Security threats to smartphones, tablets on the rise |

Security threats to smartphones, tablets on the rise

Barry Gooden likes to experiment with cell phones, so when a friend showed him a program that could sneak like a thief into his wife’s iPhone, he thought he’d give it a try.

Her Bluetooth, the wireless connection that allows people to use earpieces and other devices with their phone, was on. The program on his phone did the rest.

“It made all the contacts start jumping over to this phone,” said Gooden, who lives in Viera, Fla.

People blithely use their phones and iPad-like devices to download applications, communicate wirelessly and surf the Internet. Threats to cell phones and iPad-like devices are uncommon now but are expected to increase, experts say.

“What I do is I make your phone (dial) a few premium-rate numbers at ‘X’ dollars a minute,” said Richard Ford, director of Florida Tech’s Harris Institute for Assured Information, “and I immediately make the money from that.”

It’s not just a theory. Security software company Kaspersky Lab recently pointed out a malicious program that targets Google’s Android operating system for phones. A link on adult sites prompts users to download a media player that requests permission to send text messages. Then it begins sending those messages at $6 a pop to a premium number.

“A lot of people who get hit don’t really know or don’t really care or only work it out when the bill comes,” Ford said of such exploits. “I think it’s still pretty rare, but it’s coming.”

Tech research company Gartner reports that systems in need of mobile protection “vastly outnumber” sales of mobile data protection products.

Companies are trying to meet that need. Symantec, for instance, offers Norton Mobile Security for Android, which protects a smartphone against threats and can disable the device if it’s lost or stolen.

“You kind of have your digital life on these digital devices,” including e-mail, photos, contacts, account information and the ability to log in using stored passwords, said Mark Kanok, Norton Mobile Security group product manager.

Phones are more like computers than ever, with similar vulnerabilities, many of which rely on user actions. And all of those bad things on the Web now have a new target as these mobile devices surf the Internet.

“If somebody can send me an e-mail or a text message or a Facebook message or some sort of message with a link in it, and then you can click on that link and open up a browser page within some sort of portable device or mobile device, you’re subject to the same type of risks,” Kanok said..

Experts say users have to balance functionality and risk. They should keep phones updated with the latest software and security patches.

While Ford admits he’s “paranoid, for good reason” and prefers a real bank teller to online banking, he’s optimistic that security will get easier for users.

“We don’t expect the driver of a car to be a mechanic, but we kind of expect the operator of a computer, whether it’s a cell phone or a desktop, to be a system administrator,” he said. “I think we’re entering the age of appliances, where we remove some of the expertise requirements for the user.”

Though caution is in order, the tidal wave of mobile attacks isn’t here. Yet.

“I think the sense that we all have is we’re just waiting for the floodgates to open,” Ford said.

p class=”subheadrule”> Mobile security tips

Here are some tips for keeping your mobile gadget secure:

– Be careful which apps you download and don’t grant a new application functionality that it shouldn’t need.

– Be wary of links in messages, e-mails and Facebook unless you absolutely trust them.

– Always check your cell phone bill for unusual data usage.

– If available, install mobile security software that blocks malware and can find or shut down your phone if it’s lost or stolen.

– Keep your phone’s software updated to protect it from the latest threats.

– Make sure you know where your Wi-Fi originates before logging on.

– When on a wireless network, be sure your e-mail uses SSL (Secure Sockets Layer) encryption, and use only secure websites for transactions.

– Don’t leave your Bluetooth on all the time if you don’t need to, and keep it in hidden/non-discoverable mode.

– Enable screen locking on your phone, and don’t use a simple unlocking code.

TribLIVE commenting policy

You are solely responsible for your comments and by using you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.