Mobile malware is exploding, though it’s mostly not where you live. If you live in Russia, where 10 gruesome factories churn out 30% of the world’s malware, you’re far more likely to have malware infect your mobile phone than, say, if you live in Sweet Home Alabama. That’s the good news.
The bad news is that Americans are at far greater risk of having their phones hacked by their government than by Russian malware hackers.
Android: Popular With The Malware Crowd
Russia has been busy. According to a 2013 report, roughly a third of all malware globally is produced by 10 Russian firms. According to the Lookout Mobile report, which traced the malware back to its point of origin:
These “malware HQs” are pumping out nasty toll fraud apps, largely aimed at Android users, which force the user to call premium rate numbers.
While the malware infects users globally, the Russian hackers seem happy to focus on Android users close to home, according to a joint Kaspersky Lab/INTERPOL study.
With Android accounting for 84.6% of all smartphones shipped in Q2 2014, according to IDC, it’s not surprising that Android would get hit the most. What is surprising, however, is that attacks against Android significantly outstrip its market share:
Source: Kaspersky Lab, 2014
It’s a booming business on Android, as the report points out: “[I]n the first half of 2014 alone, 175,442 new unique Android malicious programs were detected. That is 18.3% (or 32,231 malicious programs) more than in the entire year of 2013.”
Other findings include:
- Over the course of a year, Kaspersky Lab security products reported 3,408,112 malware detections on the devices of 1,023,202 users;
- In the past year, the number of attacks per month was up nearly 10x, from 69,000 in August 2013 to 644,000 in March 2014;
- The number of users attacked also increased rapidly, from 35,000 in August 2013 to 242,000 in March;
- 59.06% of malware detections related to programs capable of stealing users’ money;
- Trojans designed to send SMS messages were the most widespread malicious programs in the reporting period, accounting for 57.08% of all detections.
And one particularly interesting point? Nearly 52% of all malware attacks stay within Russian borders, according to Kaspersky Lab:
Source: Kaspersky Lab, 2014
The report authors are quick to point out that this percentage is skewed by the high number of devices they track in Russia, coupled with Russia’s heavy reliance on mobile payment services, making it a ripe target for hackers. But even if we cut its number in half, it still looks much more susceptible to malware.
The Malware Is Us
Not that we have it any better in the US. In part because Android isn’t as dominant here, the US gets off with just 1.13% of all malware attacks. And yet we may have far more “malware” coming from our government than others do.
The US government, with assistance from major telecommunications carriers including AT&T, has engaged in a massive illegal dragnet surveillance of domestic communications and communications records of millions of ordinary Americans since at least 2001.
Such surveillance doesn’t come through the front door. As Apple indicates, less than 0.00385% of Apple customers had data disclosed due to government information requests. That’s 250 or fewer such requests.
Even despite the Lilliputian number, Apple announced that it’s shutting down backdoor access to iOS device data, encrypting all iPhone data, and not just the small sliver it used to encrypt. This is a good start, but it won’t be enough to thwart a dedicated hacker … or CIA bureaucrat.
Security expert Bruce Schneier explains:
The recent decades have given [law enforcement] an unprecedented ability to put us under surveillance and access our data. Our cell phones provide them with a detailed history of our movements. Our call records, e-mail history, buddy lists, and Facebook pages tell them who we associate with. The hundreds of companies that track us on the Internet tell them what we’re thinking about. Ubiquitous cameras capture our faces everywhere. And most of us back up our iPhone data on iCloud, which the FBI can still get a warrant for. It truly is the golden age of surveillance.
This isn’t to suggest that we’re immune to hackers, Russian or otherwise, or that the US government is an evil Big Brother determined to spy on our every move. (I have four kids and my night life is considered wild if I have steamed milk and honey before going to sleep at 10:00. I’d be boring to watch.)
But it does reflect the perverse realities of mobile security today. In Russia, the greatest threat is the black-hatted hacker. In the U.S., it’s the white-hatted spy.
I’m not sure which is worse.
Lead image courtesy of Shutterstock