14 DAY TRIAL // The threat of mobile malware is not as menacing as reports from security researchers make it appear, and the details of the issue are overblown, a new study reveals.
Mobile carriers and marketplace owners such as Google and Apple have made efforts to ensure that their clients are as safe from trouble as possible, and results have started to show.
9,688 devices out of over 151 million connected to malicious hosts
The new report showing the state of mobile security comes from Damballa, provider of automated breach defense solutions, who monitored 49% of the mobile traffic in the US during the fourth quarter of 2014.
The number of devices seen by the researchers on a daily basis ranged between 132 and 160 million, based on passive DNS (pDNS) data collection at the recursive DNS (RDNS) level; an average of unique devices was calculated at 151,858,362 terminals (iOS, Android, BlackBerry and Windows Phone).
Determining an active infection was done by tracking communication with known malicious domains available in public blacklists, phishing and drive-by downloads, desktop malware association and mobile blacklists.
After compiling the results, only 0.0064% of the terminals, which accounts for 9,688 devices, contacted domains in the mobile blacklists.
It must be noted that at most 10% of the market and malware (M&A) hosts were outside the non-cellular pDNS dataset available to the company and that more than 50% of the M&A hosts were associated with at least seven domains.
Odds of getting struck by lightning in a lifetime are of 0.01%
Charles Lever, Senior Scientific Researcher, Damballa, has presented the findings of the study today, at the RSA conference in San Francisco, saying that the odds given by the National Weather Services for someone to be struck by lightning in a lifetime are estimated at 0.01% (1/10,000), considerably more than those of getting mobile malware.
“This research shows that mobile malware in the Unites States is very much like Ebola - harmful, but greatly over exaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection,” Lever said.
In early April, Google published the first security report for Android, claiming that malware, or “potentially harmful apps” (PHA) as Google calls it, is not as serious a problem, as it is depicted most of the times.
The results of the report showed that in 2014, PHAs were installed on less than 1% of Androids, while the percentage of affected devices among those getting apps strictly from Google Play was a meagre 0.15%.