Ask the Expert: Denis Maslennikov Answers your Questions Sent via Social Media Networks

The threats facing mobile devices are among the fastest growing and most serious dangers to the digital world. We gathered your questions on the subject and passed them on to Denis Maslennikov, Senior Malware Analyst at Kaspersky Lab, whose specialist field is mobile threats.

maslennikov 

Android is now the most popular operating system. I wonder, what types of malicious applications affect it, apart from those which like sending SMS messages?

Today, SMS Trojans still remain the most widespread malware in Android environments. However, we have seen a dramatic growth in the popularity of backdoors that can communicate with C&C servers, receiving commands from the cybercriminal. Apart from that, spy Trojans are also widespread; this type of malware steals various kinds of information stored on smartphones.

 

Can we believe Microsoft’s specialists when they say that iPhone jailbreaking is completely safe?

You are probably talking about the new method of jailbreaking Windows RT that appeared in early January. Microsoft’s official comment contained a statement that this specific method of launching applications that are not signed by Microsoft does not pose a security threat to users. In my opinion, this is not completely true. If any method to bypass security mechanisms that are integrated into the operating system and protect against launching unsigned applications exists, it is a security threat.

 

I hear there are PC viruses that intrude into BIOS firmware and damage your PC, and there is no way for a regular user to detect or repair that damage.  Are there similar viruses for mobile devices?

It was CIH, aka Chernobyl, that caused the damage on PCs. According to various estimates, in the late 1990s some half a million of computers all over the world were affected by that malicious program. A more detailed description is available. Up to now, nothing of that kind has been detected for mobile devices.

 

When installing some Android applications, security products typically detect NoAds-type viruses (these are viruses that are not associated with spam). They get detected even in applications that were previously clean (I downloaded a Skype update from Google Play, then waited until a newer update became available). In which cases I can trust viruses, and in which should I not?

You should not “trust” viruses in any cases J. Joking apart, the ads in various legal freeware applications quite often lead to malicious sites that contain a diversity of malware. For example, while playing a free version of Angry Birds, you see a pop-up banner that prompts you to urgently update your Opera mobile browser. It doesn’t matter that Opera may not even be installed on the device. That sort of ad is most likely to lead to a malicious site, from which you could end up downloading malware under the guise of an update.

 

I have lgp350 Android2.2. Will new versions of Kaspersky be supported and stable working on older devices? And secondly, how can I find out about beta launches and participate in product testing for mobile devices, whether on user forums or elsewhere?

Android 2.2 is the minimum system requirement for using KMS. Anyone can participate in beta testing, provided that he/she has an Android smartphone. To do so, you will have to register at Kaspersky Lab’s official forum and leave the appropriate request at the sub-forum for testing mobile device security solutions. New testing announcements are published in the same place.

 

What’s your stance on different modifications of Android? E.g. CyanogenMod, MIUI etc.

From a security standpoint, our general view is negative. Installing third-party firmware often opens up extra opportunities for cybercriminals to infect smartphones and thus gain control over them. When a user is about to install such a modification, it is important that the he/she makes a conscious decision to do so.

 

What viruses currently pose the most immediate threat to PCs and mobile devices?

You can find detailed information about current threats in Kaspersky Lab’s security bulletins:

Security Bulletin 2012: The Overall Statistics for 2012 and Kasperksy Security Bulletin 2012: Malware Evolution

As for mobile devices, part six of Mobile Malware Evolution was published recently.

 

Denis, how easy is it for cybercriminals to penetrate a mobile device? For me, adware is the most malicious type of mobile software. What do you think?

Actually, social engineering is the easiest and the most effective method to infect mobile devices; it has been that way for a number of years. At the moment, cybercriminals usually need to do little more than camouflage their malware program as, say, a popular software update or new levels for a popular game; with this, cybercriminals can successfully infect smartphones. Sadly, users keep falling for such tricks: they install various malicious programs all by themselves, ignoring the list of permissions that the program requires. Undoubtedly, increasingly more sophisticated methods will keep emerging in the near future, such as drive-by infections. By and large, today it is even easier for cybercriminals to infect smartphones than PCs.

 

Today, there are tons of iOS mobile applications available in AppStore which keep confidential information, such as passwords, credit card details etc. Is it secure to keep information in them? I’m most interested in applications which store data in the cloud and transmit them between the user’s devices (iPhone, iPad, PC). If it is secure, could you please recommend one.

The security of these applications depends on whether the developers take a responsible approach to their product: ensuring the security of the application itself, the robustness of the encryption algorithms used, proper testing procedures and rapid response to any bugs. If cloud-based services become part of the equation, new factors arise, such as how well protected a specific cloud is, how secure the data channels are, and many others. Basically, your own memory is likely to be the most reliable place to store long and complex passwords that are unique for each individual serviceJ

 

There are applications which can isolate and differentiate between work and personal content on one smartphone – particularly, for Android. If the smartphone is infected by a virus, what information is at risk – business, personal or both?

Up to now we have not encountered malware which targets data located in “containers”.  In theory, the possibility of any information theft depends on how well these containers are protected and how reliably the data access policies are set.

This software is appearing because in 2012 a so-called BYOD policy, or bring your own device, gained wide popularity. That is when a personal device is used for work purposes. This can offer obvious advantages to organizations, but when any company allows personal devices to access working data it is vital to consider the protection of those devices and data.

 s-Android2

What is your opinion on NFC technology (payment via smartphone)? Are you a supporter or opponent of such “short cuts”? How do you see it from security point of view?

NFC is a technology which might, of course, help to make different payments easier. But for cybercriminals it’s a new opportunity to steal money from users. And when this technology is widespread and popular among users, hackers will definitely try to attack it and steal money.

Some vulnerabilities have already been discovered. Fortunately, there have been no massive attacks, but I fearit’s only a question of time and popularity.

 

What is the most common mobile malware? How can I avoid them, and how can I get rid of them?

The latest trends are described here

As for avoiding mobile malware: 1. Don’t click on suspicious links in SMS/Email/Social media/IM messages 2. Avoid jailbreaking/rooting 3. Use encryption for critical information stored on a device 4. Do not use untrusted Wi-Fi networks 5. Update your OS and third-party software regularly 6. Use a complex security solution with a remote wipe/block feature 7. Don’t think that your mobile device is safer than your PC.

Undoubtedly, increasingly more sophisticated methods will keep emerging in the near future, such as drive-by infections. By and large, today it is even easier for cybercriminals to infect smartphones than PCs.

 

What is the simplest solution to avoid having my Android cell phone hacked?

Remove the battery and SIM card from the smartphone, break your device in half, put everything to a metal box, pour cement over it and bury it J OK, just kidding. See the previous answer.

 

What are the risks of installing pirate software?

If you install pirated software from untrusted sources, there’s always a risk that it will not only be pirated but also ‘trojanized’. And when installing hacked versions of paid games or apps you will also infect your device with malware.

 

Are free apps more dangerous than paid ones?

If we are talking about official apps from an official app store then it is possible that the apps will show ads to user. And unfortunately sometimes clicking on these ads leads to malicious sites which spread different types of malware.

s-Malware

Do users accept too many uncontrolled permissions on apps? Many apps require unlimited control of your mobile device (i.e., contact list). How can we limit those app privileges?

I agree that sometimes various applications require a lot of permissions. And unfortunately users don’t read them carefully or fully understand what they are installing and what they are actually allowing. There is only one way to stop it: don’t install the app. But you have to accept all the permissions if you want to use this or that application.

Sometimes reading all the permissions carefully might help you to avoid an infection. Just think, for example, why does a 23 KB ‘media player’ app need to send text messages or access the contact list? Of course, there’s no need for this app to do any of that.

 

What software do you use?

Windows 7, Far file manager, Microsoft Office, various browsers, archivers, disassembling software and a lot of internal tools.

 

Monitoring and analyzing must be a constant and endless job. How do you refresh yourself?

There are many ways ;) Watching movies, reading, listening to my favorite music, drumming, gaming or just simply walking. If I have a week or two for a holiday, I go to the mountains.

 

My Android smartphone is now a part of my life, just like my PC. Do you think Android devices need a firewall to prevent network threats?

I think that every mobile device needs a complex security solution which can help to avoid various security risks.

 

What should I keep in mind for safe use of tethering?

If you share your Internet connection, then make sure that you’re sharing it with trusted devices. If you’re using someone’s shared connection, then make sure that it is a trusted device and the owner of the device won’t try to sniff your traffic.

 

So, do we need an antivirus for Мас OS X 10.8.2? The guys from Apple are insisting we can safely forget about viruses and antiviruses – they are either absent or the system is highly resistant to viruses. I have a Pro and an iMac and I worry about them… 

Mac viruses exist.  Generally they use vulnerabilities in software like Flash or Java. The latest serious accident was the detection of Flashfake (a.k.a. Flashback) – a malicious program which, by the end of April 2012, had infected over 748,000 Mac OS X computers.

Don’t forget that there are also threats which are not unique to any operating system: phishing and infected web pages can threaten any device that has an Internet connection.

 

Please explain the functions of mobile Trojans/worms compared to normal computer malware.

Behaviors in mobile malware don’t differ from computer malware. There are spying Trojans, downloaders, backdoors, exploits, adware, various destructive Trojans, etc. But there’s one exception. In mobile malware we also deal with SMS Trojans. These are malicious applications which send expensive text messages to premium rate numbers without the user’s consent.

s-SMStroy

Are common threats becoming less popular than software vulnerabilities – such as Java of Flash? Will security software shift towards solutions that warn users about outdated software installed on their computers?

We have noticed some changes in the threat landscape and, indeed, many recent examples of serious mass infections confirm that vulnerabilities in operating systems and software like Java, Flash, etc. are used. However, this does not mean classical threats have disappeared and protection is no longer needed.  There are some features in Kaspersky products that warn users about outdated software that needs to be updated; we plan to develop them further, both in consumer and corporate products.

 

What’s your opinion on moving the bulk of security solutions into the “cloud”?

Security provisioning is a complex task that is generally built around the object being secured. If that object is on a local computer, not in the cloud, security must also be located somewhere near it. In this case, cloud technologies will play an auxiliary role, such as enhancing response times.

 

It is said that you shouldn’t use two antivirus programs and this can cause error messages and can even cause the programs to overlook viruses on the system etc. Is this true?

It’s not worth installing two different antivirus solutions on a machine, as their combined efficiency will be lower than that for one good security software. They will clash and slow each other down. Besides, two antiviruses might delay response to an intentional attack, as the antiviruses will double-check each other. Study the results of independent tests and choose a product based on this information.

 

Is it possible to remove any kind of virus after it infects a computer?

Almost all viruses can be removed after they infect a computer. But sometimes it is difficult to rectify the consequences. For example, if a file was infected by a virus, in most cases it is possible to cure the file, but it can’t be returned to its original state. Some Trojan-ransomware programs encrypt user files with a very strong algorithm, so these files can’t be decrypted without the original key.

 

How can I see if my computer has been infected by malware? What are the symptoms?

Common symptoms include strange processes in the task manager, antivirus/firewall/Windows display messages about abnormal activity, extraneous files (like autorun.inf) on removable devices, the computer works slowly, network traffic increases, etc.

 

Will targeted threats evolve or will they stay at the current level?

Random, speculative attacks – mainly focused on financial data – continue to dominate the threat landscape.  But there’s no question that the volume of targeted attacks has been growing over the last two years.  They will certainly evolve.  The Internet pervades every aspect of our lives today and this brings with it the risk of an attack by those who want to protest online, steal data or sabotage a system.  Since technology itself evolves, attacks will certainly develop alongside this – new systems will mean new attack techniques.  That said, targeted attacks typically start by gathering intelligence – not least on those people who work in the target organization – and by using such intelligence to trick individuals into allowing attackers to gain their initial foothold in the organization.

 

Is it possible that malware can destroy hardware, for example that the fan doesn’t work anymore and vibrates very loudly?

If there’s a software component, it’s certainly possible to damage the hardware, or undermine its normal operation.  This isn’t new.  In the late 1990s we saw the CIH-Spacefiller virus that was able to overwrite a flash BIOS.  That was a one-off at the time.  But we’ve seen recent examples of targeted attacks that cause damage to systems – one of the best-publicized is the damage caused by Stuxnet.

 

What are the prospects of cooperation between Play Market and Kaspersky Lab to manage threats and ensure the security of end users who download applications?

This kind of cooperation is possible.

 

Is there any ‘league table’ of the most damaging ways of attacking users of mobile operating systems (whether material or informational)? If so, where is it available? Are there simple ways to secure yourself without purchasing Kaspersky Lab’s products?

You will find an answer to your question in part 6 of Mobile Malware Evolution.

 

Do you see Dr. Web free for Android as a rival? Does Kaspersky Lab offer anything better?

Yes, we do see it as a competitor. However, we can offer much faster and better quality scanning – as proved by independent testing – as well as a broader feature list. That features list is also available on the free version that was presented in the product’s latest update. (This update will become available at Google Play a bit later.)

 

Should we expect an updated version of Kaspersky Parental Control for Android/iOS to become available? If so, when will that update be released?

I should emphasize that these features are still in the beta stage. We do not plan to include them in the next update (to be released in the coming few months).

 

Should we expect a version of Kaspersky Password Manager for Android-based devices?

Yes you should. It should be available in the near future. Stay tuned  :)

 

In new versions of Kaspersky Mobile Security/ Kaspersky Tablet Security, can we hope to see a new feature for sending a suspicious (phishing) message to the virus lab immediately from your product’s window?

That’s a good suggestion. We’ll see if we can add this functionality. At present, the checksums of all scanned files are automatically sent to KSN, Kaspersky Lab’s cloud service

 

When will Кaspersky Mobile Security for WP8 be released?

In WP8 there is no technical capability to implement an anti-malware solution. It is a closed operating system, similar to iOS. Therefore, I don’t think KMS will become available for that anytime soon.

Send to Kindle