This blog post was written by Bruce Snell.
With Mobile World Congress in full swing, we thought it would be a good time to share some of the statistics and security insights regarding the mobile security. In the past year there have been a number of significant events that have made a big impact on the industry. In our first Mobile Threat Report of 2016, we take a look at some of the key incidents and data that have impacted the mobile world and what these stats mean for a typical mobile user.
One of the most impactful vulnerabilities in mobile world was Stagefright. Named after the vulnerable software libraries it exploits, Stagefright allowed an attacker to send a carefully crafted MMS that would exploit the target mobile device with absolutely no interaction required by the victim. An additional batch of related vulnerabilities were released (dubbed “Stagefright 2.0”) that expanded the range of vulnerable Android versions all the way back to version 1.5. An estimate of over 1 billion devices were vulnerable to Stagefright 2.0.
While this is a pretty severe vulnerability, the long term impact of Stagefright comes in Google’s response. After the issues around Stagefright came to light, Google committed to providing monthly security updates to the Android OS. This was a big shift from their “as needed” approach before and shows how Google is taking Android security much more seriously.
One of the ways McAfee Labs, the threat research division of McAfee, stays aware of the threats we need to protect consumers from is by continuously scanning mobile apps and app stores for malicious or suspicious apps. While most app stores do a decent job of catching malicious apps before they are posted, cybercriminals are always trying new techniques to slip past the gates. While scanning the contents of multiple app stores (not just verified sites like Google Play or Amazon) around the globe, we uncovered a large number of interesting statistics:
- 120 million apps over multiple app stores around the globe
- 9 million pieces of malware were identified
- 9 million apps with suspicious behavior (but not malware) were identified
- 1 million apps with a bad trust score (apps known to share your info with 3rd parties, etc.)
While app stores have screening measures in place, the numbers show that malicious apps are still making their way to the end user through this method.
Dramatic Increase in Malware
2015 showed a dramatic increase in mobile malware. At the end of 2014, we were seeing under 300,000 unique pieces of malware per quarter. Just one year later, the number increased to more than 2.4 million in the last three months of 2015. This shows an increased focus on the part of cybercriminals to target mobile users.
Cybercriminals are also stepping up their game. We’re also seeing an increase in the sophistication of mobile malware. Cybercriminals are starting to use techniques typically reserved for advanced persistent threats (APT) targeted at PCs. We’re also seeing more mobile malware available for purchase online. In our report we take a look at some key examples of the new faces of mobile malware.
As more consumers move to shopping, paying bills, banking and more online, we expect to see cybercriminals turn even more of their attention toward the mobile platform. However, with a combination of common sense, smart shopping, thinking before you click and installing mobile malware protection, you should continue to feel safe using your mobile device as part of your digital life.