• United States



Contributing writer

Lightning strike more likely than mobile malware

Apr 22, 20153 mins
CybercrimeMobile Security

The threat of mobile malware infection is substantially overblown

The threat of mobile malware infection is substantially overblown, according to a new report, with a typical user more likely to be hit by lightning than be infected.

According to mobile security vendor Damballa, which monitors about half of all mobile data traffic in the U.S., just 9,688 phones — out of a total of 151 million — showed signs of active infection.

That’s a rate of 0.0064 percent.

Meanwhile, the lifetime odds of being struck by lightning are 0.008 percent, according to the National Weather Service, or 25 percent higher.

Not only is the infection rate low, but it’s also falling.

In 2012, the infection rate was 0.015 percent, more than twice as high as today.

“It’s gone down quite a bit since then,” said Charles Lever, Damballa’s senior scientific researcher. “That was actually a bit of a surprise.”

The reason, according to Lever, is that most US smartphone users get their applications from the official app stores. And the stores do a good job at keeping malicious apps out.

Meanwhile, most of the mobile security studies that come out focus on the growing number of malware varieties, not on actual infections, he said.

“Yes, people may be finding more malware samples,” he said. “But in the US, we have strong first-party markets for your mobile devices. If you’re going to install applications, you’re most likely to go to Google Play or the Apple App Store. Both of those are curated, and have kill switches so if apps are installed on user devices they can remove them en masse from both the markets and the devices themselves.”

To find out whether devices were infected or not, Damballa looked for traffic between the smartphones and domains that were known to be associated with mobile malware.

That list of sites now includes 32,000 domains — up from just 3,000 in 2012.

“But even with that 10-fold increase, we didn’t see that many devices reaching out to those domains,” Lever said.

More devices were reaching out to domains that were known to deliver desktop infections.

“Lots of people read email on a mobile device,” Lever explained. “It might have a link to a drive-by download site or some other malicious site but not be targeting mobile specifically.”

That could change in the future, he said, if hackers find ways to install malware on smartphones via websites.

For example, there previously was a way for iOS users to jailbreak their devices by visiting a website.

“They were exploiting a vulnerability in how iOS devices handled PDFs,” Lever said. “It was a convenience to help people jailbreak their device.”

For the most part, however, installing malware onto an iOS device requires physical access.

There is some malware that installs on Android devices via drive-by downloads, such as NotCompatible.

Security company Lookout said NotCompatible has been downloaded more than 4 million times — but actual infection rates might be lower, since there’s a confirmation step required in order to actually install it.

Damballa’s Lever added that another infection pathway for Android devices was the app update mechanism.

“Certain Android applications weren’t using certain security parameters correctly,” he said.

A hacker could then hijack that mechanism so that, say, a user would think he was downloading an update to his anti-virus and get malware instead.

Lever added that of the malware that is commonly found on smartphones, much of it falls into the gray area between adware and malware.

“You get aggressive ads, but nothing particularly harmful,” he said.