Malware, Google Android and the OHA

So finally it came. After much speculation and whispering about the forthcoming ‘Google phone’, yesterday some actual information was released to the wires [1]. The Open Handset Alliance (OHA) sent out a press release to announce the development of a new open-source platform (dubbed Android) for the development of mobile devices and applications. So, what is the Open Handset Alliance, and what impact might this announcement have upon malware and mobile security?

To quote their website, the Open Handset Alliance “is a group of mobile and technology leaders who share this vision for changing the mobile experience for consumers.” Cutting through the press release, and looking at the list of member organisations, there is obviously sizable momentum behind this alliance, with some big names involved (including, of course, Google). Perhaps more interesting, is the lack of some names, particularly some of those that currently lead development for the mobile platform.

The new platform (Android) is built on a Linux kernel and has been developed specifically for creating a platform to enhance the development of mobile devices and applications. Its arrival will be welcomed by many, who find some of the current mobile device technologies and networks quite restrictive in nature. Ripples in the pond is probably an understatement. Assuming Android, and the devices/applications built on it, live up to expectations I should imagine the impact of Android will be significant. It is worth thinking about how its arrival may impact malware for mobile devices.

We only have to look to our desktops to see how web threats have grown recently. As OS exploits have become more reliably patched and machines more tightly firewalled, web threats have grown significantly. The bulk of web threats use the browser as a delivery mechanism – hitting the browser with exploits that install malware when a compromised page is browsed. Though different browsers are targeted, the bulk of web attacks are still Windows specific insofar as the ultimate malicious payload (be it Trojan or worm) is intended for these platforms.

As mobile devices become more tightly integrated with online services, malware authors potentially gain new targets. Any significant step forward in mobile technology that facilitates web browsing (in terms of both satisfaction and accessibility) could open the door for web threats to pose an increased threat to mobile devices. As browsers are used for increasingly complex web services, it is likely that threats will mature to be entirely OS-independent. Instead of simply using the browser as a vehicle to install malware, threats will deliver their entire payload within the browser ‘environment’. In this way, desktops and mobile devices (any device running an appropriate browser) could be targeted.

We do not have long to wait for a sneak preview of Android. The SDK is scheduled to be made public next week (November 12th). Its release will likely spawn much activity, both good and bad. Think back to the release of the iPhone – within hours there was significant activity from hackers looking to find vulnerabilities, ways to attack the phone. Exactly how Android shapes the market will not become clear until the latter half of 2008, when we can expect to see some devices coming onto the market. Until then, expect much hype and rampant social bookmarking!