Is your phone at risk from cyber-criminals?
Published: 12th Nov 2010 17:04:09
While malicious software for smartphones is on the increase, it could still be human error that creates the easiest opportunities for cyber-crime.
Ever since phones became "smart", there has been concern that they could become riddled with malicious, self-replicating viruses and worms just like their less portable PC relatives.
So far however, the expected deluge has not happened. Cyber-criminals are not flooding smartphones with malware.
"The organisations or bad guys are looking for money," says Tony Osborne of online security firm Symantec.
"I think as we see mobile phones used more as a method of purchasing or creating financial transactions, then we're going to see far more attacks."
But the sector is growing quickly. Market analyst Juniper Research says that over 200 million people worldwide will have used banking services on their phone by the end of 2010, doubling to 400 million by the end of 2013.
While this makes for an increasingly enticing prospect for hackers, the current problems faced by users are often a little less hi-tech.
Over two-thirds of smartphone users are leaving themselves vulnerable to opportunistic identity fraudsters by users still leaving their phone without a pin or password, according to the government-supported GetSafeOnline.org.
And even then, the phone is still at risk.
"It isn't too difficult to break into a phone, you can just try every number from 0000 to 9999," says William Buchanan, professor of computing at Edinburgh Napier University.
"I think one of the major problems is that people don't realise how much information is on the device."
And it is not just what you have on your phone, but how ease of use has often superseded the need for security.
"This means that if someone else had your handset, they can access and use your profile without needing to know your password. In addition, if you synchronise your handset with a PC at home, they'll be able to access all of that information too."
But what about those criminals trying to get to your handset remotely?
"Attackers already have the tools to write the malicious code they need," says Mr Osborne.
"The new generation of smartphones are all geared towards downloading apps which are written by other users, using software development kits."
In August, BBC technology journalist Mark Ward decided to find out if it would be possible to use these tools to write an application which posed as a simple game but in the background silently stole the phone's contact list and e-mailed it to a predetermined address.
"I think the big surprise was how straightforward it was to put the spyware together," he says.
"We were expecting to really sweat over the nasty bits, but all the bits we used are standard parts of all the applications you get on your phone. So there was no part of the phone that was cut off from those basic standard bits of coding."
Mark never made the application available but some malicious programs have been found in the wild.
Even for those not using their phones for full-on finance, there are ways for cyber-criminals to make money directly from malware.
A malicious, self-replicating virus called Commwarrior, which targets the Symbian operating system on Nokia handsets, arrives as a multimedia message.
If you click on it, you will run malicious code which scans your contact list, and sends a copy of itself to everyone it finds. Discovered in 2005, while worrying for experts, it failed to have the widespread impact that was once feared.
Also, an application for Google's Android operating system targeted users in Russia who thought they were downloading an adult video player.
Although it seemed to do nothing once installed, an examination of the source code revealed it was actually designed to silently send text messages to premium rate numbers owned by the bad guys. Users would be charged and the criminals would take the profits.
So how can you be sure that an app you download isn't doing something untoward in the background?
"I think the problem is that you can't assume that every application that wants access to your contacts is suspicious," says Mark Ward.
"Take games for example. If you want to play a multi-player game via your phone, it needs to know your location, it needs to know your friends' locations and it needs to be able to bring you together to play with those friends - that's not suspicious."
The mobile operators advise not to download apps directly from the web but stick to the official application stores provided by the five different platforms - these only contain applications which have been pre-vetted.
So far, there have been no reports of malware getting through this vetting procedure but with thousands of apps to check and source code for each running into thousands of lines, no operator can absolutely guarantee that their vetting procedure will always be foolproof.
Around 25 new pieces of smart phone malware are being discovered each week. While this is miniscule compared to the PC malware landscape, some companies have already launched antivirus products which scan and remove bad apps from the phone.
However, one of the most profitable and effective mobile phone scams is not a virus or even a malicious download.
It is a spam text message which asks the recipient to call a premium-rate phone number.
But the biggest threat to your smartphone is its portability and tendency to go missing.
There are apps however that can help you remotely wipe its memory or find it, so all may not be lost after all.
Harvard CitationBBC News, 2010. Is your phone at risk from cyber-criminals?. [Online] (Updated 12 Nov 2010)
Available at: http://www.ukwirednews.com/news.php/107604-Is-your-phone-at-risk-from-cyber-criminals [Accessed 22nd May 2013]
At 07:48:08 in ScotlandA man is in a serious condition in hospital after being rescued by firefighters from a river bank....
At 07:45:17 in WalesComplaints about abandoned horses and ponies quadrupled in some parts of Wales last year....
At 07:40:36 in BusinessEnergy supplier SSE has reported a rise in annual profits despite disruption from bad weather and a fine from regulators....
At 07:20:42 in ScotlandScotland's first charity-funded air ambulance helicopter has gone operational....
At 07:20:25 in Northern IrelandA 26-year old man has been arrested over the death of a homeless man at an apartment complex in Cork last week....
At 07:20:20 in EnglandA building that has stood empty for almost five years after being bought as a new headquarters for Hampshire Constabulary is to be sold....
At 07:20:15 in WalesThe first minister is to signal further cuts to Welsh public spending, warning of "painful" decisions ahead....
At 07:05:39 in Northern IrelandJust 10% of Lower Lough Erne will be affected by restrictions put in place during the G8 summit, an audience in County Fermanagh has been to...
At 06:57:42 in WorldPakistani politician Imran Khan has been discharged from hospital two weeks after falling from a platform at an election campaign rally. ...
At 06:56:17 in WalesThe defence case in the trial of the man accused of murdering five-year-old April Jones is expected to begin later....
News In Other Categories
More than 50 English beaches have met tough new EU standards to receive Blue Flag awards, recognising their high standards and water quality...
Trevor Bolder, the bassist in David Bowie's legendary 1970s backing band Spiders From Mars, has died from cancer at the age of 62....
Indian fast bowler S Sreesanth, arrested last week over allegations of spot-fixing in the Indian Premier League, has insisted he is innocent...
Plans for major changes to the way some specialist hospital care is delivered in south Wales will be unveiled later....
A man is in a serious condition in hospital after being rescued by firefighters from a river bank....
A building that has stood empty for almost five years after being bought as a new headquarters for Hampshire Constabulary is to be sold....