Cyber-criminals continue to leverage the gaps in the security of Android and iOS operating systems to target mobile devices, regardless of the platform used. This is causing an upsurge in mobile malware growth.
Trend Micro’s Q3 Security Roundup Report cites media server vulnerabilities in Android and IOS devices that should compel Google, manufacturers and carriers to improve integration security strategies.
“Google has released a report that says less than 1% of apps found in the Google Play Store are potentially harmful. However, that doesn’t mean that users aren’t at risk. Android’s latest worry is Mediaserver, which handles all media related tasks and recently became and is likely to remain an active attack target. We have seen attackers exploit at least five vulnerabilities in the service in just this last quarter,” says Darryn O’Brien, manager at Trend Micro.
“We found a bug in Mediaserver that could leave Android phones silent and users unable to send texts or make calls. This Stage Fright vulnerability gave attackers the power to install malware on affected devices putting 94% of Android devices at risk,” says O’Brien.
Another vulnerability found in Mediaserver was capable of causing devices to endlessly reboot and allowed attackers to remotely run arbitrary code.
“The discovery of these Android vulnerabilities prompted Google to implement regular security updates for the platform, so that was positive. However, the platform’s current state of fragmentation may affect some users as security patches might not make their way to all devices unless there’s support from manufacturers and carriers,” O’Brien explains.
Apple’s “Walled Garden” approach has given it a reputation as a safer choice when it comes to mobile devices. It has created stricter app-posting policies and more secure apps as a result. But according to the Q3 Security Roundup, several iOS applications on the App Store and third-party stores were infected with a piece of code called “XcodeGhost” in July. Through these, cybercriminals could execute fraud, phishing and data theft.
“A scary vulnerability in iOS in the past quarter was Quicksand, which was capable of leaking data sent to and from mobile-device-management (MDM) enabled users, and that put not only personal data but corporate data at risk. The operating system’s AirDrop feature was even exploited to reach users whose devices weren’t configured to accept files sent through AirDrop,” says O’Brien.
According to the report, Apple was swift in addressing the issues and removed infected applications from its App Store. However, Trend Micro believes that there are bound to be increasing iOS threats in the future as the mobile user base continues to expand.
“Cybercriminals will make it their mission to find more ways around Apple’s strict policies and walled garden. Cross-platform threats that put not only individuals but also businesses at risk, can also be expected to continue,” says O’Brien.
“Mobile devices are a gold mine for cybercriminals and they will continue to be targeted. Mobile malware will grow and it’s important that local mobile users are aware that they aren’t safe from these types of threats. Having sufficient security on all your mobile devices is essential to the safety of your own data, and now, even the data of your workplace.”
What to do to protect your device? We’ll address that in our next post.
Adapted from an article from it-online.com