Android malware steals location data from mobile devices
Symantec on Tuesday joined other vendors offering tools to stop such mobile malware with its own: Mobile Security for Android
By Antone Gonsalves
July 18, 2012 — CSO — BitDefender Labs has discovered Android malware that regularly broadcasts the location of the infected mobile device to a remote server.
What the malware creators intend to do with the privacy-invading information is not clear. The app operates in the background and appears on the smartphone or tablet as an icon with the word "store" written on it.
The store icon is apparently meant to fool the device user into thinking that it is only an e-commerce app, according to Bitdefender. In actuality, the malware broadcasts latitude and longitude of the device, as well as the name of the wireless carrier. It also attempts to enable the device's Wi-Fi connection and scan for antivirusailable access points. All the data is transmitted to the remote server via the device's Internet connection.
[More on the subject: Security managers split on BYOD, skeptical of Android devices]
"Speculating on why all this information is broadcasted, we could conclude that infected devices act as beacons, providing attackers with a relative positioning of certain Wi-Fi networks and the frequency to which infected devices connect or interact with them," BitDefender said in a blog post on Tuesday.
The lightweight spyware has no user interface and transmits location information every couple of seconds. Because the malware runs so effectively in the background, Bitdefender believes it will eventually be bundled with other apps.
Whether it's spyware or another type of malicious app, the number of mobile malware is soaring. The rate of growth last year was 155 percent over 2010, according to Juniper Networks. During the first quarter of this year, the year-to-year increase was 30 percent, with spyware alone doubling. Most mobile malware is targeted at Android, the leading smartphone operating system.
While the increase in mobile malware is troubling, the actual number of infected smartphones and tablets remains relatively few when compared with PC infections. "While we probably haven't seen a widespread, malware epidemic in terms of the Android platform, there have been some that haven't been detected," Christian Kane, analyst for Forrester Research, said.
As a result, companies are looking for technology to manage applications and corporate data on employees' devices. The mobile security market was $674.8 million worldwide last year and is projected to top $1 billion this year, according to IDC. By 2015, the market is expected to reach $1.85 billion, a compound annual growth rate of more than 35 percent.
Symantec, hoping to grab a slice of the pie, announced on Tuesday its first enterprise-grade antivirus software for Android devices. Called Mobile Security for Android, the antivirus software checks suspicious apps against Symantec's blacklist of known malware. When a bad app is discovered, the software can be set to notify the device user and a corporate security team through a mobile device management console.
Symantec also announced updates to its mobile security portfolio that adds technology for securing email and managing applications on Android devices. In addition, the company has integrated its mobile device management software with Microsoft's System Center, which is used to configure and manage Windows PCs.
Symantec's overall strategy is moving toward an all-in-one platform for securing and managing applications, data and devices, Kane said. "For firms that are not looking for one-off solutions, but would really like a single console, something that would integrate and work together, this is a step in the right direction for Symantec."
Symantec competitors in Android security include Intel-owned McAfee, Kaspersky Lab, Bitdefender and Lookout. The mobile security market in general is immature with many enterprise-grade capabilities missing, such as better application and data controls and secure tools for sharing and collaborating on documents with mobile devices, Kane said.
"Mobile management overall has been evolving quickly, but in general the technology is pretty immature," he said. "We have a ways to go in terms of bringing full capabilities that an enterprise would need to properly manage and control their apps, data and devices."
Google's Android is the most popular target for hackers. While Apple iOS is not immune from attacks, the company's tight control over apps built for the OS used in the iPhone and iPad keeps the number of malware down. Because any third party can build and distribute an Android app, malware often ends up on malicious Web sites or is hidden within hijacked legitimate apps.
Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.