Lookout Predicts Toll Fraud To Become the Fastest Path to Monetization
18 Million Smartphones Worldwide May Encounter Malware or Spyware from 2012 to 2013
San Francisco – December 13, 2012 – Lookout, Inc., the global leader in mobile security, today unveiled Lookout’s 2013 Mobile Threat Predictions, a forecast that identifies mobile threats people and businesses may face in the coming year. The predictions are based on Lookout’s Mobile Threat Network, which includes threat data collected from more than one million apps and millions of devices worldwide. Lookout expects toll fraud to continue to be the fastest path to monetization, spam to harvest personal data and businesses to struggle with the right level of control over BYOD devices.
The Mobile Threat Predictions reveal that globally, at least 18 million Android users will encounter mobile malware from the beginning of 2012 to the end of 2013 . In addition, the global likelihood of a new Lookout user encountering a mobile threat, such as malware or spyware, is .84% on average from June to October 2013. The US likelihood remained low at .40% in October 2012.
Web-based mobile threats like phishing links or malicious websites, continue to be the most prevalent and relevant threat to smartphone users. Nearly four in ten people encountered a web threat over the course of 2012 and we expect this trend to continue.
Highlights for the 2013 Predictions include:
Toll fraud continues to grow: 72% of all of Lookout’s malware was classified as toll fraud in 2012. This class of premium SMS fraud will continue to dominate the 2013 mobile threat space despite improvements made on the Android platform. Toll fraud is the easiest and least technical path to monetization and provides considerable ROI that is built into most mobile networks via pre-existing billing channels. In addition, while more recent versions (Jellybean 4.2) of Android devices provide updated protection against premium SMS abuse, older versions of Android remain vulnerable.
Spam harvests personal data: SMS-based spam will increase in its volume across mobile networks in 2013. Lookout recently observed a number of malicious applications toll fraud-based and otherwise, actively collecting contact information from infected devices. It’s not a stretch to expect that malware writers will seek to monetize these datasets via spammers. It’s only a matter of time before writers send spam in-network, infecting devices to appear they have come from inside as the have on PCs in the past.
Businesses strike a balance between control and employee empowerment: Finding the right balance between protection and employee empowerment will be the business mobile threat challenge of 2013. As corporate IT administrators seek to manage the various mobile threats, there is the potential that by over-correcting for the problem, employees will seek new ways to subvert processes and policies that constrain the pure consumer experience.
“In 2012, smartphones and tablets managed countless aspects of our personal, public and business lives, giving attackers more incentives to strike,” said Kevin Mahaffey, co-founder and chief technology officer at Lookout. “In 2013, people and businesses will be more aware of the risks to their mobile devices than ever.”
“Trust is one of the most important factors determining if people will use their devices to the fullest potential. Our mission is to ensure that people have the confidence they need to conduct their personal and business lives in the mobile era.”
Avoid toll fraud, regularly check your phone bill: Always review your monthly phone bill statements for suspicious charges. Contact your carrier if you identify something you believe to be fraud.
Double-check URLs on your mobile: After clicking on a web link, pay close attention to the address to make sure it matches the website it claims to be, especially if you are asked to enter account or login information.
Protect your privacy, understand app permissions: Be cautious about granting applications access to personal information on your phone or letting the application have access to perform functions on your phone. Make sure to check the privacy settings for each app before installing it.
Be smart about device settings: Keep network connectivity such as NFC / WiFi, or Bluetooth ‘OFF’ when not in use. Be sure to disable settings such as debug mode that can open a device up to illicit access.
Download a security app: Download a security app that scans the apps you download for malware and spyware, helps you locate a lost or stolen device, and protects you from unsafe websites.
Update your phone and apps: Make sure to download and install updates from your mobile operator as soon as they are available for your device. The same goes for apps, download app updates when they are available.
How Businesses Can Stay Safe in 2013
Raise employee awareness: Help employees understand the threats and risks in the wild so that employees can take action to safeguard their phones.
Protect employees’ phones. Ensure that every phone – personal or business – is protected with a mobile security software that finds malware, scans apps, and locates and remotely wipes the device.
Patch known vulnerabilities: Keep employee phones’ operating system software up-to-date by enabling automatic updates or accepting service provider’s updates when prompted. Stay up to speed on what vulnerabilities are not patched across device types and carriers to maintain a proper threat model. The National Institute of Standards and Technology offers a database of device vulnerabilities.
 To estimate the total number of mobile users that will encounter malware from the beginning of 2012 to 2013, we used the likelihood rate of infection in October 2012 from global top markets. By extrapolating this detection rate across Android user base for each market (reference Canalys) in 2012 and the expected shipment base in 2013 for each market, Lookout estimates that as many as 18.4 million will encountered malware/spyware from the beginning of 2012 to the end of 2013. We combined shipment data from 2012 and 2013 to get an accurate representation of the number of phones in the market based on the average two year cell phone contract.
Lookout is an integrated endpoint-to-cloud security company. Our mission is to secure and empower our digital future in a privacy-focused world where mobility and cloud are essential to all we do for work and play. We enable consumers and employees to protect their data, and to securely stay connected without violating their privacy and trust. Lookout is trusted by millions of consumers, the largest enterprises and government agencies, and partners such as AT&T, Verizon, VMware, Vodafone, Microsoft, Google, and Apple. Headquartered in San Francisco, Lookout has offices in Amsterdam, Boston, London, Sydney, Tokyo, Toronto and Washington, D.C. To learn more, visit www.lookout.com and follow Lookout on its blog, LinkedIn, and Twitter.