Mobile // Mobile Business
News
2/20/2014
09:06 AM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

When BYOD Equals Bring Your Own Malware

Lookout's analysis of the mobile threat landscape suggests businesses should focus on curbing risky online behavior.

16 Top Big Data Analytics Platforms
16 Top Big Data Analytics Platforms
(Click image for larger view and slideshow.)

As more companies allow employees to bring their own devices to work, they may be opening the door for cybercrime.

Based on its review of 2013 data from more than 50 million users of its Android mobile security software, Lookout expects cybercriminals this year to attack mobile devices as the weak link in heavily monitored enterprise networks.

"The borders that traditionally protected companies are now more porous because people are bringing their phones from homes to work every day," said Jeremy Linden, security product manager at Lookout, in a phone interview. "This allows attackers to get behind your firewall. We do think this sort of thing will become more prevalent in 2014."

Apple's iOS presents less of a concern than Google's Android in this regard, through malicious links and phishing are issues regardless of the mobile platform involved. Linden says that the iOS threat landscape differs significantly from what Android users face. "Apple's App Store is significantly more policed and there's significantly more review," he said. "And unlike Android, iOS users can't install apps from outside the App Store." (That is, unless they've jailbroken their iPhone.)

Lookout's findings indicate that the types of risks faced by mobile users vary across the globe. The most common threat, the company said, is adware, which is essentially advertising that violates mobile platform policies (e.g. harvesting personal information) and expected behavior (e.g. obtaining consent through deception or failing to seek consent).

Lookout says that adware is five times more common than malware on mobile devices. The company puts the average chance of encountering adware on a mobile device in the US at 25%, based on its 2013 data. Encounter rates elsewhere are similar: China 30%, France 31%, Germany 27%; Mexico 34%; Spain 30%; Russia 33%; and UK 23%. Japan and South Korea had significantly lower rates of adware: 9% and 15% respectively.

[Do you own an Android phone. Read WebView Exploit Affects Most Android Phones.]

A second threat category, chargeware, is seen infrequently in the US. These apps, which engage in deceptive billing and often involve pornography, are only seen by about 5% of US mobile users. In Europe, where SMS-based payments are more widely used, chargeware is more common. Lookout puts encounter rates at 13% for France, 23% for Spain, and 20% for the UK.

The encounter rate for mobile malware is lower still. In the US, it's 4%. In China and Russia, the figures are much higher: 28% and 63% respectively. But the potential damage from malware -- theft of passwords and other important information -- can be considerable.

Lookout's report says that mobile risks can be mitigated by using common sense, like installing apps only from trusted marketplaces, not rooting your device, and using a mobile security app. Coming from a company that sells security apps, this perhaps is not a surprising recommendation.

The company also noted that user behavior is the best indicator of risk, having found that those with mobile malware in their phones are seven times more likely download another malicious app. "The types of people who download shady material are likely to do it again," said Linden.

To strengthen your company's firewall, lay a solid foundation in the human resources department.

Engage with Oracle president Mark Hurd, NFL CIO Michelle McKenna-Doyle, General Motors CIO Randy Mott, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. See the full agenda here.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
2/20/2014 | 10:20:27 AM
Mobile protection
While we're starting to hear more firms talk about mobile phone antivirus software and the like, it does always tend to be the companies that you would expect to push it (like in this instance): the ones that make it. 

Does anyone here have much experience with them and think they're worth using? 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
2/20/2014 | 11:15:14 AM
Re: Mobile protection
I echo Whoopty's question. What are people doing about mobile AV protection? Ignoring, using, hating? Let's get a conversation going. I'm in the "I should be doing something more about this, but what?"
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
2/20/2014 | 12:42:33 PM
Re: Mobile protection
Behavior seems to matter more than AV software, given that malware always seems to be one step ahead of security techniques. Sadly, the simplest answer to mobile security is use an iPhone. If that's not appealing, then the next best thing is probably using only Google Play, avoiding apps from sources you aren't sure of, and avoiding apps with advertising (because calls to remote servers are the source of a lot of problems).
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Author
2/20/2014 | 2:10:00 PM
Re: Mobile protection
As an iPhone user, I'm glad I'm on the right path.... at least fo now!
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
2/20/2014 | 4:29:08 PM
Virtualize the phone
I think, shortly after virtualizing the desktop, it will be necessary to virtualize the smartphone into home and workplace user spaces. The latter will have to be more restrictive and secure than the former.
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
2/22/2014 | 12:03:58 PM
Beware of Free
I wonder if there is a correlation between the amount of malware that is positioned as free alternatives to common applications.  Reason being, if there are higher rates of risks in non-English speaking countries, maybe it has to do with the fact that users are less likely to bother thinking about the potential risks since they can't actually read the descriptions.  Sorry, that's the marketer in me talking.

As for mobile device security in general, I absolutely agree that this will drive adoption of virtualized mobile devices, after all, there is a reason we are seeing an increased interest around products like VMware Horizon, or even when BlackBerry released their Z10 and showed off BlackBerry balance and Samsung released Knox.  The idea of having personal and work separated is a great idea, but the management of it is still cumbersome.  Additionally, since the idea of BYOD means that users are providing their device for work use, many question whether they should be required to submit it to security policies being applied.  This is probably why we are seeing less BYOD and more CYOD (choose your own device).
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.