Mobile platforms have, for many years now, been better protected from malware than PCs. But as the smartphone revolution continues, mobile devices face more security threats than ever before. Data recovery from infected devices can be very difficult, so it’s important to stay one step ahead.
Stagefright takes advantage of a vulnerability within the Android media library, and is sent by hackers through an MMS picture message. When the vulnerable Android device receives the message and it’s automatically downloaded, the device is then infected through the multimedia preview function. The user doesn’t actually have to do anything – as soon as the MMS is received, they become infected. The bug was discovered in 2015 by security firm Zimperium, and it can steal your data, use the camera, hack the microphone, and effectively operate as spyware.
But it isn’t just Android devices that are vulnerable – the XcodeGhost malware attacks iOS devices, both jailbroken and non-jailbroken. Devices are infected when users download infected apps that have made it onto the App Store, which have become infected by developers download Apple’s Xcode SDK from illicit sites and not the official Apple site. By downloading the SDK from non-authorised sites, developers are unwittingly hiding malware in their apps. To date, thousands of infected apps have been removed from the App Store by Apple. XcodeGhost can allow remote command and control and can steal credentials. Another malicious program, Keyraider, only targets jailbroken iPhones, because of the eliminated security features that are built into the OS. It can steal emails, passwords, documents and other data. The best way to remove malware on iOS devices is to restore from a backup; keeping regular backups also helps with data recovery.
