手機惡意軟件呈指數級增長 More than 1m malware codes target phones
Mobile malware took off in 2011. That is when hackers began serious attacks on mobile phones, says David Emm, principal security researcher, at Kaspersky Lab, a cyber security company.
手機惡意軟件從2011年開始迅速發展。網絡安全公司卡巴斯基實驗室(Kaspersky Lab)的資深安全研究員戴維•埃姆(David Emm)稱,當時黑客開始大舉攻擊手機。
“At that point, the data became worth stealing, and since then growth has been exponential,” Mr Emm says. He estimates 1m new malicious codes were found on devices in 2015. “The actual number of attacks is much bigger than this because each program tends to be used many times.”
“當時,手機數據變得有盜取價值,從那以後手機惡意軟件呈指數級增長,”埃姆稱。他估計,2015年期間發現了100萬個新的手機惡意代碼。“實際攻擊次數遠大於此,因爲每個程序往往被多次使用。”
Early attacks focused on causing handsets silently to call premium rate numbers. Then hackers diversified into phishing — creating spoof websites that trick people into revealing account numbers and login details.
早期的攻擊方式都集中在導致手機暗中撥打收費高昂的電話號碼。後來黑客們轉向網絡釣魚——利用詐騙網站誘導人們透露賬戶號碼和登錄資料。
Phishing still accounts for the overwhelming number of attacks on mobiles, says Mr Emm, although ransomware — locking data and demanding payment for its release — is also big, accounting for 17 per cent of the total across all platforms, according to Kaspersky’s research.
埃姆稱,儘管網絡釣魚仍然佔據對手機攻擊的絕大部分,但是勒索軟件(鎖定數據,要求付款才解鎖)的比例也很大。根據卡巴斯基的研究,勒索軟件在囊括所有平臺的惡意軟件中佔17%。
Most phone attacks are on handsets that use the Android operating system because of its large market share and flexible, open technology. Apple’s iPhones use proprietary technology which is more difficult to breach.
針對手機的多數攻擊以搭載Android操作系統的智能手機爲目標,原因在於Android巨大的市場份額以及靈活、開放的技術。蘋果(Apple) iPhone搭載的系統採用專有技術,攻破難度更大。
“Android is like having a room with lots of doors as opposed to a cave with a single entrance,” Mr Emm says. But Apple is not immune.
“Android就像是一個有很多門的房間,而不是隻有一個入口的山洞,”埃姆稱。但是蘋果也並非免疫。
In 2015, many app developers unwittingly downloaded a malicious version of Xcode — Apple’s official tool for building apps — from a file-sharing website. Among scores of apps infected were WeChat, a messaging app popular in China, and CamCard, a popular business card reader in the US.
2015年,很多app開發商無意間從文件分享網站下載了惡意版的Xcode(蘋果官方製作app的軟件工具)。數十款app被感染,其中包括在中國頗受歡迎的即時信息app微信(WeChat)以及美國高人氣名片識別軟件CamCard。
Although Apple vets the apps sold through its app store, the infected programs were not initially detected. They were made available and widely used.
儘管蘋果對在其應用商店(App Store)上架的app進行審查,但是被感染的軟件最初沒有被探測到。它們被提供下載,並且被廣泛使用。
Mobile phone security is challenging because devices are designed to connect in many different ways, says Ben Johnson, chief security strategist at Carbon Black, a security software company. “Whether it is a text message, email, web browsing, Bluetooth or near-field communication (NFC) connectivity, each method of communication is a potential attack route.”
安全軟件公司Carbon Black的首席安全策略師本•約翰遜(Ben Johnson)稱,由於手機可以通過多種方式連接,手機安全具有較大挑戰性。“無論是文本短信、電子郵件、瀏覽網頁、藍牙還是近距離通信技術(NFC),每一種通信方式都可能成爲攻擊途徑。”
As human interaction is the main purpose of a mobile device, Mr Johnson adds, there are more chances to trick users. “People are much more likely to click on malicious images or videos sent to a mobile phone than to a PC, because it feels more familiar and natural.”
約翰遜稱,由於人與人之間的交互已經成爲移動設備的主要目的,在手機端誘騙用戶的機會更多。“與使用電腦相比,人們在手機上點擊惡意圖片或視頻的可能性更高,因爲它感覺更熟悉,點起來更順手。”
Phones are also often set to connect automatically and display quick preview images, data or text. “This makes it possible to exploit a system without the recipient opening or ‘clicking’ anything,” Mr Johnson says.
此外,手機往往被設置爲自動連接以及快速預覽圖片、信息和短信的模式。“這使得惡意軟件可以在接收者不打開或‘點擊’的情況下鑽系統的空子,”約翰遜稱。
Defending against the most serious attacks is difficult, says Ian Evans, a vice-president and managing director at VMware Airwatch. “If the main source of the threat is a nation state agency, you’re best to just throw your phone away.”
VMware Airwatch的副總裁兼董事總經理伊恩•埃文斯(Ian Evans)稱,很難抵擋那些技術含量最高的攻擊。“如果主要的威脅源是某個國家機構,你最好把手機扔了。”
However, simple steps can help against more common hackers. You should use a passcode or complex PIN on your device to protect it in case of loss or theft, says Mr Evans. “And it is best to avoid connecting to public WiFi networks. If the WiFi is not encrypted, somebody could intercept data including passwords. If you have to do so, make sure you always use a virtual private network to connect to sensitive resources.”
然而,一些簡單的步驟可以幫助你應付比較普通的黑客。埃文斯稱,你應該在設備上使用通行密碼或者設置複雜的個人識別碼(PIN),以防手機丟失或被盜。“最好避免連接公共WiFi網絡。如果WiFi沒有加密,別人可以攔截包括密碼在內的個人數據。如果你不得不連接公共WiFi,確保自己總是使用虛擬專用網絡(VPN)連接敏感資源。”
Also, do not “jailbreak” your mobile devices, he says. This is a process whereby users remove operating system restrictions so that they can customise their phone and download apps not normally allowed. “Jailbreaking negates your warranty and exposes you to more potential malware,” says Keiron Shepherd, senior security specialist at F5 Networks, a cyber security company.
此外,他稱,不要把你的移動設備“越獄”——指用戶解除操作系統限制,以便對自己的手機進行定製化設置,並下載通常被禁止的app。“越獄意味着放棄你的保修權利,並使手機暴露於更多的潛在惡意軟件,”網絡安全公司F5 Networks的高級安全專家吉侖•謝潑德(Keiron Shepherd)稱。
Phones with hardware-based encryption tend to offer stronger protection than software encryption, says Mr Evans. “The encryption key is stored on a chip, which acts like a safe.” But Android handsets continue to lack dependable hardware-based encryption, Mr Evans says.
埃文斯稱,硬件加密對手機的保護往往強於軟件加密。“加密密鑰存儲於芯片中,就像保險箱一樣。”但據他介紹,Android手機仍然缺少可靠的硬件加密手段。
Sometimes phones are compromised during production, as happened in 2014 when a factory-installed “Trojan horse” was found on the Star N9500 Android smartphone, made in China and sold by companies such as Amazon and eBay. It enabled hackers to operate the phone remotely and, being embedded at the factory, could not be removed.
有時,手機在生產過程中就已經被植入了惡意軟件,就像2014年Star N9500智能手機被發現預裝了“特洛伊木馬”一樣。該款Android手機在中國製造,在亞馬遜(Amazon)和eBay等平臺出售。黑客可以通過木馬遠程操控手機,而木馬嵌入工廠預裝的軟件中,無法清除。
The next battleground between hackers and phone owners will be biometric data such as thumbprints, iris or voice profile. At present, hackers rarely use biometrics to circumnavigate security because there are many easier paths, says Mr Shepherd. “This is likely to change. The problem is that if your password is discovered you can quickly change it, whereas once biometric data are compromised, that’s it.”
黑客與手機用戶之間的下一個戰場將是生物特徵數據,比如拇指紋、虹膜或語音。謝潑德稱,目前黑客很少利用生物特徵來繞過手機安全屏障,因爲還有很多更容易的突破方式。“這種情況很可能會改變。問題是如果你的密碼被別人知道了,你可以很快換一個密碼,但是一旦生物特徵信息被獲取,那就完了。”
