Could Android be the next target for worm attacks?
Jail-broken iPhones have already been targeted, but what does this mean for Android, which has a more open OS?
So claims chief technology officer of security firm Qualys, Wolfgang Kandek.
In an interview with IT PRO, he said criminals haven't yet focused on Android due its comparatively small market share. But Kandek predicted more security issues would crop up as it was much more open than the iPhone.
The iPhone has suffered security issues with worms, but this has mainly been against jail-broken phones.
"As Android gets more market share, it's going to be interesting. As these phones become more powerful, they will become a very interesting attack target," Kandek said.
"So far the iPhone has held up very well, even though there are millions of them. We'll see how Android holds up with its openness and less restrictive interface," he added. "It certainly has the potential to run more powerful worms."
Kandek explained why Android was more open than the iPhone. "Both of these systems are based on Unix, but in the iPhone you do not have root access, so you are not the system administrator when you run it," he said.
"You are a simple user of the operating system, and each program is separated from each other. They cannot talk to each other. So you're running in a jail basically... That is rather powerful, and Android does not have the same level of protection," said Kandek.
As Android is already jail-broken', he said it could leave it open to attack.
To protect the Android-based devices, network operators could do certain things to protect the devices from certain attacks, according to Kandek.
For example, for the first iPhone worm, jail-broken devices were vulnerable in Australia as a carrier decided to put them directly on the internet, whereas in the UK and US it is on a private IP network.
Worm attacks on Android could leave personal information such as contacts, emails and banking details open to criminals.
If - like the most recent iPhone worm - an Android device became part of a botnet, it could also be used to send out spam mails.
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiativesFree Download
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programsFree Download
Modernise your legacy databases in the cloud
An introduction to cloud databasesFree Download
Powering through to innovation
IT agility drive digital transformationFree Download