Sample Expository Essay on Mobile Phone Malware

Select network

                   

The term "malware" has emerged over the course of the electronic age to refer to programs that are specifically intended to in some way impede the normal and effective functioning of a given technology. This sample expository essay explores the issue of malware as it pertains to mobile phones including:

1. Malware in general and mobile phone malware in particular
2. History of malware
3. Motivations for malware attacks
4. Differences between different mobile phones regarding malware susceptibility
5. Prominent malware currently affecting mobile phones
6. Sociological dimension of the issue under consideration

History of malware

Malware has existed in some form or another since as early as the 1970s. For example, Radware has noted:

"the 'Creeper Virus' was created in 1971. Once a computer was infected it displayed a short message to the user daring them to capture 'the creeper'. Created as an experiment, Creeper did not cause damage—but did foretell the future of malware with its quick spread through systems" (paragraph 2).

Malware has only evolved from this point. For example, the "trojan" was invented in 1978, the "webworm" was invented 2004, and malware programs masquerading as anti-malware programs (also known as "scareware" programs) began to emerge in 2008. Broadly speaking, while not a cybercrime itself, malware is an aggressive attack against computers connected to the Internet and have existed in a symbiotic relationship with each other. As the Internet has grown and evolved and as Internet users have learned specific security skills over time, malware has also developed in order to make use of new possibilities of attack and overcome the skills of more advanced Internet users.

Over much of the history of malware, though, it would seem that attacks primarily focused on computers. This means that malware targeting mobile phones is a relatively new phenomenon within the broader history of malware. This is presumably because of the fact that until rather recently, mobile phones did not achieve the level of sophistication that would be required for them to become viable targets of malware attacks. Indeed, it is only over the past half a decade or so that "smart phones" have attained the kind of ubiquity within the cultural landscape that they possess today. Before this, it would have really been no more possible to hack a mobile phone than it would have been to hack a landline. Now, though, most people within the United States (as well as several other nations) have phones that can both technologically and pragmatically be called nothing other than little computers. This means that they would also begin to share the vulnerabilities of computers, including malware attacks.

Motivations for malware attacks

Anyone who has been affected by a malware attack has surely wondered why anyone would waste time carrying out such a meaningless project. One motivation would seem to be financial in nature. As Adkins has put it:

"There is only one reason why someone would spend that kind of money to get malware delivered—because it will pay for itself. [A given] article showed that one specific cybergang's income from just one flavor of ransomware [a form of malware] was almost $400,000 a month" (paragraph 7).

In other words, malware operatives may believe that if they distribute their software broadly enough, then eventually they will obtain access to information and/or other resources for which the original owners may pay a handsome sum to have returned (similar to the recent identity theft via a virus infecting IRS computers). Information and knowledge, clearly, possess immense value in the eyes of the original owners of that information and knowledge; and at the financial level, malware may be an effort to exploit this value.

The relevant literature has also indicated that political motives may factor into malware attacks. According to Myers:

"there has been an increasing number of politically-motivated targeted attacks. Imuler, Tibet, and Sabpab targeted Tibetan activists, and Crisis targeted Moroccan journalists" (paragraph 2).

Malware has the capacity to inhibit the performance of the victim's communication technologies, and it can also capture information that the victim would surely like to keep private. In this context, political enemies could easily be motivated to use malware against each other as one weapon in within the context of their broader antagonism with and struggle against each other. In practice, this has the strongest effects on more marginalized political groups, insofar as more centralized groups have access to greater resources in general and cyber-resources (including malware) in particular.

When it comes to specifically to mobile phones, despite the efforts law enforcement agencies have made to change and enforce cyber crime laws, these motivations tend to mean that unless one truly does contain valuable information on one's phone that could be worth significant amounts of money to someone else, this may not necessarily be a primary cybersecurity threat for the average person. As Wood has pointed out:

"The actual number of phones hit by mobile malware, however, is tiny. McAfee said one of the largest mobile infections it was tracking recently . . . had infected 20,000 to 40,000 mobile users in the United States. By comparison, the recent hack of Home Depot's computer network affected 56 million cardholders" (paragraphs 5-6).

Naturally, the significance of mobile phone malware for the average person may become considerably more important has mobile phones continue to develop and become increasingly integrated with computers. For the time being, though, it is unlikely that most people would have much information worth hacking on their mobile phones.

Each device has unique vulnerabilities

There would seem to be a popular perception that mobile phones running on the Android platform are considerably more susceptible to malware than iPhones (i.e. the mobile phones manufactured by Apple). However, this would seem to be little more than a myth. For example, Mick has reported that a prominent new malware (which will be discussed further below) has managed to affect over 100,000 iPhones as of two months ago. Moreover, Myers has indicated that when political activists get attacked by malware, they tend to switch from the Android to the iOS operating systems, but that this does little to actually increase their protection against malware attacks. So, it would seem that there is no empirical evidence for the popular opinion that Apple phones are somehow specifically immune from malware whereas other mobile phones are especially susceptible to it.

Nevertheless, it is an empirical fact that iPhones have cumulatively been less significantly affected by malware than other mobile phones. The reason for this, however, should be sought not in the inherent properties of the technologies themselves but rather in other environmental factors. In particular, it is worth considering the matter from the economic angle. Despite the success of Apple as a company, the point remains that Apple computers and phones do in fact still constitute a relatively small share in the international economy (see Frizell).

Given that this is the case, hackers would seem to simply focus their attention on developing malware that can have the greatest "bang for the buck": that malware that can affect the greatest number of mobile phones for the least amount of effort. This would imply that they would be well-advised to focus on non-Apple phones, insofar as the iOS operating system is far less widespread than the Android operating system. This should not, however, be taken to mean that there are any technical barriers per se against hackers targeting iPhones in the event that they desired to do so. The point here is that for strictly economic reasons, this may often not be selected as an optimal course of action.

Current prominent malware

One prominent malware that has emerged over the past two months or so is known as Wirelurker. This is a malware that primarily targets the Mac OS and iOS operating systems. According to Xiao:

"Wirelurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device" (paragraph 3).

In particular, the malware is especially virulent because it affects iPhones even if they are not "jailbroken": that is, even if users have left Apple's full firmware protections intact on their mobile phones. According to Frizell, it is not clear what the objective of the makers of Wirelurker is; however, they will be able to gain a great deal of personal information from infected phones, which is disconcerting enough as it is.

Moreover, the case of Wirelurker highlights one of the main methods of transmission for malware on mobile phones: the download of applications. Although Wirelurker can affect even iPhones that have not been jailbroken, the risk increases considerably if they have in fact been jailbroken, because jailbroken iPhones have access to third-party application stores. Such stores may have considerably lesser protections in place than Apple's own application store, which would increase the risk of a given iPhone contracting Wirelurker.

Moreover, the very name "Wirelurker" calls attention to the other main route of transmission, which (as has been mentioned above) is through attachment to other infected devices. In a way, the highly social nature of the iPhone—with for example, a person plugging his phone into a friend's computer or charger without a second thought—may itself contribute to the spread of Wirelurker, in an analogous sense to how failure to take appropriate interpersonal cautions (such as covering one's mouth when coughing) could increase the transmission rate of actual illness.

Malware has sociological concerns as well

On the basis of the above discussion, it can be suggested that at the sociological level, there are two main stakeholders who may primarily make use of malware against mobile phones. The first consists of people in power who would like to coerce and/or disrupt more marginal groups; this would correspond to the political motive for using malware. The second consists of relatively marginal people who would like to gain power by exploiting the capture of important confidential information; this would correspond to the economic motive for using malware. For the average person today, though, it could be suggested that malware attacks on mobile phones is primarily more of a nuisance than anything else. The functioning of phones may be compromised, and information may be compromised, but it is unlikely that hackers will really find anything of value to them or use what they find in order to do further damage.

Understanding the big picture of malware and cell phones

In summary, this essay has consisted of a discussion of the subject of mobile phone malware. Several topics have been covered, including:

• History of malware
• Motivations for attacks
• Platform differences
• Prominent malware
• Sociological dimension

Ultimately, it can be affirmed that malware attacks on mobile phones are becoming more sophisticated in tandem with the increasing sophistication of mobile phones themselves. This is to be expected, as it was the exact trend that was traced over the course of the development of the computer itself. Mobile phone users should surely take appropriate measures to protect themselves against mobile phone malware. In the event that an infection does occur, though, it is probably unlikely that the consequences right now for the average person will exceed inconvenience and nuisance.

Works Cited

Adkins, Beau. "The Motivation behind Malware." Light Point Security, 8 Jan. 2013. Web. 9 Jan. 2015. http://lightpointsecurity.com/content/the-motivation-behind-malware.

Frizell, Sam. "How to Avoid the 'Biggest' iPhone Malware App Attack Yet." Time. 6 Nov. 2014. Web. 9 Jan. 2015. http://time.com/3560875/iphone-malware-wirelurker/.

Mick, Jason. "'WireLurker' Malware May Have Infected 100,000+ iPhones, No Jailbreak Required." DailyTech. 6 Nov. 2014. Web. 9 Jan. 2015. http://www.dailytech.com/WireLurker+Malware+May+Have+Infected+100000+iPhones+No+Jailbreak+Required/article36850.html.

Myers, Lysa. "Politically Motivated Malware Attacks Increasing regardless of Operating System." Intego. 16 Oct. 2012. http://www.intego.com/mac-security-blog/politically-motivated-malware-attacks-increasing-regardless-of-operating-system/.

Radware. "The History of Malware." 2012. Web. 9 Jan. 2015. http://www.radware.com/Resources/malware_timeline.aspx.

Wood, Molly. "Mobile Malware: Small Numbers, but Growing." The New York Times. 1 Oct. 2014. Web. 9 Jan. 2015. http://www.nytimes.com/2014/10/02/technology/personaltech/mobile-malware-small-numbers-but-growing.html?_r=0.

Xiao, Claud. "Wirelurker: A New Era in OS X and iOS Malware." Palo Alto Networks, 5 Nov. 2014. Web. 9 Jan. 2015. http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/.