Free Smartphone Apps Spreading Malware

PISCATAWAY, N.J., Nov. 29, 2011 /PRNewswire/ — Experts at IEEE – the world’s largest technical professional association – say smartphone owners are increasingly paying a high price for free mobile applications, with 2012 set to be a disruptive year of widespread mobile hacking.

Research by IEEE Fellow Dr. Jeffrey Voas in the US has so far uncovered malware in more than 2,000 free smartphone apps. Voas says free, rogue applications like this will be the most common access-point for hackers over the next year.

“The issue with free apps is that you’re paying a price you don’t know about,” says Voas, who is also a computer scientist at the National Institute of Standards and Technology (NIST). “Of free mobile applications, approximately 1 in 100 now visibly contain malware – and that doesn’t even account for the ones where the malware is so hidden it’s impossible to spot. This number is growing by the day and with most of these rogue apps offering good functionality for free, it’s easy to be victimized.”

Adds Voas, “Smartphone users need to remember that free isn’t necessarily free. It can lead to hackers accessing all of the information stored on your phone and transmitting it within two to three seconds.”

Dr. Madjid Merabti, an IEEE Senior Member and Professor of Networked Systems at Liverpool John Moores University, UK, says while the public has been trained to recognize cyber-security threats associated with their PCs and laptops, they do not see their smart phones as computers and subject to the same threats. And in some ways those threats are even worse.

“Unlike on a PC, where web browsers often give plenty of warning about dodgy websites with warning lights and alerts, the screens on smart phones are too small to display this protection,” Merabti says. “These devices contain identifying information, potentially saved passwords, and authentication details, and are much more likely to be misplaced or stolen than other larger portable computing equipment.”

Kevin Curran, a Senior Member of the IEEE and Head of the School of Computing and Intelligence Systems at the University of Ulster, UK, says businesses will be the main victims in 2012. “With more people using the same phone for business and personal reasons, the upsurge in smartphone hacking presents a real issue for businesses as well as consumers,” he says. “A company can have all appropriate firewalls in place, but it takes just one employee to download malware onto their phone. In fact, with more senior employees using phones for work, it is likely to be C-suite executives exposing businesses to vulnerabilities.”

According to Curran, a “trusted app” approach is needed to combat hackers, something he hopes can be in place by 2013. He says he expects an increased number of people hacked via mobile phones in 2012 will motivate the industry and governments to define and implement such a system.


Leave a Reply