When BYOD Equals Bring Your Own Malware

Lookout's analysis of the mobile threat landscape suggests businesses should focus on curbing risky online behavior.

Thomas Claburn, Editor at Large, Enterprise Mobility

February 20, 2014

3 Min Read

16 Top Big Data Analytics Platforms

16 Top Big Data Analytics Platforms

16 Top Big Data Analytics Platforms (Click image for larger view and slideshow.)

As more companies allow employees to bring their own devices to work, they may be opening the door for cybercrime.

Based on its review of 2013 data from more than 50 million users of its Android mobile security software, Lookout expects cybercriminals this year to attack mobile devices as the weak link in heavily monitored enterprise networks.

"The borders that traditionally protected companies are now more porous because people are bringing their phones from homes to work every day," said Jeremy Linden, security product manager at Lookout, in a phone interview. "This allows attackers to get behind your firewall. We do think this sort of thing will become more prevalent in 2014."

Apple's iOS presents less of a concern than Google's Android in this regard, through malicious links and phishing are issues regardless of the mobile platform involved. Linden says that the iOS threat landscape differs significantly from what Android users face. "Apple's App Store is significantly more policed and there's significantly more review," he said. "And unlike Android, iOS users can't install apps from outside the App Store." (That is, unless they've jailbroken their iPhone.)

Lookout's findings indicate that the types of risks faced by mobile users vary across the globe. The most common threat, the company said, is adware, which is essentially advertising that violates mobile platform policies (e.g. harvesting personal information) and expected behavior (e.g. obtaining consent through deception or failing to seek consent).

Lookout says that adware is five times more common than malware on mobile devices. The company puts the average chance of encountering adware on a mobile device in the US at 25%, based on its 2013 data. Encounter rates elsewhere are similar: China 30%, France 31%, Germany 27%; Mexico 34%; Spain 30%; Russia 33%; and UK 23%. Japan and South Korea had significantly lower rates of adware: 9% and 15% respectively.

[Do you own an Android phone. Read WebView Exploit Affects Most Android Phones.]

A second threat category, chargeware, is seen infrequently in the US. These apps, which engage in deceptive billing and often involve pornography, are only seen by about 5% of US mobile users. In Europe, where SMS-based payments are more widely used, chargeware is more common. Lookout puts encounter rates at 13% for France, 23% for Spain, and 20% for the UK.

The encounter rate for mobile malware is lower still. In the US, it's 4%. In China and Russia, the figures are much higher: 28% and 63% respectively. But the potential damage from malware -- theft of passwords and other important information -- can be considerable.

Lookout's report says that mobile risks can be mitigated by using common sense, like installing apps only from trusted marketplaces, not rooting your device, and using a mobile security app. Coming from a company that sells security apps, this perhaps is not a surprising recommendation.

The company also noted that user behavior is the best indicator of risk, having found that those with mobile malware in their phones are seven times more likely download another malicious app. "The types of people who download shady material are likely to do it again," said Linden.

To strengthen your company's firewall, lay a solid foundation in the human resources department.

Engage with Oracle president Mark Hurd, NFL CIO Michelle McKenna-Doyle, General Motors CIO Randy Mott, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. See the full agenda here.

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights