Study into the Implications of Smartphone Operating System Security

Recommendations

Info

Study into the implications of Smartphone operating system security Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.” In early January Samsung did manage to push out a software update to Galaxy S3 devices (I9300XXELLA) that fixed the Exynos vulnerability. The UK was one of the first countries to receive this patch that was released via Kies. The following month, February, saw Samsung roll out this release to US consumers after carrier testing. Although Samsung must be commended for fixing this vulnerability in good time it is unclear how many devices that were affected by this vulnerability have been successfully patched and whether the patch has been pushed to all affected devices. The complexity of the Android ecosystem is still creating confusion in how vulnerabilities are managed. If a vulnerability is discovered on a Samsung Android device and the vulnerability is to a core component of the Android operating system (not as part of a Samsung Customisation) then the core Android operating system needs to be fixed by Google and then, once remediated, needs to be distributed to the AOSP for onward distribution to all of the handset manufacturers. As this is a complex ecosystem then it is no wonder that Android operating system vulnerability management is not as streamlined as other mobile platforms and consumers will sometimes not receive software patches in a timely manner. Android Mobile Malware According to recently published threat reports in the major anti-virus security vendors sector, Android is currently the number one choice for mobile malware authors. When we talk about the rising threat of mobile malware we are effectively talking about the rising threat of Android malware Making sense of the figures There doesn’t seem to be a week that goes by without receiving news issued from a security vendor announcing rising figures with Android malware. Goode Intelligence has collated a sample of recent Android malware figures: According to F-Secure Android accounted for 79 percent of all mobile malware discovered in 2012 87 In the July-September 2012 quarter alone, Blue Coat Security Labs saw a six hundred percent increase in Android malware over the same period in 2011. In June 87 Mobile Threat Report Q4 2012, F-Secure. Published 7 th March 2013. Goode Intelligence © 2013 P a g e | 89 www.goodeintelligence.com
Study into the implications of Smartphone operating system security 2012, requests to malware targeting Android devices reached more than one thousand 88 From McAfee Threats Report: Fourth Quarter 2012 89 : o Android represents 97 percent of all mobile malware o A total of 36,699 mobile malware samples gathered with 95 percent of that arriving in 2012 compared to 792 samples in 2011 o This compares to 113 million samples in McAfee’s general malware database Kaspersky echoes other reports by stating that 99 percent of all mobile malware targets Android 90 and stated that during 2012 Android malware rose more than eight times These figures are largely detection figures taken from both offical and unoffical App stores and file sharing sites whose security leave a lot to be desired where rogue apps and malware sit side by side with pirated films and music. The ability to sideload mobile apps onto an Android device means that users can download and install apps from a variety of ‘unoffical’ sources when security control is light. So what about infection rates? Figures of actual devices being infected with malware is hard to find – for one thing adoption of mobile security apps that include anti-virus controls is currently low so security vendors do not have a great deal of metrics that they can gather from the endpoint itself. The exponential growth of Android malware detected by security vendors has, so far, not resulted in an increased risk of a Smartphone being infected. In their Emerging Cyber Threat Report 2013, Georgia Tech University 91 references a research project that they performed “analyzing three weeks of DNS traffic from a large cellular provider”. The Georgia Tech University security researchers “found that only a very small number of devices—about 0.002%—are showing signs of infection in the United States.” In summary; Android is the most targeted Smartphone operating system for malware and the numbers of detected malware is increasing month-by-month, year-by-year. However, it is debatable whether the rise in detected Android malware is resulting in an increase in actual device infection rates. The risk to UK Android Smartphone owners is currently low despite the rise in detected malware examples. 88 Blue Coat Security Labs 2013 Mobile Malware Report: http://www.bluecoat.com/sites/default/files/documents/files/BC_2013_Mobile_Malware_Reportv1d.pdf 89 McAfee Threats Report: Fourth Quarter: http://www.mcafee.com/us/resources/reports/rp-quarterlythreat-q4-2012.pdf 90 Kaspersky Security Bulletin 2012: http://www.kaspersky.com/about/news/virus/2013/99_of_all_mobile_threats_target_Android_devices 91 http://www.gtcybersecuritysummit.com/pdf/2013ThreatsReport.pdf Goode Intelligence © 2013 P a g e | 90 www.goodeintelligence.com
Page 1 and 2:
www.goodeintelligence.com £ Study
Page 3 and 4:
Study into the implications of Smar
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40: Study into the implications of Smar
Page 89: Study into the implications of Smar
show all

Study into the Implications of Smartphone Operating System Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?