Most security software for the Android operating system renders devices vulnerable to system-level threats because they work only on the user level.
A security solution recently launched by McAfee Inc. can be embedded in the operating system to provide protection for devices against the installation of or execution of malicious applications, according to the company.
The software runs transparently on fixed-function systems and enables the entire point-of-service infrastructure to be monitored. It manages whitelists and supports multiple configurations for business needs.
Embedded Control provides continues detection of unauthorized or out-of-policy setting changes. It verifies these events against set policies, time windows and approved changed tickets. Changes outside these policies are blocked.
With the growing popularity of Android powered mobile devices among consumers and business users, the OS has become a preferred platform of embedded solution engineers.
For instance, a recent study of the embedded software market by EBM electronics show that 13 per cent of embedded software developers reported using Android in their 2012 projects. About 34 per cent of respondents also indicated that they are considering working with Android in 2013.
“Unfortunately, this growing attention (to) Android is also drawing new attacks on the mobile OS,” said Bhargava.
For example, McAfee’s threats report for the fourth quarter of 2012 found that there was an 85 per cent increase of new Android-focused malware from the previous quarter.
The survey also found that 96 per cent of tablets and smart phones worldwide lacked security software.
Bhargava said that prior to McAfee Embedded Control, embedded software engineers only had Security Enhanced Linux (SELinux) if they wanted to have enforceable security capabilities for their embedded systems. SELinux, which was produced by the United States National Security Agency, security companies and open source developers, extended the Linux kernel to include a mandatory access control system. This made it more difficult for a rogue program to take control of files and devices.
He foresees, Embedded Control being used on machines other than mobile devices.
“Today we see Android on myriad devices such as point-of-sales machines and office equipment,” Bhargava said. “Embedded control has potential application on retail, medical equipment, industrial control systems, gaming industry, security, automotive, military and aerospace industries.”
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."