The massive and relatively new market for mobile applications, especially for free downloading, also offers new outlets for criminals.
The International Telecommunications Union (ITU) has forecast that global mobile subscriptions will exceed 5 billion by the end of this year, 3.8 billion of which would be in developing countries. This shift in focus toward mobile users also represents a new “tipping point” in vulnerabilities.
According to an annual security report by Cisco Co, cybercriminals, looking for new opportunities outside of the PC environment, are investing more resources in developing ways to specifically target users of mobile devices.
The emergence of the SymbOS/Zitmo.Altr Trojan in 2009 was evidence of the trend. It was the first appearance of mobile malware in the form of a Trojan horse, a program in which malicious or harmful code is used to steal banking information by keystroke logging.
“Previously, cyber criminals sought opportunities to hack and destroy information from users through Windows PC, ” said Patrick Peterson, a senior security researcher and Cisco Fellow.
“But they are resorting to the mobile Windows operating system now that is in much better shape.”
He said cybercriminals themselves were still very much in the “research and development” phase when it came to refining ways to snare victims using mobile devices. There have been a number of phishing scams, mostly regional in focus, targeting individuals or selected groups, such as customers of local banks or credit unions in the last two years.
Products from Apple – including iPhones, iPads, and the iTunes media service – are no longer immune despite the company’s longstanding contention that its operating system is much more secure than others, notably Windows.
The threat is evident with the iPhone, with more than 60 patches designed to fix security vulnerabilities in the iOS 4 already released. The problems encountered included malware that allowed third-party applications to access information on an iPhone user’s location without permission.
However, many users are undermining the security of their smartphones and other devices, including iPads and iTouch devices, by “jailbreaking” which allows users to unlock the operating system, thereby removing Apple-imposed limitations on what and where to download apps.
The worldwide adoption of mobile devices, smartphones in particular, is opening even more opportunities for intrusions and thefts, with cybercriminals shifting their focus toward mobile users and away from the traditional PC environment.