Life’s just a Cabiret, Old Chap.

After trawling through the quagmire of samples that SophosLabs receives daily it becomes apparent that there’s a distinct lack of malware targeting mobile devices. The percentage of malware that are submitted is negligable when compared to the number of malicious files found targeting Windows platforms, for instance.

In an age where mobile devices are becoming ubiquitous it seems, at first glance, odd that there aren’t more worms, rootkits and viruses targeting these platforms. So the question must be asked. Why?

Everyone nowadays has a mobile phone and carries it on their person, most people consider their phone a core and essential item of everyday life. In fact, so complete is the infiltration of mobile technology into everyday folks’ lives that even our children are encouraged to take mobile phones with them so that they’re always just a phonecall away from their parents. The resulting takeoff of this technology has promoted the development of hardware, software and protocols, there’s a constant output of new features and software applications that are available to the general public distributed under the guise of making life easier. The most notable of these include the progression into high broadband speeds, in addition to increased memory and media support.

So again one must ask why is this huge potential resource not being tapped by malware authors?

1) Mobile platforms are currently very diverse, incorporating a number of different architectures. One only has to search for smartphone operating systems to be affronted with a huge possibility of choices. Combined with the relatively recent introduction of mobile phones this has led to far less developer awareness of each platform compared to say FreeBSD. The resultant being that there are simply less people capable of effectively developing for mobile operating systems. Less familiarity equals less software.

2) Desktop computers are pervasive and widespread. Any family with a mind to connect globally will likely prefer a laptop or desktop to that of a smartphone/PDA. Their utility is far more cost effective and as a result the hardware associated with personal computers is far more widespread. Mobile phones are expensive and often far less available than other electronic equipment, especially in developing countries. The lack of hardware means that some people are just unable to get their hands on a test platform to develop this kind of malware.

3) While mobile technology is advancing quickly, to become part of the world-wide web, it is still fairly impractical with many devices to effectively surf. This means that people will, in general, visit less websites. This, in conjunction with other restrictions means that malware propogation is limited. Consider a Bluetooth worm, that requires a mobile device to be geographically close in order to spread, this is a limitation when comapared to the short logical distances between machines connected to the internet.

The goal of most modern malware is to create financial realisation for the author. It seems to me to be just a game of numbers. Currently, (and obviously) targeting home computers is more profitable. There’s far more software available and installed on desktop systems, this in turn presents more opportunity for exploitation of said software. Additionally, the kinds of sensitive information that help generate profit for the bad guys is used more on home computers; credit cards and such.

Just consider for a moment, in the last week, how many applications have you installed on your home computer and how many have been installed on your mobile device? As I said, numbers. Now also consider the number of times you’ve paid for an item over the internet, has this ever been done from a mobile device? The conclusion here is that a rootkit installed on a mobile device would be less effective than a similar one installed on somebody’s home Windows system.

All in all it seems that the main reasons behind the relatively low frequency of mobile malware in the wild isn’t due to a lack of technical proficiency or indeed hardware availability, while it is true that these may be contributing factors, it’s simply due to the fact that it’s not cost effective.

Now, what happens when it does become cost effective? I have a feeling that Sophoslabs will be dealing with torrents of nasty samples that aim to rob us folk of any bits of pretty for which we’ve worked hard. Traditionally this has been done by sending SMS messages to premium rate numbers; albeit somewhat unsuccessully as the first incarnations required user interaction. But similar to any research goal, new and more creative ways will be developed to provide advantage for the badguys. The time isn’t now but as we become more dependent on mobile technology and increase the utilisation thereof the samples that have been caught and detected in the wild are harbingers of problems to come.

This article may be reiterative of things previously said in the security world, but it does pay to be vigilant and the importance of personal security justifies the repitition. Be aware of personal security and the threat of malware, it will save many a headache in the future.