Mobile devices increasingly present an attractive, practical and economical alternative to traditional desktops. In the coming years, global mobile payments are predicted to exceed $1.3 trillion, moreover, presenting a mother load of opportunity for cybercrime gangs who appreciate the vulnerabilities of these peripatetic communications and computing platforms, the APWG’s analysis reports.
Malicious attackers seek out the weakest targets. In the case of smartphones attackers are quick to exploit inherent infrastructure vulnerabilities.
Attackers will choose the attack mode depending on the target. However, some basic features are strikingly similar across all operating systems. Devices may vary on design, functionality or network stack Android, iOS, Symbian OS, Microsoft Window Mobile and Palm OS, all offer:
- Access or support of a mobile network.
- Access to the Internet through interfaces such as Bluetooth, WLAN, infrared or GPRS
- TCP/IP protocol stack.
- Desktop PC synchronization
- The ability to simultaneously run multiple applications
- APIs to develop the applications.
APWG provides a rhetorical approach towards mobile crimeware and the intrusion supply chain's structure and examines subjects in depth from a practitioner’s perspective.
Key points that illustrate the potential for growth of an established underground malware market:
- 5.6 million potentially-malicious files reported on Android (APK, dyn-calls, checks-GPS, etc.), of which 1.3 million are confirmed malicious by multiple AV vendors
- Mobile payments are on track to top $1.3 trillion in 2015, bring intense criminal interest
- By 2015 – est. 2 billion + mobile devices
- China, as an example, now has 564 million Internet users; 75% are mobile.