With smartphones outselling PCs for the first time -- 421 million of the hand-held computers are expected to be sold worldwide this year, according to market analysts at IDC -- hackers and other criminals are now targeting mobile devices.
According to the mobile-security firm Lookout, malware and spyware appeared on 9 out of 100 phones it scanned in May, more than twice the 4-in-100 rate in December 2009, the New York Times reported. While all devices have been attacked, some believe the Android will be the top target of criminals, while BlackBerrys are rarely attacked because the devices are typically provided and controlled by security-conscious employers, and the phones are not commonly used in countries like Russia and China, the homes of many malware creators. From the New York Times:
Some experts believe that Android will become a top target for malware because anyone can create and distribute an app anywhere on the Web. Google does not check apps for security issues but has instead imposed technical hurdles to thwart malicious activity. For instance, apps run in a "sandbox," a closed environment where they cannot affect one another or manipulate device features without user permission. Google removes from its official Android Market any apps that break its rules against malicious activity.
Ten attacks have been directed at Android users, including a malicious program called Geinimi that appeared in third-party Android app markets in China in December. This addition to legitimate applications, primarily games, allowed hackers to manipulate text messages, steal contact lists, place calls, visit Web sites and quietly download files.
The attacks underscore the importance of exercising care when downloading mobile applications. Users should install apps only from sites they trust. They should research apps to ensure they are not malware. A smartphone is "a microcomputer in your hand, and you can have Trojans and worms and viruses like a PC can," said Andy Hayter, anti-malcode manager at ICSA Labs, an independent security-testing firm owned by Verizon.
The extra-cautious may also want to use a security product; free and paid products are available for all but the iPhone platform from major security companies like F-Secure, Symantec and Kaspersky as well as specialized providers like Lookout and DroidSecurity.
Tighter controls on use of third-party software on mobile devices may help explain the limited number of attacks so far, says Mikko H. Hypponen, chief research officer at F-Secure. For instance, Apple's more regulated environment has mostly kept trouble at bay.