacks show how susceptible mobile devices are to hackers, particularly a type of attack known as "ransomware."
New research shows that common smart phone operating systems are easily susceptible to attack.
An academic paper by researchers from the University of Michigan and the University of California, Riverside reveals that the Android, Windows Phone, and iOS operating systems can all be accessed to retrieve sensitive personal information on users. But Android phones are the most susceptible, as the research shows that for six out of seven of the most popular Android apps were susceptible to hackers exploiting weaknesses in smart phone memory.
This comes at the same time that around 900,000 Android phones have been found to be infected in the past month with what's known as "ransomware." These recent string of attacks have been found to be the work of Eastern European hackers, according to The New York Times, citing Lookout, a San Francisco-based mobile security firm. The particular strain of ransomware described by Lookout is called "ScarePackage."
As per its name, ransomware functions primarily in two ways: 1) By gaining access to a user's device and then holding that device hostage until the user agrees to pay a certain amount of money and 2) finding embarrassing or incriminating activity on a person's device, such as pornography, and then threatening to distribute that information to a user's address book unless the user pays.
Ransomware has been long known to infect PCs but has only recently been making its way onto mobile devices. First appearing in late 2011, mainly in Japan, it has only been found on devices in the US in the past few months of 2014, according to Domingo Guerra, president of Appthority, a separate mobile security firm also based in San Francisco.
Often, users become infected through malware by visiting an insecure website, such as a pornography site, or downloading an app from third-party app stores outside the mainstream Apple App Store and Google Play store. When users do become infected, it's common for attackers to pose as government agencies or cybersecurity firms and tell users that they're being fined for illicit activity and that the only way to avoid a heavy fine is to pay a fee immediately.
But Mr. Guerra strongly cautions against paying these types of fees as payment does not mean a hacker will keep his or her word and it could embolden this type of behavior.
"[Payment] only promotes this going forward and there's no guarantee that the hacker will actually unlock your phone," he says. "There's no code of ethics on their part."
The recent example of Android hacks underlines the fact that because Android phones can easily download apps not from the official Google Play store, Android phones are therefore more prone to ransomware attacks. Devices running iOS, meanwhile, are typically only infected when hackers access their iCloud account and can gain access to a users' Apple devices connected to their iCloud accounts, including iPads and iPhones. Only when a user removes limitations on his iOS device – a process known as "jailbreaking" – does an iOS device like an iPhone gain the ability to install apps from a third-party store outside the traditional Apple App Store. Consequently, iOS devices are less prone to such attacks, Guerra says.
However, a report published by Appthority earlier this month showed that, on average, 93 percent of all top iOS apps demonstrate "risky behavior" as opposed to 89 percent of all top Android apps. These types of risky behaviors included apps sharing users' information with advertisers, allowing for in-app purchases, and tracking users' location.
But when it comes to ransomware, Guerra cautions users to be vigilant when downloading apps, particularly when downloading apps from third-party app stores onto an Android device. In addition, he advises that users take basic precautions regarding their iCloud passwords and create a strong password. After all, access to a user's iCloud password could mean access to every one of a user's Apple devices.
Both Lookout and Appthority have natural interests in warning users about the dangers of these types of security threats, as both companies make their money in detecting and aiding in the prevention of mobile security threats.