back to article One in 200 enterprise handsets is infected

If your enterprise has 200 mobile devices at least one is infected, so says security firm Skycure The Palto Alto firm has uncovered previous nasty Apple bugs, including the No iOS Zone flaw reported by El Reg last year. All told about three percent of the locked-down vanilla Cupertino devices are infected, the company says in …

  1. Anonymous Coward
    Anonymous Coward

    All of them are

    Open your data connection.... com.microsoft.office now installed on lots of Android phones, I've never opened this ever, it was installed without my permission by the phone vendor.... in two days its sent 839 KB of data across the network. Almost a megabyte.

    Now go to Word and lets see what permissions it has. 839kb is photograph sized data.

    It has permission to access the camera, audio, accounts, phone, it can draw over other apps.... i.e. it can fake an interface and intercept every interaction. It can view wifi connection has full network access, can wake the phone, add accounts, see all the SD card.

    I have never agreed to any Microsoft EULA or used any Microsoft app on the phone. I have never agreed to give it permissions it was given.

    This is typical of many apps installed on many phones.

    And for some reason the authorities, headed by the Home Office, are totally fine with this situation. Gee, I wonder why? All those competing politicians with their smartphones, unaware of the nature of the device sitting on their desks when they talk in the meetings. Just think how a foreign attacker could shape that democracy to ensure only the people it wants are in power.

    And what would such bad actors do? Perhaps they'd turn a countries spying agency against their own country. Perhaps legalize such bulk surveillance to give it legal cover. Perhaps hide the surveillance under a blanket of 'national security' to keep it from legal challenge.

    1. Aodhhan

      Re: All of them are

      While I don't necessarily disagree with what you've said...

      Not opening the applications doesn't keep you safe. It just keeps unpatched applications on your phone. Think about it.

      If you don't need it... remove it (Security 101)

      If you purchase a phone from an ISP, have them remove it or go to a different company who will.

      I've used 4 different cell companies, and all have removed the apps. They just won't change their firmware.

      Still no luck? Then jailbreak and remove it.

  2. Anonymous Coward
    Anonymous Coward

    Every vendor who sells protection against mobile malware says this

    If it is so prevalent, how come I've never met anyone who had malware on their phone, whether iOS or Android? Is it so silent and well-behaved that it is on there and they never find out? Possible, but I doubt it, as typical malware is anything but well-behaved.

    Maybe there is something on these phones, but when I run commercial malware scans on a Windows box it will flag really stupid shit like cookies as a problem. If COOKIES count, then I can easily believe their stats. If they mean "a device that's p0wned to the extent that your email can be read, passwords stolen as they're typed in, etc." then I'd be surprised if the number is a thousandth of what they claim.

    I don't doubt mass malware infestations on mobiles are coming eventually, but as far as I can tell they haven't arrived yet except in the minds of those who are using scare tactics to sell a product.

  3. goldcd
    WTF?

    What are the number again?

    "If your enterprise has 200 mobile devices at least one is infected" - OK, so that's 0.5%

    "All told about three percent of the locked-down vanilla Cupertino devices are infected, the company says " - Now we've jumped to 3%

    "Chief technology officer Yair Amit says while Android devices are twice as likely to be owned than iOS," - Which makes Android 6%

    Finally

    "devices sporting an eye-watering average of 290 apps a piece" No, no they don't.

    1. Anonymous Coward
      Anonymous Coward

      Re: What are the number again?

      If someone has downloaded that many apps, the chances that one could be considered malware in that it tries to trick you into typing in your iCloud or Google Drive password could possibly reach 0.5% I suppose. But so what, anyone who has that many apps on their phone still only uses a handful of them. If you don't run the "malware" app then your phone is just as secure and someone who doesn't have it at all. Apps that can break the security of the OS itself instead of relying on social engineering are very rare indeed. Nonexistent on iOS, I'm pretty sure, at least from the official app store.

      Looking at my phone I've got around 100 non-Apple apps on it, most of which I tried out once or twice but haven't ever bothered to delete. Social media sites like Groupon, Linkedin, Google+ etc. that I no longer use. Some games I picked up because there was a special where they were a free download for a weekend to promote them and thought I'd try it out. In certain categories like weather, biking, etc. I downloaded a half dozen different apps trying to find the best one. It is easy to just leave all the crap there, but this makes me think I should probably do a little cleanup instead of just isolating all the stuff I never use on faraway screens.

      Again, not counting Apple's apps, I count 14 that I can recall using in the past month. Another 10 or so if you go back to the past year.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like