According to several cyber-security experts, smartphone security threats are looming in the near future.  As more people use their smartphone devices to purchase or download items online, fraudsters continue to keep up with phone-based malware developments that will eventually win them remote access to people’s confidential information like passwords and credit card details.

“Without wanting to sound too alarmist, the more people use their phones to carry out sensitive financial transactions, such as banking or shopping online, the more the same criminal networks that target our computers will start developing ways to attack our phones,” says Rik Ferguson, a cyber security expert.

Malware, short for “malicious software” and also referred to as a “computer contaminant”, takes forms such as computer viruses, spyware, trojan horses, worms and adware.   It is designed specifically to circumvent the security you have installed on your computer to damage or disrupt your system.

“At the moment, the amount of malware out there specifically aimed at mobile phones is thankfully quite low, we’re probably where PCs were ten years ago,” says Sean Sullivan, a security advisor at cyber-security company F-Secure.

But it’s only a matter of time before smartphones become a major security target.  Earlier this year, a SMS and phone-based worm going by the name “Sexy View” infiltrated a mobile user’s contact list and spammed all contacts with a text message directing them to a malicious website.

“It’s the first text message worm ever,” said F-Secure’s Chief Research Officer Mikko Hypponen.  “Mobile phone spam is already a big problem in some parts of the world – eventually it will be an issue everywhere.”

As for when the outbreak is expected to hit smartphones, cyber-security experts say malware writers are waiting on smartphone devices to beef up in processing power and open up its platforms to third-party application developers.  The promised open, user-friendly platforms will spawn a new breed of worms and viruses and is causing mobile malware security vendors concern as they face the challenge of preparing the public for wide-scale attacks.  For smartphone malware to pose a threat of epidemic proportions however, the smartphones vulnerable to malware infections must comprise one-third of the market, and users of those phones have to be swapping executable files on a regular basis.

Security advisors are now warning smartphone manufacturers, carriers and users to start securing their mobile systems in advance.  And while signature-based protection such as an antivirus is vital, protecting your mobile against malware is not about just about detection and removal.  Using a proactive approach that focuses on preventing unauthorized code from running and loading on your mobile is your safest bet.

Here are nine ways you can protect your mobile phone from attacks:

1.) Use the PIN code or pass key feature. All mobile phones are equipped with a PIN code feature to prevent unauthorized users from accessing data stored in your phone’s memory.  Also, without the PIN code or pass key, your phone stays locked, prohibiting unauthorized users from using your phone and racking up phone charges on your account.

2.) Never respond to unknown numbers. In particular, be wary of 5 digit service numbers.  These numbers are being used to send unsolicited SMS text messages for spam and phishing purposes.

3.) Disable Bluetooth when you are not using it. Asides from eating up your battery life, without a PIN setup, leaving your Bluetooth on leaves you vulnerable to:

• Bluesnarfing: Unauthorized users accessing or stealing files from a victim’s device (mobile, laptop, desktop or PDA) from a wireless device through a Bluetooth connection. Through Bluesnarfing, an unauthorized party could access your calendar, contact list, emails, text messages, pictures and videos.
• Bluejacking: Others sending unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers.
• Bluebugging: Unauthorized users taking control of a victim’s mobile and commanding it to do whatever the bluebugger wishes.

4.) Keep the Bluetooth connection on “hidden” mode. When not pairing to another device, always remember to have your phone set to non-discoverable mode.  This prevents other Bluetooth devices from recognizing your device.  Any time your phone is in “discoverable” mode, an attacker can connect to your device and pick up your device’s Bluetooth address (analogous to an IP address) by scanning for your signals.  With your address and given the hacker is within 10 metres of you, they could run malicious code or make the device vulnerable to attacks that would render your mobile temporary or indefinitely malfunctional or unusable.

5.) Be careful where you use Bluetooth. In public wireless areas and “hot spots”, your risk for interception is much greater than if you were in your home or car.

6.) Back-up your phone’s data. It’s wise to backup your device’s data in case your phone gets lost or your data gets corrupted or wiped out.  There are various hardware and software solutions for backing up your cell phone.  Smartphones usually come pre-installed with backup software, which lets you perform basic backup functions like backing up your contact list.

7.) Only download from a trusted source. Always be careful when accepting applications sent via Bluetooth or when opening any attachments in a text message since they may contain harmful software.  Take extra caution when installing applications related to mobile banking.  Only install applications from company’s official mobile Internet site.

8.) Never lend your device to strangers. Only lend your phone to people you trust.  Some attackers will need to physically handle your phone as some mobile viruses require manual installation.

9.) Install additional security software. Like your PC, there are different tools to protect your phone from malware including antivirus, antispyware and firewall software.  Talk to your phone manufacturer or service provider to find out what security solutions they offer.

Sources:

Marcus, David, “Malware is their Business…and Business is Good!”
http://www.avertlabs.com/research/blog/index.php/2009/07/22/malware-is-their-businessand-business-is-good/

Greek, Dinah, “Symantec Report Shows Huge Growth in Malware”
http://www.computeractive.co.uk/computeractive/news/2240340/symantec-report-shows-huge

Phony Facebook profile reference
http://www.mxlogic.com/securitynews/viruses-worms/phony-facebook-profiles-spreading-fake-antivirus-malware826.cfm

Taylor, Jerome, “Hackers Target Mobile Phone Users”
http://www.independent.co.uk/news/uk/crime/hackers-target-mobile-phone-users-1796629.html

For mobile security vendors check out the following site:
http://www.firewallguide.com/pda.htm

Posted in Internet Safety | Internet, news, privacy | |