Security threats to smartphones, tablets on the rise
Barry Gooden likes to experiment with cell phones, so when a friend showed him a program that could sneak like a thief into his wife’s iPhone, he thought he’d give it a try.
Her Bluetooth, the wireless connection that allows people to use earpieces and other devices with their phone, was on. The program on his phone did the rest.
“It made all the contacts start jumping over to this phone,” said Gooden, who lives in Viera, Fla.
People blithely use their phones and iPad-like devices to download applications, communicate wirelessly and surf the Internet. Threats to cell phones and iPad-like devices are uncommon now but are expected to increase, experts say.
“What I do is I make your phone (dial) a few premium-rate numbers at ‘X’ dollars a minute,” said Richard Ford, director of Florida Tech’s Harris Institute for Assured Information, “and I immediately make the money from that.”
It’s not just a theory. Security software company Kaspersky Lab recently pointed out a malicious program that targets Google’s Android operating system for phones. A link on adult sites prompts users to download a media player that requests permission to send text messages. Then it begins sending those messages at $6 a pop to a premium number.
“A lot of people who get hit don’t really know or don’t really care or only work it out when the bill comes,” Ford said of such exploits. “I think it’s still pretty rare, but it’s coming.”
Tech research company Gartner reports that systems in need of mobile protection “vastly outnumber” sales of mobile data protection products.
Companies are trying to meet that need. Symantec, for instance, offers Norton Mobile Security for Android, which protects a smartphone against threats and can disable the device if it’s lost or stolen.
“You kind of have your digital life on these digital devices,” including e-mail, photos, contacts, account information and the ability to log in using stored passwords, said Mark Kanok, Norton Mobile Security group product manager.
Phones are more like computers than ever, with similar vulnerabilities, many of which rely on user actions. And all of those bad things on the Web now have a new target as these mobile devices surf the Internet.
“If somebody can send me an e-mail or a text message or a Facebook message or some sort of message with a link in it, and then you can click on that link and open up a browser page within some sort of portable device or mobile device, you’re subject to the same type of risks,” Kanok said..
Experts say users have to balance functionality and risk. They should keep phones updated with the latest software and security patches.
While Ford admits he’s “paranoid, for good reason” and prefers a real bank teller to online banking, he’s optimistic that security will get easier for users.
“We don’t expect the driver of a car to be a mechanic, but we kind of expect the operator of a computer, whether it’s a cell phone or a desktop, to be a system administrator,” he said. “I think we’re entering the age of appliances, where we remove some of the expertise requirements for the user.”
Though caution is in order, the tidal wave of mobile attacks isn’t here. Yet.
“I think the sense that we all have is we’re just waiting for the floodgates to open,” Ford said.
p class=”subheadrule”> Mobile security tips
Here are some tips for keeping your mobile gadget secure:
– Be careful which apps you download and don’t grant a new application functionality that it shouldn’t need.
– Be wary of links in messages, e-mails and Facebook unless you absolutely trust them.
– Always check your cell phone bill for unusual data usage.
– If available, install mobile security software that blocks malware and can find or shut down your phone if it’s lost or stolen.
– Keep your phone’s software updated to protect it from the latest threats.
– Make sure you know where your Wi-Fi originates before logging on.
– When on a wireless network, be sure your e-mail uses SSL (Secure Sockets Layer) encryption, and use only secure websites for transactions.
– Don’t leave your Bluetooth on all the time if you don’t need to, and keep it in hidden/non-discoverable mode.
– Enable screen locking on your phone, and don’t use a simple unlocking code.