By Mae Kowalke, TMCnet Contributor
It is a scene out of a Mission Impossible movie, only the threat is real. Two product managers and a VP sit down to discuss the latest product release, one that’s been under wraps for months. While the group thinks it is safely beyond the ears of its competition, unknowingly one of those present in the meeting has had malware installed on his Android phone. The malware activates the microphone on the smartphone, and the whole meeting is taped and sent to the competition.
This nightmare scenario is unfortunately not beyond the possible these days.
Kindsight, an Alcatel-Lucent suite of solutions, leverages network-based security analytics such as its 9900 Wireless Network Guardian to reveal the latest trends on security threats to fixed and mobile networks, and its Q2 2013 Kindsight Security Labs Malware Quarterly Report reveals that the number of mobile spyware applications discovered this quarter is on the rise, according to an Alcatel-Lucent blog post, Android phones playing “I spy” at home and at work..
A third of the top 15 security threats are now spyware related, up from only 2 spyware instances the last quarter. MobileSpy and FlexiSpy were already in the top 15 list, but SpyBubble moved up to take the #4 spot while SpyMob and PhoneRecon appeared for the first time, ranking #5 and #7 respectively, according to the report.
Mobile spyware has mostly been confined to the consumer market, but the bring-your-own-device trend is spreading the threat to the corporate world.
“It is surprisingly easy to add a command and control interface to allow the attacker to control the device remotely, activating the phone’s camera and microphone without the user’s knowledge,” noted the blog. “This enables the attacker to monitor and record business meetings from a remote location. The attacker can even send text messages, make calls or retrieve and modify information stored on the device – all without the user’s knowledge.”
Kevin McNamee, security architect and director of Alcatel-Lucent’s Kindsight Security Labs, wrote earlier this month that USA Today, CNN Money and others caught up with him at the Black Hat security event in Los Vegas recently after he showed how easy it is to add malware to apps such as Angry Birds. While iPhones are still relatively secure, more open architectures such as Android are scarily susceptible to security threats posing at legitimate software.
“Anti-virus alone is not enough to stop all malware,” noted McNamee. “It needs to be complemented by a network-based approach to security. Thus service providers can play a value add-added role for subscribers by deploying security software on their networks to spot malicious and unusual device activity and immediately notify device owners with instruction on how to remove the threat.”