• News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
  • Editorial Calendar 19-20
BW Businessworld

Outsmarting Smartphones

Photo Credit :

Recently I managed to acquire a virus on my Samsung Galaxy S. Or so the service shop says. One fine day, my smartphone was dumbed down to not even being able to make a phone call and would vibrate angrily in short bursts if I asked it to do anything. Nice! I suppose it serves me right for getting app-happy and experimental, and filling up my phone with nine screens-full of apps. Go ahead, iPhone and BlackBerry users, stick your tongues out. But I wouldn't say there is room for complacency for any mobile operating system where a smartvirus can outwit a smartphone with an ease that will match virus performance on computers.

In the first week of March, it was discovered that close to 60 apps on Android Market and on Android download sites were carrying a virus that could take control of smartphones and steal data from them. Basically, it could do what it wants, though Google's mobile blog says all the virus could do was detect the unique device and the version of Android running on it. Experts think it was much more and that it opened an entire backdoor to the phone's system, into which the Trojan gets in and plants more malicious software. The nightmare that has been the domain of PCs for years is here in the form of ‘DroidDream' on Android phones. Dream, as it's supposed to work during your typical sleep hours. How vicious. But what do you expect from cyber criminals who have no trouble using Japan's earthquake as an excuse to lure the unsuspecting to dicey websites.

My phone wasn't the victim of the particularly nasty piece of malware that was DreamDroid, but I was downright sorry that I had offloaded a trial version of mobile security software Lookout. I believed it was Lookout that was constantly scanning and slowing down my phone. Bad move.

Well, I'll never know what it was that attacked my Galaxy because the phone was promptly "formatted" by the local Samsung service shop, and all is back to normal except for my apps. Those affected by the DroidDream Trojan will know it from an email sent by Google, telling you to relax and everything will be back to normal soon.

The tricky thing was that DroidDream virus was nestling in imposter apps, thankfully discovered by Reddit user ‘Lompolo'. Google yanked the offending apps off Android Marketplace, but it's frightening to know it would be so difficult to tell which apps were malicious as they looked legitimate enough. No wonder they were downloaded by at least 260,000 users.

As location information and bank- and payment-related data becomes more widely used on mobiles, it's worrying to know that sophisticated malware can make its way to your device. Android phones are the most vulnerable at the moment, not only because the operating system is open and free for all but also because the whole landscape of versions, updates, etc. is fragmented.

The further shocking thing is, a few days later, Google's security update was also faked and re-jigged to become a version with another Trojan. Talk about adding insult to injury. The actual security update from Google has removed the Trojan from affected devices. If you search for Google's security app on Android Market, you will find it, but you do not need to download it or do anything —these updates are meant to download and work automatically.

As smartphone sales explode, determined efforts of malware-makers scale to match. Security firm Kaspersky Lab says malware threats have doubled since August 2009 and that even basic phones are at risk. Kaspersky Lab has detected over 1,000 variants from 153 different families of mobile threats. The platforms that were targeted also increased. That is not surprising, since those who make viruses cannot resist a challenge.

That whether we will ever be truly free of malicious software is very unlikely. But chipmaker Intel is more optimistic. So much so, they have bought up the security big-wig, McAfee. Intel has acquired many companies over the past 40 years, but this is its biggest buy yet. And it cost $7.7 billion. What Intel plans to do with McAfee is to use the company's formidable security ecosystem to build security right into the chip of various devices, including mobiles. How this will work isn't clear, but modifications will involve the ability to make security scans, threat detection, updates, fixes work faster and better right from the hardware upward. The work at the chip level is not meant to be incremental but a step change.

Don't I remember Microsoft saying some such thing as well? Something about trustworthy computing. Oh well. Someone do something.

mala(at)pobox(dot)com, @malabhargava on Twitter

(This story was published in Businessworld Issue Dated 11-04-2011)