Tactical Advice

Mobile Malware: Doing the Math

Knowing what the threat situation is today will help planning for tomorrow.
Mobile Malware: Doing the Math
Credit: iStockphoto/ThinkStockPhoto

When you stop to consider how much data you’re carrying on the corporate smartphone in your pocket — e-mails, business apps, login credentials — it’s easy to understand why you and your phone might be targeted by cybercriminals.

In and of itself, information is valuable, after all. So somebody, somewhere, may try to take it from you. The key to defending yourself is knowing who, what, when, where and how. (We already know the why.)

Dan Guido, CEO of Trail of Bits, a security firm in New York City, and Mike Arpaia, formerly a security consultant and researcher at iSEC Partners, have made answering these questions the focus of their research in the Mobile Exploit Intelligence Project.

As Guido describes it, “We created a detailed understanding of mobile malware, where it is today and where it is going. We can now predict where to best build out mobile defenses, now and in the future.”

Malware by the Numbers

In their research for the MEIP, which was carried out December 2011 through March 2012 and is updated regularly, Guido and Arpaia came across about 100 examples of attack campaigns, including some of the more well-known malware projects such as Android.Pjapps, Android DroidDream and Android.Zeahache.

These 100 attacks were carried out by 81 unique pieces of mobile malware. Of that 81, only 16 were designed to escalate privileges, a technique to break outside an app’s sandbox in order to compromise other data on the mobile device. “The escalate-privileges vector is the easiest avenue for bad guys to steal your data,” says Guido, “and it helps that they can get all of the code to do that essentially for free.”

In order to escalate privileges on a mobile phone, the malware needs a privilege escalation exploit, more commonly known as a jailbreak. All the attacks that Guido and Arpaia observed in the wild used just three unique exploits, all documented previously by a single author. And distribution of these apps followed similar distribution patterns across attacks: They introduced the disguised malware to victims through a common mobile app storefront.

“This is the approach that works right now for malicious app distribution. Our data shows that this will be the dominant mobile threat vector for the next couple of years,” explains Guido.

Given that there are hundreds of millions of mobile devices in the world, these numbers might appear surprisingly small. But Guido says that’s not the right way to look at it. “Our research has determined that out of the 300 million Android devices out there, the presence of malware has been discovered on about a million of them. That’s a significant number.”

Crime Doesn’t Pay

These infection numbers, Guido suggests, highlight how relatively unexplored the field of mobile malware is by criminal enterprises. The reason for that is old-fashioned criminology 101: the lack of a financial incentive.

Regardless of how popular media sensationalizes it, cybercriminal behavior is easy to grasp and can be summed up in a short equation: Cost of Attack < Potential Revenue = Attack. Simple economics. When the cost of an attack is less than the potential revenue to be gained from the attack, someone will pursue it. And so far, cybercriminals appear to be reaching the collective conclusion that mobile devices are not yet worth the effort.

Avoid Past Mistakes

But while the current threat environment shows little in the way of successful exploits, there are many potential avenues for compromising a mobile device that have yet to be explored, such as introducing malware through mobile ads. And it’s important to keep in mind that the ubiquity of mobile platforms is a relatively new phenomenon. From Guido’s perspective, this offers an opportunity to build up defenses before rather than after the fact.

“What we want to avoid is having the mobile platform become the malware-filled ecosystem that desktops have become,” says Guido. “The malware threat is completely different on mobile devices than on desktops. So it’s taking some time for criminals to figure out how to exploit that environment the way they’ve exploited the desktop environment.”

The MEIP provides a snapshot of the mobile malware vector today and offers many clues as to what direction it will likely take in the near future. As Guido points out, this knowledge is key to staying ahead of the threat.

“We have an opportunity to really nail this problem and fix it before it gets too developed,” he states. “If the vendors don’t keep up, don’t stay ahead of the threat, this is going to be a bigger problem going forward. They’re at risk of falling behind.”

Sign up for our e-newsletter


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.