Smartphone Hacking will rise in 2012, Experts Warn
By Herb Wesibaum
Posted: January, 2012
Security experts predict 2012 will be a breakthrough year for cyber-attacks on smartphones. There are now enough of these mobile computers in use to make them an inviting target. “Shopping and mobile banking are things that are going to leave a trail and contain lots of goodies that criminals can go after,” says Rachel Ratcliff Womack with the digital security firm Stroz Friedberg. In addition to all of your personal information, you probably have business email and contacts on your phone. “It brings those two worlds together in a very convenient package for criminals to target,” Womack says.
Not only are they loaded with all sorts of personal information a crook would like to steal, most smartphones are also completely unprotected. The subject of malicious cell phone attacks has been greatly hyped the last few years. But during 2011 it became clear that this is a real threat that must be taken seriously.
“We are only at the beginning of the wave,” says James Lyne, director of technology strategies at Sophos, an international firm that specializes in online security for businesses. “We’ve definitely got to start worrying about security on mobile devices.”
But people don’t seem to have the same security concerns with their smartphones that they do with their PCs. “The problem is that users may view these devices as eminently secure, when in reality they are just waiting to receive more attention from cyber-criminals,” Lyne says.
All smartphones can have security vulnerabilities, but right now most mobile malware is aimed at Android devices. That’s because Android powers more devices and it’s an open platform, which makes it’s easier for the bad guys to distribute their malicious software.
In a new report, Lookout Mobile Security estimates that Android users lost more than a million dollars to cyber-thieves last year. The company says the annual risk of encountering malware on an Android device is now 4 percent, up from 1 percent at the beginning of 2011.
“In 2012, we expect to see the mobile malware business turn profitable,” says Kevin Mahaffey, Lookout’s chief technology officer. “What took 15 years on the PC platform has only taken the mobile ecosystem two years.”
What are the threats?
Mobile malware can do all sorts of things. It can spy on you, run up your wireless bill or steal your personal information.
“The things they are doing on PCs, they’re also doing on smartphones — and even more,” says Gary Davis with McAfee Labs.
•There are banking Trojans that will intercept financial transactions with your bank and then use that information to drain your bank account.
•Other malware can send text messages to premium SMS services without your knowledge. You wind up with a huge bill at the end of the month for text messages your phone sent.
•Spyware can harvest information about the places you go and when. It can also record phone conversations and forward them to the attacker.
•Quick Response codes (those black-and-white squares starting to show up in all sorts of ads) can also pose a security risk. Internet security company Kaspersky Lab recently reported that it found QR codes can link to malicious text messages or websites.
•And of course, you can always click on a malicious link yourself or be tricked into giving out your personal information via a phishing scam directed to your cell phone.
What can you do to protect yourself?
The first security software for smartphones is now available and more will soon hit the market.
McAfee is working on a product that analyzes the “permissions” an app wants from your device and warns of possible threats. For example, a flashlight app doesn’t need to look at your location or your phone book. If the security software found a flashlight app asking for access to that information, it would flag it.
But do you really need security software for your mobile devices?
“We don’t think that people have to install yet another program for security on their phones, at least not now,” says Paul Reynolds, electronics editor at Consumer Reports. “Probably the biggest security threat is losing your phone.”
Security expert Lyne agrees. He says mobile security today is about the basics: have a decent password, use encryption, and make sure your device is patched — running the latest versions of both apps and the phone operating system.
But he says in the next year to 18 months, you probably will need to seriously consider security software, especially if you use your smartphone for shopping or banking.
You also need to be careful about the apps you install. Think before you download. Check reviews. Be skeptical. “Stick with the major apps and the major app stores,” advises Rachel Ratcliff Womack.
If you go to Amazon or the iTunes store, your chances of getting malware are relatively low, but still possible. You run a greater risk at the Android Market.