根據(jù)英國電信服務(wù)供貨商BT日前進(jìn)行的一項測試顯示，超過三分之一的 Google Android 應(yīng)用軟件，都包含著某種形式的惡意軟件。BT的專家表示，他們將會對其他幾種移動操作系統(tǒng)上的應(yīng)用軟件進(jìn)行測試，但預(yù)計會有類似的結(jié)果。 “我們分析了1,000多個Android應(yīng)用軟件，發(fā)現(xiàn)其中超過三分之一都包含某種主動或處于休眠狀態(tài)的惡意軟件，”BT的全球安全實踐主管Jill Knesek說?！皫缀趺恳徊吭O(shè)備都遭到了惡意軟件的破壞，不過損壞幅度往往不甚明確，很難判斷這些惡意程序代碼正在主動做些什么，”她在 NetEvents 美洲會議上表示。 主持該會議的記者Wayne Rash表示，他曾經(jīng)檢查過三星(Samsung)的 Galaxy S3 手機，在其中便發(fā)現(xiàn)了由 Google 提供的 Android 應(yīng)用軟件中包含著惡意程序?！斑@還是許多人認(rèn)同的當(dāng)前市場上最先進(jìn)的智能手機之一，”Rash 說。 “雖然有許多可用在 Android 和其它行動操作系統(tǒng)平臺上的反惡意程序軟件，但一般企業(yè)并不常使用它們，”Rash說。 惡意程序代碼只是移動系統(tǒng)中眾多安全漏洞的例子之一。事實上， GPS 也可能被駭客攻破， Knesek 表示。 “人們必須體認(rèn)到 GPS 安全的重要性，以避免年輕女子被跟蹤、殺害或強 奸這類悲劇發(fā)生，”Knesek說。Knesek曾是美國 FBI 的網(wǎng)絡(luò)安全專家，負(fù)責(zé)偵辦過史上頭號駭克 Kevin Mitnick 的案件。 事實上，美國研究人員上周證實了民用GPS的安全漏洞。而稍早前的 Black Hat大會中，也至少有十幾場會議談到了移動通訊系統(tǒng)中的漏洞。 一些與安全相關(guān)的技術(shù)，如生物識別，一旦走出實驗室大門，便很容易顯得脆弱不堪?！拔艺J(rèn)為駭客們將會透過需要加密的手機來竊取人們的生物信息，”她表示。 好消息是包括思科系統(tǒng)(Cisco Systems)、Juniper Networks和Palo Alto Networks等大型企業(yè)已開始采用最新的深度封包檢測(DPI)芯片，以及新的應(yīng)用感知防火墻。該芯片可以檢測和阻止個別申請，Spirent Communications公司測試專家暨行銷總監(jiān)Jurrie van den Breekel說。 “我們看到了一個龐大的市場，我們也收到許多測試技術(shù)需求，”van den Breekel表示?！澳憧梢赃x擇自己想要的應(yīng)用程序，你可以封鎖Dropbox和Skype，以防止企業(yè)資料遭到這些服務(wù)清盤。 van den Breekel 表示，一家拉丁美洲的服務(wù)供貨商已開始使用 DPI 來為電子郵件和社交網(wǎng)站如臉書(Facebook)或 Twitter 等建立獨立的行動資料封包。 “服務(wù)供貨商將擁有允許存取某些應(yīng)用軟件的權(quán)限，他們可以開放其中一種，并封鎖其它部份，”他說?！安贿^，這還只在開始階段。” 本文授權(quán)編譯自EE Times，版權(quán)所有，謝絕轉(zhuǎn)載 編譯： Joy Teng 參考英文原文：More than a third of Android apps host malware，by Rick Merritt

相關(guān)閱讀：
• 采用FOTA自動升級，智能機迭代設(shè)計快速搶占市場
• 未來五年中國IT安全市場發(fā)展的三個熱點
• 智能手機：駭客出沒，請注意！BWWesmc

{pagination} More than a third of Android apps host malware Rick Merritt MIAMI – More than a third of all Google Android applications contain some form of malware, according to tests conducted by BT. A security expert for the U.K. telecom service provider said it expects to test apps for other mobile operating systems and find similar results. “We analyzed more than 1,000 Android applications and found a third compromised with some form of active or dormant malware,” said Jill Knesek, head of the global security practice at BT. “Almost every device is compromised with some kind of malware, although often it’s not clear if that code is active or what it is doing,” she said in a panel discussion at the NetEvents Americas conference here. Wayne Rash, a technology journalist moderating the panel, said he was reviewing a Samsung Galaxy S3 handset and found malware in an Android applications provided by Google. “This is a device considered by some people to be the best smartphone on the market right now,” Rash said. “There’s plenty of anti-malware software available for Android and other mobile operating systems, but companies don’t often insist on using it,” Rash added. Malicious code is just one example of the many security vulnerabilities in mobile systems. GPS devices can also be hacked, said Knesek. “It’s going to take one young woman to be stalked, raped and killed before people realize the need security on GPS,” said Knesek a former cybersecurity expert for the U.S. FBI who worked on the Kevin Mitnick case. Indeed, a U.S. researcher testified before Congress last week about the security holes in civilian GPS. At least a dozen presentations at this week’s Black Hat conference talked about vulnerabilities in mobile systems. Even security technologies working their way out of the lab, such as biometrics, have their vulnerabilities. “I think hackers will steal biometrics with man in the middle hacks--handsets need to be encrypted end-to-end as the Backberry does,” she said. The good news is thanks to the latest deep-packet inspection (DPI) chips, a new wave application-aware firewalls is emerging from companies including Cisco Systems, Juniper Networks and Palo Alto Networks. The chips can detect and block individual applications, said Jurrie van den Breekel, a director of marketing for test specialist Spirent Communications (Calabasas, Calif.). “We see this as a very big market, and we get a lot of demand for testing the technologies,: said van den Breekel, speaking on the panel. “You will be able to select what kind of app you allow--you can block DropBox and Skype, for example, to prevent corporate data from winding up on those services. One Latin America service provider already uses DPI to create separate mobile data packages for email and social networking apps such as Facebook and Twitter, said van den Breekel. “Service providers will have the option to allow access to only certain apps—they will offer one thing and block the rest,” he said. “We are just at the very start of this trend,” he added.