【云开体育app网站下载】手机恶意软件呈指数级增长 More than 1m malware codes target phones



浏览: 73077

【云开体育app网站下载】手机恶意软件呈指数级增长 More than 1m malware codes target phones


Mobile malware took off in 2011. That is when hackers began serious attacks on mobile phones, says David Emm, principal security researcher, at Kaspersky Lab, a cyber security company.手机恶意软件从2011年开始很快发展。


本文摘要:Mobile malware took off in 2011. That is when hackers began serious attacks on mobile phones, says David Emm, principal security researcher, at Kaspersky Lab, a cyber security company.手机恶意软件从2011年开始很快发展。

Mobile malware took off in 2011. That is when hackers began serious attacks on mobile phones, says David Emm, principal security researcher, at Kaspersky Lab, a cyber security company.手机恶意软件从2011年开始很快发展。网络安全公司卡巴斯基实验室(Kaspersky Lab)的资深安全性研究员戴维埃姆(David Emm)称之为,当时黑客开始乘机反击手机。

“At that point, the data became worth stealing, and since then growth has been exponential,” Mr Emm says. He estimates 1m new malicious codes were found on devices in 2015. “The actual number of attacks is much bigger than this because each program tends to be used many times.”“当时,手机数据显得有窃取价值,从那以后手机恶意软件呈圆形指数级快速增长,”埃姆称之为。他估算,2015年期间找到了100万个新的手机恶意代码。“实际反击次数远大于此,因为每个程序往往被多次用于。

”Early attacks focused on causing handsets silently to call premium rate numbers. Then hackers diversified into phishing — creating spoof websites that trick people into revealing account numbers and login details.早期的攻击方式都集中于在造成手机暗地电话收费高昂的电话号码。后来黑客们改向网络钓鱼——利用诈骗网站诱导人们透漏账户号码和指定资料。Phishing still accounts for the overwhelming number of attacks on mobiles, says Mr Emm, although ransomware — locking data and demanding payment for its release — is also big, accounting for 17 per cent of the total across all platforms, according to Kaspersky’s research.埃姆称之为,尽管网络钓鱼依然占有对手机反击的绝大部分,但是勒索软件(瞄准数据,拒绝缴付才关卡)的比例也相当大。根据卡巴斯基的研究,勒索软件在涵盖所有平台的恶意软件中占到17%。


Most phone attacks are on handsets that use the Android operating system because of its large market share and flexible, open technology. Apple’s iPhones use proprietary technology which is more difficult to breach.针对手机的多数反击以配备Android操作系统的智能手机为目标,原因在于Android极大的市场份额以及灵活性、对外开放的技术。苹果(Apple) iPhone配备的系统使用专有技术,攻陷可玩性更大。

“Android is like having a room with lots of doors as opposed to a cave with a single entrance,” Mr Emm says. But Apple is not immune.“Android就看起来一个有很多门的房间,而不是只有一个入口的山洞,”埃姆称之为。但是苹果也并非免疫系统。


In 2015, many app developers unwittingly downloaded a malicious version of Xcode — Apple’s official tool for building apps — from a file-sharing website. Among scores of apps infected were WeChat, a messaging app popular in China, and CamCard, a popular business card reader in the US.2015年,很多app开发商无意间从文件共享网站iTunes了蓄意版的Xcode(苹果官方制作app的软件工具)。数十款app被病毒感染,其中还包括在中国颇受欢迎的即时信息app微信(WeChat)以及美国低人气名片辨识软件CamCard。

Although Apple vets the apps sold through its app store, the infected programs were not initially detected. They were made available and widely used.尽管苹果对在其应用于商店(App Store)下架的app展开审查,但是被病毒感染的软件最初没被观测到。它们被获取iTunes,并且被普遍用于。Mobile phone security is challenging because devices are designed to connect in many different ways, says Ben Johnson, chief security strategist at Carbon Black, a security software company. “Whether it is a text message, email, web browsing, Bluetooth or near-field communication (NFC) connectivity, each method of communication is a potential attack route.”安全性软件公司Carbon Black的首席安全性策略师本约翰逊(Ben Johnson)称之为,由于手机可以通过多种方式相连,手机安全性具备较小挑战性。

“无论是文本短信、电子邮件、网页网页、蓝牙还是近距离通信技术(NFC),每一种通信方式都有可能沦为反击途径。”As human interaction is the main purpose of a mobile device, Mr Johnson adds, there are more chances to trick users. “People are much more likely to click on malicious images or videos sent to a mobile phone than to a PC, because it feels more familiar and natural.”约翰逊称之为,由于人与人之间的交互早已沦为移动设备的主要目的,在手机末端收买用户的机会更加多。“与用于电脑比起,人们在手机上页面蓄意图片或视频的可能性更高,因为它感觉更加熟知,点一起更加挑。


”Phones are also often set to connect automatically and display quick preview images, data or text. “This makes it possible to exploit a system without the recipient opening or ‘clicking’ anything,” Mr Johnson says.此外,手机往往被设置为自动相连以及较慢预览图片、信息和短信的模式。“这使得恶意软件可以在接收者不关上或‘页面’的情况下铁环系统的空子,”约翰逊称之为。Defending against the most serious attacks is difficult, says Ian Evans, a vice-president and managing director at VMware Airwatch. “If the main source of the threat is a nation state agency, you’re best to just throw your phone away.”VMware Airwatch的副总裁兼董事总经理伊恩埃文斯(Ian Evans)称之为,很难抵御那些技术含量最低的反击。

“如果主要的威胁源是某个国家机构,你最差把手机扔到了。”However, simple steps can help against more common hackers. You should use a passcode or complex PIN on your device to protect it in case of loss or theft, says Mr Evans. “And it is best to avoid connecting to public WiFi networks. If the WiFi is not encrypted, somebody could intercept data including passwords. If you have to do so, make sure you always use a virtual private network to connect to sensitive resources.”然而,一些非常简单的步骤可以协助你应付较为普通的黑客。


如果你被迫相连公共WiFi,保证自己总是用于虚拟世界专用网络(VPN)相连脆弱资源。”Also, do not “jailbreak” your mobile devices, he says. This is a process whereby users remove operating system restrictions so that they can customise their phone and download apps not normally allowed. “Jailbreaking negates your warranty and exposes you to more potential malware,” says Keiron Shepherd, senior security specialist at F5 Networks, a cyber security company.此外,他称之为,不要把你的移动设备“逃脱”——指用户中止操作系统容许,以便对自己的手机展开自定义化设置,并iTunes一般来说被禁令的app。“逃脱意味著退出你的售后服务权利,并使手机曝露于更好的潜在恶意软件,”网络安全公司F5 Networks的高级安全性专家吉仑谢泼德(Keiron Shepherd)称之为。Phones with hardware-based encryption tend to offer stronger protection than software encryption, says Mr Evans. “The encryption key is stored on a chip, which acts like a safe.” But Android handsets continue to lack dependable hardware-based encryption, Mr Evans says.埃文斯称之为,硬件加密对手机的维护往往优于软件加密。


“加密密钥存储于芯片中,就像保险箱一样。”但据他讲解,Android手机依然缺乏可信的硬件加密手段。Sometimes phones are compromised during production, as happened in 2014 when a factory-installed “Trojan horse” was found on the Star N9500 Android smartphone, made in China and sold by companies such as Amazon and eBay. It enabled hackers to operate the phone remotely and, being embedded at the factory, could not be removed.有时,手机在生产过程中就早已被植入了恶意软件,就像2014年Star N9500智能手机被找到笔记本电脑了“特洛伊木马”一样。

该款Android手机在中国生产,在亚马逊(Amazon)和eBay等平台出售。黑客可以通过木马远程操纵手机,而木马映射工厂笔记本电脑的软件中,无法清理。The next battleground between hackers and phone owners will be biometric data such as thumbprints, iris or voice profile. At present, hackers rarely use biometrics to circumnavigate security because there are many easier paths, says Mr Shepherd. “This is likely to change. The problem is that if your password is discovered you can quickly change it, whereas once biometric data are compromised, that’s it.”黑客与手机用户之间的下一个战场将是生物特征数据,比如拇指纹、虹膜或语音。