手機惡意軟體呈指數級增長 More than 1m malware codes target phones
Mobile malware took off in 2011. That is when hackers began serious attacks on mobile phones, says David Emm, principal security researcher, at Kaspersky Lab, a cyber security company.
手機惡意軟體從2011年開始迅速發展。網路安全公司卡巴斯基實驗室(Kaspersky Lab)的資深安全研究員戴維•埃姆(David Emm)稱,當時黑客開始大舉攻擊手機。
“At that point, the data became worth stealing, and since then growth has been exponential,” Mr Emm says. He estimates 1m new malicious codes were found on devices in 2015. “The actual number of attacks is much bigger than this because each program tends to be used many times.”
“當時,手機資料變得有盜取價值,從那以後手機惡意軟體呈指數級增長,”埃姆稱。他估計,2015年期間發現了100萬個新的手機惡意程式碼。“實際攻擊次數遠大於此,因為每個程式往往被多次使用。”
Early attacks focused on causing handsets silently to call premium rate numbers. Then hackers diversified into phishing — creating spoof websites that trick people into revealing account numbers and login details.
早期的攻擊方式都集中在導致手機暗中撥打收費高昂的電話號碼。後來黑客們轉向網路釣魚——利用詐騙網站誘導人們透露賬戶號碼和登入資料。
Phishing still accounts for the overwhelming number of attacks on mobiles, says Mr Emm, although ransomware — locking data and demanding payment for its release — is also big, accounting for 17 per cent of the total across all platforms, according to Kaspersky’s research.
埃姆稱,儘管網路釣魚仍然佔據對手機攻擊的絕大部分,但是勒索軟體(鎖定資料,要求付款才解鎖)的比例也很大。根據卡巴斯基的研究,勒索軟體在囊括所有平臺的惡意軟體中佔17%。
Most phone attacks are on handsets that use the Android operating system because of its large market share and flexible, open technology. Apple’s iPhones use proprietary technology which is more difficult to breach.
針對手機的多數攻擊以搭載Android作業系統的智慧手機為目標,原因在於Android巨大的市場份額以及靈活、開放的技術。蘋果(Apple) iPhone搭載的系統採用專有技術,攻破難度更大。
“Android is like having a room with lots of doors as opposed to a cave with a single entrance,” Mr Emm says. But Apple is not immune.
“Android就像是一個有很多門的房間,而不是隻有一個入口的山洞,”埃姆稱。但是蘋果也並非免疫。
In 2015, many app developers unwittingly downloaded a malicious version of Xcode — Apple’s official tool for building apps — from a file-sharing website. Among scores of apps infected were WeChat, a messaging app popular in China, and CamCard, a popular business card reader in the US.
2015年,很多app開發商無意間從檔案分享網站下載了惡意版的Xcode(蘋果官方製作app的軟體工具)。數十款app被感染,其中包括在中國頗受歡迎的即時資訊app微信(WeChat)以及美國高人氣名片識別軟體CamCard。
Although Apple vets the apps sold through its app store, the infected programs were not initially detected. They were made available and widely used.
儘管蘋果對在其應用商店(App Store)上架的app進行審查,但是被感染的軟體最初沒有被探測到。它們被提供下載,並且被廣泛使用。
Mobile phone security is challenging because devices are designed to connect in many different ways, says Ben Johnson, chief security strategist at Carbon Black, a security software company. “Whether it is a text message, email, web browsing, Bluetooth or near-field communication (NFC) connectivity, each method of communication is a potential attack route.”
安全軟體公司Carbon Black的首席安全策略師本•約翰遜(Ben Johnson)稱,由於手機可以通過多種方式連線,手機安全具有較大挑戰性。“無論是文字簡訊、電子郵件、瀏覽網頁、藍芽還是近距離通訊技術(NFC),每一種通訊方式都可能成為攻擊途徑。”
As human interaction is the main purpose of a mobile device, Mr Johnson adds, there are more chances to trick users. “People are much more likely to click on malicious images or videos sent to a mobile phone than to a PC, because it feels more familiar and natural.”
約翰遜稱,由於人與人之間的互動已經成為移動裝置的主要目的,在手機端誘騙使用者的機會更多。“與使用電腦相比,人們在手機上點選惡意圖片或視訊的可能性更高,因為它感覺更熟悉,點起來更順手。”
Phones are also often set to connect automatically and display quick preview images, data or text. “This makes it possible to exploit a system without the recipient opening or ‘clicking’ anything,” Mr Johnson says.
此外,手機往往被設定為自動連線以及快速預覽圖片、資訊和簡訊的模式。“這使得惡意軟體可以在接收者不開啟或‘點選’的情況下鑽系統的空子,”約翰遜稱。
Defending against the most serious attacks is difficult, says Ian Evans, a vice-president and managing director at VMware Airwatch. “If the main source of the threat is a nation state agency, you’re best to just throw your phone away.”
VMware Airwatch的副總裁兼董事總經理伊恩•埃文斯(Ian Evans)稱,很難抵擋那些技術含量最高的攻擊。“如果主要的威脅源是某個國家機構,你最好把手機扔了。”
However, simple steps can help against more common hackers. You should use a passcode or complex PIN on your device to protect it in case of loss or theft, says Mr Evans. “And it is best to avoid connecting to public WiFi networks. If the WiFi is not encrypted, somebody could intercept data including passwords. If you have to do so, make sure you always use a virtual private network to connect to sensitive resources.”
然而,一些簡單的步驟可以幫助你應付比較普通的黑客。埃文斯稱,你應該在裝置上使用通行密碼或者設定複雜的個人識別碼(PIN),以防手機丟失或被盜。“最好避免連線公共WiFi網路。如果WiFi沒有加密,別人可以攔截包括密碼在內的個人數據。如果你不得不連線公共WiFi,確保自己總是使用虛擬專用網路(VPN)連線敏感資源。”
Also, do not “jailbreak” your mobile devices, he says. This is a process whereby users remove operating system restrictions so that they can customise their phone and download apps not normally allowed. “Jailbreaking negates your warranty and exposes you to more potential malware,” says Keiron Shepherd, senior security specialist at F5 Networks, a cyber security company.
此外,他稱,不要把你的移動裝置“越獄”——指使用者解除作業系統限制,以便對自己的手機進行定製化設定,並下載通常被禁止的app。“越獄意味著放棄你的保修權利,並使手機暴露於更多的潛在惡意軟體,”網路安全公司F5 Networks的高階安全專家吉侖•謝潑德(Keiron Shepherd)稱。
Phones with hardware-based encryption tend to offer stronger protection than software encryption, says Mr Evans. “The encryption key is stored on a chip, which acts like a safe.” But Android handsets continue to lack dependable hardware-based encryption, Mr Evans says.
埃文斯稱,硬體加密對手機的保護往往強於軟體加密。“加密金鑰儲存於晶片中,就像保險箱一樣。”但據他介紹,Android手機仍然缺少可靠的硬體加密手段。
Sometimes phones are compromised during production, as happened in 2014 when a factory-installed “Trojan horse” was found on the Star N9500 Android smartphone, made in China and sold by companies such as Amazon and eBay. It enabled hackers to operate the phone remotely and, being embedded at the factory, could not be removed.
有時,手機在生產過程中就已經被植入了惡意軟體,就像2014年Star N9500智慧手機被發現預裝了“特洛伊木馬”一樣。該款Android手機在中國製造,在亞馬遜(Amazon)和eBay等平臺出售。黑客可以通過木馬遠端操控手機,而木馬嵌入工廠預裝的軟體中,無法清除。
The next battleground between hackers and phone owners will be biometric data such as thumbprints, iris or voice profile. At present, hackers rarely use biometrics to circumnavigate security because there are many easier paths, says Mr Shepherd. “This is likely to change. The problem is that if your password is discovered you can quickly change it, whereas once biometric data are compromised, that’s it.”
黑客與手機使用者之間的下一個戰場將是生物特徵資料,比如拇指紋、虹膜或語音。謝潑德稱,目前黑客很少利用生物特徵來繞過手機安全屏障,因為還有很多更容易的突破方式。“這種情況很可能會改變。問題是如果你的密碼被別人知道了,你可以很快換一個密碼,但是一旦生物特徵資訊被獲取,那就完了。”
