With roughly 3.5 million Canadians using mobile banking apps, mobile security company McAfee says the amount of malicious software threatening mobile platforms is growing, too. But smartphone users in Canada aren’t that vulnerable to attack . . . yet.
“In the first quarter of 2012, we had already detected eight million new PC malware samples, showing that malware authors are continuing their unrelenting development of new malware,” says Vincent Weafer, senior vice president of McAfee Labs. “The same skills and techniques that were sharpened on the PC platform are increasingly being extended to other platforms, such as mobile and Mac; as more homes and businesses use these platforms the attacks will spread, which is why all users, no matter what their platforms, should take security and online safety precautions.”
According to the Toronto-based Solutions Research Group, less than 10 per cent of the population was using a smartphone in 2007. Thanks to the iPhone’s rise in popularity, there are now over 10 million smartphone users in Canada.
Doug Cooke, director of sales engineering for McAfee Canada, says because smartphones and other mobile devices are still so new, users aren’t thinking about security.
“With new toys, you’re mainly concerned with playing with that new toy, not thinking about security,” says Cooke. “Security is something you think about down the road.”
McAfee researchers collected 8,000 new mobile malware samples in the first quarter of 2012, compared to a year ago when there was almost no malware targeting mobile devices. In that period, they colleted nearly 7,000 samples of malware meant for the android platform, a 1,200 per cent increase from the number collected by December of last year.
“The primary reason is that Apple is doing a much better job in terms of monitoring the applications that get into their world,” says Cooke. “The marketplace in the android environment, it’s a little bit more of the wild west. There’s numerous places where you can get apps for the android.”
Mechanisms used by mobile hackers are nowhere near as sophisticated as those targeting PCs, but as the number of users increase, so will the amount of malware. Mobile banking is also on the rise, and Cooke says hackers particularly seek out opportunities to access financial information.
“So much of what the malware writers are trying to do is to be on your system but stealth, so they can gather information about your mobile device and send it out to the Internet so someone can use it.”
Cooke says the main thing hackers are able to accomplish with mobile devices is keystroke logging. If a financial transaction is being completed on a mobile device, the user often enters a personal information number to validate it. A hacker can log the user’s keystrokes, send the pin number to a command and control server, and gain access to the user’s mobile banking account. Cooke says, however, he’s not aware of any Canadian mobile banking apps being attacked in that way.
“There’s a lot of this activity in Asia, a little bit in the United States, but not much in Canada because we don’t have the same level of transaction activity happening through mobile devices…yet.”