Proliferation of smart phones :
To say that we are constantly surrounded by advanced
technologies would be a cliché. What would be even more clichéd is the fact that
every day we see, hear and read about some new development in the field of
information technology. This may be about the next generation televisions or the
newest Apple ‘i’ product or the latest handheld device or other
products/services. These developments have not only made our lives a little bit
easier (A LOT easier if you ask me), they have made us more efficient at the
things we do best (or ‘handicapped’ due to technological innovation as a
naysayer would prefer to say).
In this connection, mobile phones have become increasingly
popular and more affordable over the past few years and thanks to Android,
Blackberry and the iPhone, smart phones are in demand. In fact, a majority of
the mobile devices that are purchased worldwide are a type of smart phone.
People have now started realising that these smart phones are in fact miniature
computers. They run a variant of computer operating systems such as Linux
(Android), Mac (iPhone), and Windows (Windows Mobile), and can do pretty much
anything that a computer can do. Most smart phones also pack powerful
processors, a hefty amount of RAM and a lot of storage space — in some cases up
to 48 Gigs ! (it all depends on the size and depth of your wallet). The downside
is that even though a smart phone is a handheld computer, most users don’t treat
it the same way as their computer at office/home.
Duh ! ! ! ! So what’s the point ? ? ? ?.
Well, to start with, bet you didn’t know :
More than 54 million smart phones were shipped worldwide in the first three
months of this year, a 57% jump from a year ago, according to research
reports.
Less
than 40% of the users (as per recent surveys) follow the practice of securing
their smart devices. As a natural corollary, the vast majority doesn’t even
bother securing their mobiles, PDAs or smart phones by using, and regularly
changing, a password or PIN.
The
information that many of us keep on our mobile phones : phone numbers,
addresses, birthdays and even bank account numbers, is the just the kind of
information which, in the wrong hands (half-robinhoods), can be used to
perpetrate frauds (which would include re-creating your identity — please
refer to my write-up on Facebook frauds — Stranded in London).
It
isn’t just the user of the phone who is at risk, but also the organisations
they work for (especially since many of us use the same device in both our
work and personal life). The reality is that any gadget that has access to the
Internet presents a risk to an organisation if the user doesn’t secure the
device properly.
Smart phones are very susceptible to being hacked and catching viruses, in
some ways even easier than a computer.
All
of the above facts are not lost on cyber criminals.
If you still think the above is the stuff we see only in
Hollywood thrillers, then read on.
Smart phones the weak link :
Most people purchase their mobile devices solely based on the
number of ‘cool’ applications that it can run. The more apps the better,
right ? Wrong. Cyber criminals love this idea of an ‘Application
Market’, ‘Store’, or whatever one may want to call it, because now they can
transmit malware easily throughout the world without having to put forth any
effort at all. All you need to do is download an infected app and BAM ! Your
phone is infected.
In January 2010, a mobile application developer (who goes by
the name of ‘Droid09’) uploaded a malicious application to the Android App Store
that posed as the ‘Official First Tech Credit Union’ banking application. This
application was nothing more than a way to steal personal information like
banking logins and passwords. Eventually, the application was removed, but not
before a few customers felt the effect of this rogue application.
Similar to this a Trojan malware virus directed at smart
phones running Google’s Android operating system. The Trojan, named Trojan-SMS.AndroidOS.FakePlayer.a,
infected a number of mobile devices. Once installed on the phone, the Trojan
begins sending text messages, or SMS messages, to premium rate numbers — numbers
that charge a fee — without the owners’ knowledge or consent, taking money from
users’ accounts and sending it to the cyber criminals.
In both instances of a Trojan on the Android platform was
mainly affected only by spyware (a software that obtains information from a
user’s device without the user’s knowledge or consent), and phishing attacks (a
process used by cyber criminals to acquire a user’s personal information by
masquerading as a trustworthy entity in an electronic communication). Needless
to say that the motive behind this attack was profit.
(while I have cited 2 instances of Trojans on Android, let
me assure you there are equal or more on the other systems. Press reports
suggest that there are as many as 500 viruses and many which are capable of
attacking the all the popular platforms.)
News reports suggest the proliferation of smart phones is the primary contributor (thats like saying marriage is the root cause of divorce). And now with smart phone use becoming more widespread, the bad guys are looking at web browsing and the downloading of web applications (apps) as two ways to attack Android handsets, iPhones, BlackBerrys and Windows Mobile smart phones and spread those malicious web apps. Some of these viruses are rumoured to have the capability of harvesting or erasing stored phone numbers and text messages and retrieving information that can be used to disclose a user’s location.
The rising tide:
According to a well-respected security firm, the reason there haven’t been more mobile phone attacks is because Windows XP computers are still the easiest devices to exploit. And although Microsoft no longer supports it, the Windows XP operating system is still extensively used throughout the world. But as XP disappears, the cyber crooks will begin looking to smart phones, because it’s easy to make money exploiting them.
While smart phones running any operating system can be targeted, speculation is that those running the iPhone, Android and Symbian operating systems will be the targets of choice for the criminals. This is because they are the most commonly used. So far attacks on smart phones have mostly involved tricking users into clicking on a link and divulging personal information. But one can expect to see mobile smart phone worms, a form of malicious software, that replicate and automatically spread to everyone listed in a phone’s address book. Such a worm could spread an infection worldwide in only a couple of minutes.
Mainstream security firms are predicting that in 2011 smart phones are likely to be attacked by more malware, sophisticated data stealing Trojans. These attacks could be launched by targeting social networks, HTML 5, stealing digital certificate (like Stuxnet), among other things.
In conclusion one can say that viruses and other malware have long been a threat to computers only. But as smart phones become too smart (for their own good), the bad guys are likely to target them more and more with viruses. And as has already happened with computers, the smart phone assault is expected to be led by cyber criminals aiming to turn a profit. Characteristically, there seems to be a lag between adopting new technology and taking the appropriate action to secure it. Simply put, first we embrace it, then we become aware of the potential risks it may bring, and only after that do we make the effort to secure it in order to better protect ourselves. We went through the same cycle with the introduction of email and learning the value of anti-virus and anti-spam protection, and more recently with social networking (and the need to be careful about what information you make publically available). We are now going through that cycle with Internet-enabled mobile devices.
The risk increases significantly when you consider that a vast majority of employees in any company use at least one self-purchased technology device at work.
The sad part is that many organisations have not yet caught up with the security protection and policies that the latest mobile gadgets require.
As a parting shot, just think about it: There are more phones on the planet than computers. And it’s easier to steal money from phones. Are you prepared to deal with this eventuality?