Can Smartphones Get Virus/Viruses and Malware? iPhone / Android Phone Only as Smart as Their Users in Malware Detection

Introduction

As smartphones become more and more popular, and their connectivity and processing power increase, they are attracting more attention from malware writers around the world.

"A big tree attracts the woodsman's axe."
-- English proverb

Computer security experts have predicted since 2009 that viruses (actually "malware", which describes all types of malicious software) will hit smartphones. It appears that 2011 will be the year of smartphone viruses. This hub will go into some detail on how do you get smartphone viruses, what sort of damages can a smartphone virus do, and what you can do to protect yourself.

What Can Happen With a Smartphone Virus / Malware / Trojan

First of all, the proper term is "malware" which describes all sorts of malicious software, not just a virus, or trojan, or logic bomb. Malware describes everything malicious.

Any way, malware can do the following (all are actual cases):

  • Send messages to "premium service" SMS numbers that cost extra money, similar to calling 1-900 or 976 numbers
  • Send your personal information to unknown parties
  • Turn your phone into a part of a botnet so others can execute commands remotely for nefarious purposes, such as spam, DDOS attack, and more.
  • Give others ability to monitor your phone calls and text messages
  • Open you to blackmail, if something embarrassing can be found and sent elsewhere
  • Trick you into entering financial information, such as account number, birth date, and more
  • Even stuff on your PC... if you connect your PC to your smartphone
  • and more...

This is a threat you need to take seriously. And here are some examples.

Android Hacked App Turns Your Phone into a Botnet Zombie

Symantec, a world leader in malware detection and computer security, reports that Android malware is on the rise, and they have just detected a hacked version of the popular "Steamy Window" (February 2011) available through Chinese websites that turns your phone into a botnet zombie. Once your phone had been zombified, hackers can remotely control your phone to:

  • send premium text messages
  • block text messages,
  • add bookmarks,
  • force your browser to visit certain websites
  • and more

iPhone Worm Hacks Jailbroken iPhones into Botnet Zombie

You think only Android phones can be zombified? Sorry, Apple iPhone was first targeted. Symantec reported on this worm in June 2010. If you jailbroke your iPhone, but did not change your default SSH password (easily found on Google) this worm, known as the Ikee Worm, will allow someone to remotely control your phone from afar.


HTC Phone In Europe Was Loaded With Botnet Virus

In March 2010, Panda Research, maker of Panda Anti-virus, found that some HTC phones sold in Spain by Vodafone, was infected with a variant of the Mariposa Botnet. As soon as you connect the phone to a PC, the payload attempts to drop the botnet software onto your PC.

If you do not have an anti-virus on your PC, you may be infected just like that.

iPhones are Vulnerable to Scareware

Intego, the Mac Security Blog, found a Dutch Hacker sending ransomware to iPhones back in November 2009! Technically it's not ransomware, as your phone will work fine. However, this Dutch hacker can remotely scan your phone, reveal your vulnerability, and will send you instructions on how to fix it if you send him $5 Euros. So it's technically scareware, but it's a real threat.

If he can see your phone by remote, what ELSE can he see, one wonders?

Phishing Bank App Steals Account Information

Sophos Internet Security, in January 2010, found that some malware writers were releasing fake bank apps targeting smaller credit unions into Android Marketplace. The clear intent is to steal account information from those customers. Fortunately for the customer she called the credit union for assistance, and the credit union quickly realized they have a phishing scam on their hands, as they do NOT have an Android app!

Stolen Apps Steals Info, Roots Your Phone

Android Police got a tip-off from a reader... There are trojan apps in Android Market that was taken, repackaged with malware droppers, then released into Android Market under a slightly different name. Dozens of such apps were released by this "developer".

The trojan will steal your phone's unique ID and other information, and even execute system-level code through a root-exploit.

This super-trojan has been dubbed "DroidDream", and Google has already pulled all the apps by the developer. Android Police reported that XDA has a special patch that should disable the vulnerability.

iPhone Password Can be Hacked in Six Minutes

Let's say you lost your smartphone. That would be a disaster, as it has all your contact information. If you bank with your phone, even worse! It may have personal information in there!

Okay, you locked it with a password. It's safe, right?

Not quite. Some German researchers broke an iPhone's password (with a computer's help) in six minutes.

Scary, isn't it?

Chinese Phone Tapper/Tracker Arrives as Virus

NetQin Security of China reported that "X Undercover", a cellphone surveillance app that can be spread as an attachment, has infected over 150,000 phones in China. The app can reveal GPS coordinates, turn your 2-way call into 3-way call (i.e. tap your phone call), and more. It is being sold as a way for parents to track their child, boss checking up on subordinates, or jealous husband checking on wife (and vice versa).

Okay, okay, what do I do now?

Did I scare you enough? it is actually not that difficult to secure your phone.

Set a Password or Lock Pattern

While passwords and lock patterns can be hacked, it takes time to hack it. Setting a password will give you time to do some other security measures... such as remote wipe.

Use a Password Manager

LastPass or KeePass can be cross platform and give you security without affecting usability too much. Use a different password for every login would give you far better security. 

Do NOT Lend Your Phone to Any One

Someone can install malware into your phone, whether intentionally or not, while it is in their possession. Yes, that includes your children.

Load a Security Package that includes Scan, Phone Tracker and/or Remote Wipe

If you lost your phone, you need to be able to locate it, and/or remotely wipe it clean so nothing from you can be stolen. (And those apps cost $$$, no way around it). Remember, if they have the phone in their possession, they can hack it.

The Security Package should also update itself and scan for malware threats upon every install.

Do NOT Click on Mail Attachments or Links (unless you're sure)

This is same as PC... Do NOT trust attachments or links, even if they appear to be from legitimate sources, unless you are sure.

Do NOT Download / Install Apps from Unknown Sources

By default iPhones only get apps from iTunes Store, and Android only get apps from Android Marketplace. You have to explicitly bypass those restrictions, and that opens you to vulnerability. There are a LOT of pirated stuff out there, promising free apps, but how do you know what are really in those apps?

(ANDROID) Even if it came from legit sources, have some common sense!

Just because it's on Android Marketplace does NOT mean it's automatically safe and legit. Google does NOT inspect all apps.

The fake apps were distributed through Android Marketplace, but they come from unknown developers. Look for reviews and direct links to Android Market or Appbrain instead of downloading sound-alike apps.

(ANDROID) Check those app permissions!

When you install an app on Android, it asks you for certain permissions. When an app asks for more permissions than it should (the fake Steamy Windows app asks permission for "sending and receiving SMS") you should abort the install.

Beware of Abnormal Phone Behavior

  • Does your phone seem far more sluggish than usual?
  • Did you notice strange charges in your phone bill?
  • Does your battery not last as long as before?
  • Does your internet data usage seem much higher than usual?

Make Backups!

Make backup of all information so you can restore them if you have to.


Conclusion

If you do NOT have a security package loaded, you should get one immediately, and set a password on your smartphone. You may not get hit by smartphone malware, but there is no point in taking chances, is there?

For Android, the big names are already on the Scene

For iPhone security, please refer to this guide from eSecurity

Be safe out there.

More by this Author


11 comments

vinner profile image

vinner 5 years ago from India

Very useful article friend. But I think virus attack is comparatively less in phones


kschang profile image

kschang 5 years ago from San Francisco, CA, USA Author

@vinner -- that's because the field's still young. Smartphones only gotten popular in the last few years. It can only get WORSE.


iain-mars profile image

iain-mars 5 years ago from United Kingdom

Great article. I think the danger to smartphone users is even worse than PC users as people are less aware of viruses on their phones! Also with the advent of QR codes sending people to dodgy websites will become more and more common.


Alden L. 4 years ago

so basically the only way to get hit with malware is through "apps" and whatever you download(manually) in your emails ie: attachments...am i right?


kschang profile image

kschang 4 years ago from San Francisco, CA, USA Author

99.5% (my estimate) of malware are spread through fake apps. There are very rare ones that can bypass the OS restrictions through holes that are patched as they are found.


coolnikka 4 years ago

This is very interesting


Sky 3 years ago

So let's say you put music onto an SD card and use that SD card on your phone. If there is an infected file, will your phone also be affected by it, or does it only apply for computers? Especially Trojans.


kschang profile image

kschang 3 years ago from San Francisco, CA, USA Author

Trojans or malware are usually specific to the platform, i.e. a PC virus can't infect and Android phone.

Furthermore, a phone generally don't try to run any apps on the SD card. Unlike a PC, phones don't have "autoexec" option. :)


clydedean 3 years ago

i think virus comes from the most of the free apps or games we download cos we click on agree before we install them it might have gave already access to the virus or malware atm i m using appriva cloud antivirus which is antispyware too i kinda like it and was hoping that you guys give some suggestions too.


Mandababy 2 years ago

Yeah right. All someone needs is to know the right things. I haven't downloaded an app or created an Apple ID and right now my phone is compromised again by using certificates and VPN servers all different kinds of ways. I'm locked out of 4 iPhones right now


kschang profile image

kschang 2 years ago from San Francisco, CA, USA Author

Really, and how do you know this?

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working