Roll Call Release
- 1 page
- For Official Use Only
- July 23, 2013
(U//FOUO) Android is the world’s most widely used mobile operating system (OS) and continues to be a primary target for malware attacks due to its market share and open source architecture. Industry reporting indicates 44 percent of Android users are still using versions 2.3.3 through 2.3.7-known as Gingerbread-which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions. The growing use of mobile devices by federal, state, and local authorities makes it more important than ever to keep mobile OS patched and up-to-date. The following are some known security threats to mobile OS and mitigation steps.
Security Threat Description Mitigation Strategy SMS (Text Message) Trojans represent nearly half of the malicious applications circulating today on older Android OS. Sends text messages to premium-rate numbers owned by criminal hackers without the user’s knowledge, potentially resulting in exorbitant charges for tile user. Install an Android security suite designed to combat these threats. These security suites can be purchased or downloaded free from the Internet. Rootkits are malware that hide their existence from normal forms of detection. In late 2011, a software developer’s rootkit was discovered running on millions of mobile devices. Logs the user’s locations, keystrokes, and passwords without the user’s knowledge. Install the Carrier IQ Test–a free application that can detect and remove he malicious software. Fake Google Play Domains are sites created by cybercriminals. Google Play enables users to browse and download music, books, magazines, movies, television programs, and other applications. Tricks users into installing malicious applications that enable malicious actors to steal sensitive information, including financial data and log-in credentials. Install only approved applications and follow IT department procedures to update devices’ OS. Users should install and regularly update antivirus software for android devices to detect and remove any malicious applications.
Related Material From the Archive:
- (U//FOUO) DHS-FBI Bulletin: Increasing Exploitation of Mobile Device Vulnerabilities
- (U//FOUO) DHS Wireless Medical Devices/Healthcare Cyberattacks Report
- (U//FOUO) Colorado Information Analysis Center Smartphone Security Bulletin
- (U//FOUO) Los Angeles Fusion Center: Detecting and Mitigating Cyber Threats
- (U//FOUO) FBI Cyber Division Bulletin: Advanced Persistent Threat (APT) Actors Targeting Aviation Industry
- (U//FOUO) DHS-FBI Bulletin: No Specific Threats to American Jewish Community, Despite Recent World Events
- (U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Testing of Cybersecurity
- (U//FOUO) DHS Bulletin: Anonymous Hacktivist Threat to Industrial Control Systems (ICS)