Nearly 23 per cent of organisations in India run a risk of mobile malware attack. This is higher than the global average of 20 per cent, according to Check Point Software Technologies, cyber-security company.
Venugopal N, Director of Security Engineering, Check Point Software Technologies India, said that the company already has ‘SandBlastMobile’, the brand under which its pay-per-use mobile security solutions are sold. In an interview with BusinessLine, he talks about mobile phones’ vulnerabilities to malware attacks, its detection, and threats from public Wi-Fi. Edited excerpts:
What are the threats that you see from a mobile security point of view?
On a weekly basis, about 23 per cent of organisations are impacted by mobile malware in India. Comparatively, mobile malware (that enter mobile phones) is about 20 per cent globally. So the threat is much higher in India and the challenge is that people do not know what’s happening with their mobile phones.
Compared to a laptop or a system malware, what is the time taken to detect one on a mobile phone?
Typically, it takes about a year to detect a breach on a mobile phone. The average on the network varies from people to people, some say about two to five months.
Why is mobile malware difficult to detect?
People tend to take mobile security lightly. Recently we found a variant of mobile malware that was affecting about 25 million devices globally; this could be end-users or organisations or enterprise. Our researchers noted that this variant impacted nearly 15 million devices which were Android users in India. Simply because of the way this particular malware operates, the users don’t even know what is happening. We term this malware “Agent Smith”. It was disguised as a Google app (mobile application) on the Play Store and when the users downloaded the app there was a part of the code in the malware which was exploiting the OS (operating system) vulnerabilities. So the code of the malware was designed in such a way that it replaced the genuine apps on the phone with the malicious versions. People were just not aware of it. Once we told Google about these apps (about 16 apps), they removed it.
Is it just app downloads where the threat arises?
One is the applications that you download which has malware. Also, people tend to connect to public Wi-Fi, which is free. You might have someone snooping on that Wi-Fi. It is very easy for hackers to actually snoop on a free public (open) Wi-Fi.
The latest is that we get is a specific SMS with a phishing link that victims click on unknowingly because you don’t see it as a phishing link.