Anti-virus vendors hoping to generate sales are always looking for ways to scare the bejesus out of you. While everything they say and do shouldn't be ignored, AV vendors should always be judged with their self-interest in mind.
Hacking made simple
I recently watched a YouTube video in which Bogdan Botezatu, senior e-threat analyst for BitDefender, demonstrated the ease with which someone can infect an Android app. What made the process a snap was a free tool called AndroRAT, which anyone can find with a simple web search.
AndroRAT is called a "binder," because it can repackage a legitimate Android application package file (APK) with a Trojan. An APK is the file format used to distribute and install an Android app, and a Trojan is malware that can take control of a smartphone and open a backdoor to download more software from a command-and-control server.
The version of AndroRAT Botezatu used required no coding. With just a few clicks by the user, the software decompiled the APK of an app downloaded from Google Play, inserted the malicious code and then repackaged everything. The tool also configured the app with the IP address needed to communicate with a C&C server.
While such an app would not fool Google Play's malware scanner, it could end up on less vigilant third-party websites. Such sites are seldom used by Android users in the U.S., but they are a problem in BitDefender's homeland of Romania.
AndroRAT comes with a control panel that tracts infected devices that are online and lets the user control any device by selecting it on a list. Through the panel, a hacker can download images and documents, access the contact list and send texts to premium rate numbers.
Other neat features for a criminal include turning on the microphone, monitoring calls and texting in real time and geolocating the phone via GPS or nearby Wi-Fi networks.
AndroRAT is as simple to use as most software on the average PC. The video shows how far criminals have come in taking the pain out of building and controlling malware.
"Hacking has become much, much too easy," Botezatu said.
AV software still unnecessary
There is no doubt that the tools for hacking smartphones are maturing. However, getting the user to download the malware and install it on the device is still very difficult.
In Asia, Eastern Europe and Russia, infection rates for Android smartphones are higher because people regularly download apps from sketchy sites. In the U.S., the vast majority of people use Google Play, so the chance of infection is minuscule.
Add the fact that Apple vets every app made available for the iPhone, and there's really no reason for people in the U.S. to have AV software on their smartphone, unless you suffer from paranoia.
Market researcher IDC estimates only 5 percent of all smartphones and tablets have some sort of security tools installed, yet, there has never been a wide-scale malware infection of mobile devices.
A lack of profits is the biggest reason hackers are not spending more time trying to infect smartphones. In the U.S., mobile devices are no where near as profitable has PCs, because few people use them for commerce. A recent survey by business software maker SAP found that only 38 percent of U.S. respondents used their phone for more than talking and texting.
Botezatu's demonstration is interesting, because it shows the trend toward ease-of-use in hacker software. That's important to watch, but it isn't a reason to buy AV software.