Is The iPhone Safer Than Google's Android?
 The iPhone is safter than Android, and RIMM's BlackBerry. But for how long?
In the battle between smart phone rivals iPhone and Android, the iPhones closed operating system makes it less open to hackers, and therefore a lot safer than the Google Android, says Sergey Golovanov, a malware researcher at Kaspersky Lab in Moscow.
Techies like Golovanov might know that Android is a malware accident waiting to happen, but most people walking around with it do not.
Especially when it comes to security breaches done through fake quick response codes, or QR codes (crossword puzzle looking bar code scan-able by some smart phones), the iPhone is safer, he says.
“QR malware codes are mainly spreading through Android. We haven’t found any QR malware for the iPhones yet,” Golovanov says. “Everyone is looking for the Android users. We don’t know why. But one of the reasons is probably because iPhone has a closed operating system and Android has an open operating system so it is easier to create software for them,” he says.
QR codes have become part of the marketing strategies created by everyone from newspapers to clothing retailers trying everything they can to satisfy their linked-in and wired customers. But the black matrix bar code symbols have become a harbor for viruses and hackers to steal personal data. There’s no way to know once a device is infected. People scan a QR code with their smartphone and it redirects them to a web address. Some of those addresses are malicious, usually ending with the .APK or .JAR file extension. Kaspersky Lab says the QR code malware is gaining in popularity, and Android is in the cross hairs.
The company discovered the first instance of a QR malware code on an Android phone in Russia in September.
It’s not that the iPhone is immune from hackers.
iPhone malware developers recently figured out how to trick Apple’s servers into accepting Siri requests from non-iPhone 4S devices looking to crack the closed system to allow for free apps. Apple has been fighting so-called jailbreak hackers — hackers who bust through the Apple operating system (OS) in order to install programs illegally on the iPhone — in order to avoid malware. Jailbreaking the iPhone makes it more open to malware, Kaspersky Lab says.
Last year, jailbroken iPhones were infected with the two variants of an iPhone OS worm. People who used online banking at ING Bank in Europe were redirected to a malware site posing as the bank, collecting all of the user’s account details.
Android has been the favorite of malware code writers since August 2010, when the first Trojan program targeting the OS was detected.
Juniper Networks says Android malware traffic rose by 400% between June 2010 and January 2011. Lookout Mobile Security reported a 250% jump in smartphone malware from January to June 2011.
All told, the share of Android-based malicious programs among all mobile malware is more than 46%, and growing rapidly, according to Kaspersky. In September, the number of newly discovered malware for devices running the Android OS rose over 30%. Last month it rose another 34%, including malware on apps, both legitimate and fake apps distributed through the official Android Market. In addition to stealing personal data, sending texts, and making calls to premium numbers like costly 1-900 numbers, smart phone hackers are most interested in obtaining a user’s banking information and stealing passwords.
As smart phones become more linked with larger personal and corporate wireless devices like tablets and laptops, stealing from a smart phone makes is yet another way to crack into personal computers.
Earlier this year, Kaspersky Lab analyst Denis Maslennikov wrote that mobile threats would evolve in the following way this year:
Text messaging Trojans: For now, unfortunately, no preconditions are in place that would facilitate a downturn in the number of SMS Trojans. The law in some countries still needs improving and cyber criminals can still use phone numbers with complete anonymity.
Android to lead: Android is gaining popularity among users and cyber criminals will show increased interest in it as a result. There will be an increase in the number of vulnerabilities detected in a variety of smartphone platforms, and possibly the launch of attacks using these vulnerabilities. Until recently, no major attack that has exploited a vulnerability has been recorded.
APT spyware: Advanced persistent threat corporate espionage done through corporate smart phone accounts. Maslennikov forecast that this type of spyware will be used to monitor third-party activities through corporate telecom accounts, which could include industrial espionage or obtaining emails.
John Dasher, McAfee senior director of mobile security, told the Financial Times this week that, “Apple has a walled garden, with its curating of apps for its App Store, so it’s had far fewer instances of malware, but Android is far more porous. There are more than a dozen apps sites, it’s very easy to download apps and ‘sideload’ apps on to a device, and so it’s far easier for a hacker to get an app published that contains malware.”
Corporations don’t realize the importance of protecting their own, and clients, information, says Tim Armstrong, a virus research at Kaspersky Lab in Massachusetts, the U.S. based headquarters of Russia’s leading IT security firm. “A lot of companies do not understand the need to protect their networks at the top level. The damage control after a security breach is much more expensive than protecting their systems in the first place,” Armstrong said in a recent Kaspersky Lab video blog on its home page.
forbes.com |
