Internet security has always been a back-and-forth exchange of blows between hackers, exploiters, and tech-equipped thieves aiming to profit from users and security experts hoping to protect users of the internet or popular hardware. While many attacks, exploits, and data heists are resolved or deflected silently, a number of major events have reached mainstream awareness. The “Lovebug” computer worm of early 2000 was one of the most famous security-breaching pieces of malware ever created. It was estimated to have caused nearly $10 billion dollars’ worth of damage by the end of its run, hitting most major companies and even government organizations. The “Lovebug” took advantage of systemic weaknesses in Microsoft OS and suite software security in order to have such widespread efficacy as a piece of malware.
Another major security disaster that hit mainstream news was the iCloud privacy breach. This was one of the first major issues that brought mobile security to the forefront of public awareness, no doubt in part as a result of the fact that it affected so many celebrities, whose photos were leaked online. It was hardly the only mobile security issue, though, even if it was the most widely publicized.
As mobile devices become the mainstay of internet usage for the common user, Android, too, is facing its fair share of security breaches. The latest trend in malicious user exploitation, known as ransomware, reached global public awareness with a devastating attack on United Kingdom National Health Services computers. Ransomware, however, is no longer limited to desktop and laptop computers, however. Android devices are beginning to be targeted as well.
What Makes Android Devices a Unique Ransomware Target?
Unlike iOS, Android is an open source mobile operating system that has been repackaged by various hardware manufacturers. The base version of Android, published by Google, is wholly open source and has a thriving community of enthusiast programmers constantly improving the platform, however, as a result of the ease of use of Android, it has been adapted away from open-source versions for use with specific hardware. An example of this can be found in the way that Samsung’s widely successful Galaxy phones utilize Android that has been pre-packaged with proprietary firmware and software.
As a result of this widespread popularity and adaptation, security updates for Android are far from unilateral. iOS, being closed source, has an advantage in this respect (though of course there are trade-offs of using a wholly proprietary system.) Official Android security updates can take a long time to be published, and depending on the version operating a user’s individual device, might not even be compatible with the hardware until the manufacturer gets around to it.
Ultimately, it is these discrepancies within Android that lead to Android devices being heavily targeted by ransomware. This unfortunate fact of life on the platform has led to many users worrying about the future of security on Android. Thankfully, Google is taking proactive steps and is encouraging third-party developers to do the same.
How Are Android Devs Keeping up With Malware Creators?
Ransomware is unique in that it combines malicious software with manipulative social engineering techniques. One Android based ransomware impersonates the FBI and accuses the user of violating government restrictions. In order to “unlock” the device from the malware, which hijacks the device’s lockscreen, the user must send money to a specific payment address.
Most current ransomware is able to hijack the Android lockscreen by accessing and taking control of the root/admin privileges. Once it has admin access, it can automatically reset lockscreen pins such that the attacker or creator of the ransomware is the only one able to unlock the device. As a punishment, some ransomware is able to set a randomized pin that even the attacker does not know, effectively destroying device data by making access impossible.
Because of the two-pronged approach of ransomware, Android developers and security experts have to design solutions that handle both attack vectors at once. Education has been one answer, with many makers of Android software and hardware opting to distribute media that helps users know not to fall for ransomware social engineering techniques. Education of users can also help proactively prevent ransomware from accessing the device in the first place since many ransomware programs rely on social engineering to get into the device in the first place.
The open source Android community has also begun making headway on further securing admin and root privileges without too heavily encroaching on the ability for individual users to have control over their devices. Google has also pushed developers, hardware manufacturers, and app developers to focus on more prompt updates when critical vulnerabilities are discovered.
www.nixa.ca is a company of experts who know Android better than you thought possible. If you’d like to ensure your company’s devices are secure, reach out to us today and let our professionals help you avoid getting taken advantage of by crafty malware designers.