Nidhi Rastogi ,A Security Consultant with Logic Technology Inc, New York share her Views about the Mobile Security and Lack thereof . The Article is taken from our September Month Magazine Edition .Here we go..
Mobile technology, particularly smartphones, has come of age and is increasingly replacing PCs for internet surfing, emails, gaming and social networking. As per a recent survey by Neilson Media Research, smartphones now comprise over 38% of the U.S. Cellphone Market and will become the majority by end of the year. To meet this growing demand, cellphone companies are fast churning out new models with killer features, latest and greatest in technology.
With this growth it has also come to attention that security of these devices cannot be left behind. Every day a new data breach is making headlines suggesting hackers have gone into overdrive. However, what is of particular interest is that a bulk of them is being attributed to cellphones. Hacking alone accounted for $3.2 billion in losses for the telecom industry, says CFCA.
The culprits are many. Several companies like Apple and Google own online application store that allow 3rd party developers to upload programs that can be made available for download by the users. Many users are deceived into downloading applications that appear to be legitimate. The terms are conditions are loosely defined which makes them easy to accept. Once on the device, the "app" can do a variety of damage, and at times without alarming the user. The App Genome Project by the company Lookout showed that in a study of 100,000 apps for iPhones and Android devices, a substantial proportion contained code which could pose a security risk.
In another recent finding, security researchers at Trend Micro discovered a malware on Android devices that disguised itself as a Google+ app. The app was capable of performing malicious activities like recording phone calls and gathering GPS location, and more. This user data was then uploaded on a remote server. The application called itself Google++, which apparently was overlooked by several customers. It's worth mentioning here that a big factor in the working of a malware is the casual behavior of the user, who fails to pay enough attention when installing a program on their device.
In another report, SMS Android Trojan was hidden inside a movie player app and, once installed, would send out premium text messages. Many such malwares and viruses combined have affected up to 250,000 android devices to date.
The rationale behind making smartphone the target by hackers is very simple. A smart phone today not only stores contacts but also other sensitive information like emails, pictures, and more. And in the case of some devices, a history of user visited locations with timelines. The faster and improved cellular networks and Wi-Fi capability have made handheld computing very convenient, making it a widely accepted product. Hence, it has attracted the attention of hackers with malicious intent.
This increased visibility has, however, put pressure on software companies as well as hardware manufacturers to provide security features and configuration options. Facebook now offers its users secure logging via SSL on their wireless devices by activating an account setting. Twitter followed suit by enabling "always-on SSL" and thereby keeping user data secure even when connected through a public Wi-Fi.
The users too need to be vigilant of their devices. In case of a lost device, remote erasure of data or locking of the device is recommended. An alternative is to trigger the remote kill switch which will render the phone dead. If the device contains sensitive information, it is recommended to store digital assets in encrypted folders. Other simple tricks include keeping the Bluetooth off and in non-promiscuous mode at all times, unless when in-use. Contacts, photos and videos should be periodically backed-up in a safe location, preferably encrypted. Several anti-virus software compatible with various OS platforms are available for download from online application markets to help make sure that mobile devices are as secure as possible.
Some Real world Mobile Security Issues in Recent News:
- Cross Application Scripting vulnerability in Android browser
- Fake 'Walk and Text' App steals Android user data
- iPhone can be used as spy phone to get desktop Keystrokes
- iPhone Skype XSS Vulnerability Lets Hackers Steal Phonebook [Video]
- Android phones vulnerable to hackers
- HTC Android Vulnerability - Exposes Phone numbers, Gps, SMS, Emails etc
- Android malware - Works on remote commands form encrypted blog
- QR codes - Next way for Android Malware
- More Android vulnerabilities exposed [Video Demonstration]
- SpyEye Trojan stole $3.2 million from US victims,Android users will be next target !