The number of mobile security exploits is on track to double year over year between 2010 and 2011.
“For years, observers have been wondering when malware would become a real problem for the latest generation of mobile devices,” said Tom Cross, a manager at IBM’s X-Force security research arm. “It appears that the wait is over.”
X-Force security experts research and evaluate vulnerabilities and security issues, develop assessment and countermeasure technology and educate the public about emerging web and mobile threats. In a new report on mobile and general Internet security, X-Force researchers found that the combination of new vulnerabilities and more sophisticated phone-hacking technology has led to a huge spike in the number of security exploits on mobile phones.
Add to that the fact that more people are storing more information worth stealing on their phones — including corporate information, since more smartphones and tablets are appearing in the workplace — and you have a perfect storm for criminally focused mobile hacking.
The X-Force Mid-Year Trend and Risk Report, released today, is based on data gathered through IBM’s research of public vulnerability disclosures as well as the team’s monitoring and analysis of around 12 billion security events daily since the beginning of the year.
Among the report’s findings is the fact that in 2011, mobile users will experience twice the number of mobile exploit releases than last year. Much of this is due to the fact that, as X-Force researchers observed, “many mobile phone vendors do not rapidly push out security updates for their devices.”
The report urges consumers to be cautious about downloading apps that don’t come from an official app store. Third-party app stores or off-market apps are more likely than officially sanctioned apps to contain malicious (and highly monetizable) software.
Cross gives these six tips for consumers to protect themselves from the threat of a mobile attack:
- Make sure you protect access to your phone with a password or PIN to keep intruders out if your phone is lost or stolen.
- Don’t download applications from third-party application markets.
- Make sure you install system updates as prompted.
- Back up your data on a regular basis.
- Have the ability to track your phone and remotely wipe all its data if it is stolen. You can easily find an app that will allow you to do so.
- Download and run anti-malware applications.
The X-Force team said the number of critical, non-mobile security vulnerabilities has tripled in 2011, and researchers particularly noted the practice of “whaling.” As opposed to “phishing,” a technique that casts a wide net to capture sensitive information, whaling implies that the criminal or criminals behind the attack are zeroing in on a “big fih,” a high-profile target. Phishing has lately been on the decline, but whaling, which targets those positioned in high levels of an organization with access to critical data, is on the rise.
“Although we understand how to defend against many of these attacks on a technical level, organizations don’t always have the cross-company operational practices in place to protect themselves,” said Cross.
Here is Cross’ full commentary on the report:
Image courtesy of williamhook.