How Safe Is Your Phone?

Security & Privacy

Compared to their PC cousins, smartphones have mostly enjoyed a near immunity to viruses and spyware. But that, unfortunately, is changing.

In the first half of 2011, F-Secure Security Advisor Sean Sullivan has seen seismic shifts in the mobile phone landscape that has prompted F-Secure Labs to warn that consumers and developers to stop taking mobile security and privacy for granted.

“As phones began to support applications, strict approval processes, such as those employed by Apple and Symbian, combined with the diversity of phone software made PCs much more profitable targets for criminals than mobile devices,” Sean explains. “However, criminals are finally finding cracks in mobile security just as millions of smartphone owners have begun to regularly use their devices for business and banking.”

According to a new international F-Secure survey*, 51% of smartphone owners use their devices for business.

“Many professionals use their mobile devices like portable PCs while taking few if any of the security precautions they do on their desktop computers,” says Sullivan. “But mobile technology is quickly evolving past the era of worry-free security and privacy.”

This past April, many smartphone owners were shocked when a security researcher announced that their iPhones had been tracking their travel history. Apple said that this feature was a bug in the iOS software, and that the history was supposed to be erased every 7 days. An iPhone update quickly ‘fixed’ the bug and allowed users to opt out of location services completely for the first time.

“If you read the many, many pages of the iTunes Privacy Policy, Apple does say that your data can be used anonymously to improve Apple products. And Google’s Android and Windows Phone 7 collect anonymized location data in similar ways,” says Sean. “This was only international news because people realized for the first time how much private data they may be revealing through their phones.”

Sean sees the mobile landscape transforming even more rapidly as manufacturers and mobile carriers capitalize on massive opportunities to acquire customers and data.

In February of 2011, Nokia, the world’s largest maker of handsets, announced a pact with Microsoft to transition from the Symbian operating system to Windows Phone 7. This colossal strategic shift followed news that Google’s Android had passed Symbian as the world’s most popular smartphone operating system. And in August 2011, Google purchased phone manufacture Motorola Mobility.

“Google’s open application development may have fueled Android’s rapid ascendancy. But it also created a ‘Wild Wild West’ atmosphere that has been exploited by rogue developers,” Sean explains.

Over the past year, trojanized apps have appeared in several third-party marketplaces. In March 2011, more than 50 rogue apps were even removed from Android’s official market place for the first time, requiring Google to remotely remove the infected apps from phones using its “kill switch.”

Sullivan says, “Google’s purchase of Motorola is likely to support Android’s growth, and not just on smartphones. Android 4 is scheduled to arrive this October, and that will reunify Android, creating tablet competitors to the iPad. Tablets are more likely to be used by North Americans to do things traditionally done on PCs, such as online banking, and that could increase attacks on tablets.”

For the millions who already own Android devices, the security situation will evolve as apps become more secure and device software ages. “Android Marketplace’s ability to tame rogue apps could improve, but the growth of the platform will increase the incentives for crime. Additionally, Motorola competitors may move away from Android, potentially making them less likely to update vulnerabilities.”

For software developers, device makers and operators, mobile security is growing concern as users rely on their phones and tablets more and more for confidential business and mobile banking.

“This year we’ve seen the cat-and-mouse game pitting banks and law enforcement agencies against online criminals go mobile,” says Sean. An attack on a European bank was driven by the SpyEye mobile malware working in combination with a PC banking Trojan to take advantage of the growing use of SMS messaging in online banking for one-time passwords.

“It’s easy to forget how much confidential data is stored on a smartphone,”Sean explains. “But criminals never forget. We’re seeing mobile malware that has the potential to steal even steal the photos on your device. Smartphone owners and developers need to be aware that they face many of the same threats as PC users in addition to new, unprecedented privacy issues.”

Here are six steps you can take right now to protect your smartphone.

Cheers,

Anna

* The survey was carried out by F-Secure via SurveyGizmo during April and May of 2011. 602 smartphones were solicited from around the globe through F-Secure’s Facebook and Twitter. F-Secure asked respondents a series of questions about how they used their smartphones.

CC image by kiwanja.

Tags

#mobile

Rate this article

0 votes

6 Comments

Thank you F/Secure for that very helpfull advice.
Can these criminals take your face reconiction from photographs on your Iphone??

No instances of mobile malware for iOS pulling off something like that yet, as far as I know. It would likely require a jailbroken phone and some innovative software.

[…] may first appear harmless, then dig into your private information. Mobile banking trojans can now install themselves with the help of phishing sites that ask for your phone’s identifying infor…. Other apps can even act as a fake installer to get access to send premium SMS messages from your […]

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like