Connect with us

Hi, what are you looking for?


Mobile & Wireless

Mobile Security Exploits to Double in 2011, Says IBM X-Force Report

IBM researchers are predicting 2011 will see twice as many mobile exploits as 2010.

IBM researchers are predicting 2011 will see twice as many mobile exploits as 2010.

In a new report, IBM’s X-Force team declares the consumerization of IT – epitomized by the “Bring Your Own Device” approach becoming commonplace among companies – is raising security concerns due to the steady rise in security vulnerabilities and malware affecting these devices. Their declaration echoes findings from Damballa, which noted a significant increase in the number of Android devices infected with malware during the first half of the year.

“For years, observers have been wondering when malware would become a real problem for the latest generation of mobile devices,” said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force, in a statement. “It appears that the wait is over.”

According to the report, mobile malware is typically delivered through third-party app stores. However, infected applications have also been found on applications on peer-to-peer networks, hosted on Websites and even on Usenet.

“These off-market applications are usually targeted at people looking for pirated versions of commercial Android applications,” the report’s authors wrote.

Mobile Device Exploits

While the report noted the increase in mobile threats, the researchers also found that the first half of 2011 saw a decrease in Web application vulnerabilities, which dropped from 49 percent of all vulnerability disclosures down to 37 percent. This is the first time in five years X-Force reported seeing a decrease. In addition, high and critical vulnerabilities in web browsers were also at their lowest point since 2007.

IBM researchers tested almost 700 web sites — from the Fortune 500 and other most popular sites – and discovered that 40 percent of these contain client-side JavaScript vulnerabilities. Meanwhile, the success of advanced persistent threats (APTs) raised the profile of “whaling” –spear phishing targeting large organizations, the researchers said.

Advertisement. Scroll to continue reading.

“The rash of high-profile breaches this year highlights the challenges organizations often face in executing their security strategy,” Cross said. “Although we understand how to defend against many of these attacks on a technical level, organizations don’t always have the cross-company operational practices in place to protect themselves.”

In related news, IBM also said that it is launching the Institute for Advanced Security in Asia Pacific, in order to combat growing security threats in the region. The IBM Mid-Year X-Force report states that top countries originating spam have shifted to Asia Pacific, with India sending out roughly 10 percent of all spam registered today, and South Korea and Indonesia also making the top five list. This Institute joins IBM Institues in Brussels, Belgium and Washington, D.C.

The full X-Force Report is available here. (PDF Download)

Related Reading: Attacks on Mobile and Embedded Systems: Current Trends

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.