Outdated Operating Systems:
Outdated operating systems pose serious security threats to the smartphones and tablets. With the current pace at which hardware components are stacked together to produce new and powerful devices each day, predecessors are losing the limelight at a rapid rate. The upgrades to the operating systems are not always compatible with the older phones; therefore a vast majority of users tend to stick with older versions of the OS. Also security patches to the identified threats and updates to existing versions are usually not installed properly by the average users due to their lack of concern over mobile security or lack of knowledge on installation processes. Another major issue especially relevant to Android OS which powers about 75% of the smartphones and tablets out there is its huge fragmentation, which causes upgrade processes dreadfully slow. In fact around 50% of the devices still run Gingerbread, while two major upgrades, Ice Cream Sandwich and Jelly Bean have already been rolled out.
Outdated Applications and Malicious Applications:
People are shifting from Desktop PC's to smartphones and tablet PC's and so are the hackers and malware authors. Malicious application codes are often bundled with popular free applications found on apps stores, or with pirated copies of paid versions, and average users hardly notice the spying bots disguised within a popular service. Most trusted services like Google Play and Apple iTunes Apps Store too have been injected with malicious apps despite various security barricades, therefore chances of various third party app stores and web sites being infected with malware are quiet high. User modified versions of operating systems often known as Custom ROMs are usually vulnerable to attacks more than official stock ROMs, since users often root the smartphones to gain the super-user access for installing custom ROMs, and rely on pirated versions of popular apps. These third party markets usually are not monitored closely for potential threats by a professional body therefore malware authors can easily distribute their apps coated with malicious codes without getting caught.
Exploited Wireless Networks:
Public wireless hotspots attract many savvy smartphone users looking for cheap data bundles and many prying eyes of malicious hackers looking for vulnerable targets. Network requests can be manipulated to redirect users to fake websites infected with malware or spyware exploiting the vulnerabilities of the network. User names, user passwords and even stored messages have been retrieved through public Wi-Fi networks without users consent in various occasions. Mobile phones are not typically equipped with firewalls to block insecure connections while surfing on a public Wi-Fi network, therefore potential intruders can steal sensitive data like credit card numbers and bank account numbers and hack into users’ email accounts as well. Using encrypted network connections at home and office, and avoiding accessing public Wi-Fi hotspots at airports and cafeterias are some basic precautions users can take to minimize security threats, until manufacturers and developers start bundling up security firewalls.
Rooting and Jailbreaking of Propriety Operating Systems:
Gaining super-user access to the operating systems by rooting or jailbreaking exposes the system to plethora of security threats. This process allows users to gain full administrative privileges, and install any application including the ones not recommended by the manufactures over security concerns. Rooted devices are easily manipulated by malware including worms, Trojans and various viruses to steal user names and passwords, contact lists, messages and hijack email accounts behind users back. Rooting devices void manufacturers’ warranty, therefore users are not notified of security patches and security updates once devices are rooted and users typically have to manually address such concerns.
Vulnerabilities in Device to Device Connections:
Device to device infections are quiet rare yet however that doesn’t mean they are impossible to be carried out. For instance malware authors can exploit the USB host feature introduced with Android Honeycomb for spreading malware. If the connected device’s USB debugging mode is turned on, chances of the device being infected with malware embedded in the host devices are quite high. This could either be accomplished by a bot running in the background of the host without the users’ consent, or by the owner of the infected host himself, by plugging the device into a target device and installing the malware on it. However it should be noted that device to device infections are quiet rare in earlier versions of Android which still powers up to 90% percent of the Android smartphones. It is also speculated that malware authors will utilize desktop PC's to spread smartphone malware in near future.
Author Bio:
This guest post was contributed by Dmitri Blackthorn, the online security expert, mobile technology specialist and a part of Stop-DDoS.net team - DDoS Mitigation Service provider.