Now spies hidden in your mobile device

By Steve Elwart

Phone1
With worldwide shipments reaching 2.1 billion units by the end of this year, smartphones have become an essential took in the minds of many.

But with their record of the user’s location, spending habits, banking information, credit cards, passwords and photos, mobile digital devices also have come a major target for hackers.

Mobile devices are hacked in three ways.

Device loss or theft

Losing a mobile device is so common that many IOS and Android finder applications have sprung up. They will not only locate a lost phone, but they can also lock the device and wipe its memory remotely. However, while the apps are often loaded on the devices by the manufacturer, many users either do not use the feature or use an easily guessed password, such as “1234.”

Users should activate the feature on their devices and enter an unlock code that is hard to guess. Many devices have a feature that automatically wipes the data if an incorrect password is attempted a certain number of times.

Unsecured networks

Another vulnerability for mobile devices is unsecured networks in public places such as airports, train stations and coffee shops. Many users take a chance on using the networks, because data access to cell networks in can be poor.

Users should access such Wi-Fi networks with caution. There are many fee-paid networks and facility-based networks available that are more reliable.

Malware intrusions

Mobile apps have been termed the “wild west” of modern technology. In 2012, more than 53 billion applications were downloaded to mobile devices. In 2016, that number is expected to grow to more than 200 billion.

It is estimated that 70 percent of malware attacks were experienced by Android devices and 14 percent by Apple iPhone users. While Android devices still run a higher risk of infection than IOS devices, they both are vulnerable. Most mobile apps can be hacked in as little as three minutes, and the cost of these intrusions is expensive. In an IBM 2014 Cost of Data Breach Study, the average total cost of a data breach for business and personal mobile devices was $3.5 million.

Malware can find its way onto a mobile device through a variety of methods, but a new study by the security agency Blue Coat determined that advertisements were the main way for malicious content to be loaded. An ad for a vitamin supplement may look harmless, but clicking on it may open a gateway for malware.

Security analysts believe that one in every five times a user accesses the Web, he is directed to mobile malware from a site, usually though a Web ad. The functionality that allows a user to donate money to a charity through an ad is the same system being exploited by hackers.

What makes this type of malware so dangerous is that it is inadvertently loaded onto devices through legitimate sites and may not appear initially to be malicious. The “malvertisements” may contain Trojans that infect the devices when they are activated.

Another type of common malware is a keylogger, which tracks keystrokes, enabling a hacker to steal user names, passwords, credit card numbers and other private data. A new “keylogger” flaw has been on iPhones. Security professionals say the keylogger runs in the background, usually unknown to the user. It requires advanced hacking skills to exploit and may have been developed by organized crime or a government agency.

Health-care apps also provide access to patient information records, including Social Security, employee ID and credit card data.

Even the new wireless payment apps are not immune to attack. Apple Pay and Google Wallet’s competitor, CurrentC app, was hacked, and user email addresses may have been stolen. This type of activity may put a significant damper on the emerging and lucrative wireless payment market.

As the Edward Snowden revelations showed, government agencies are also complicit in spying on users via mobile devices. It’s just not the U.S. government that is hacking into mobile devices. The Indian Air Force has branded the top-selling Chinese Xiaomi mobile devices a threat due to alleged spying by the Chinese government as well as hidden spyware apps targeting protesters in the pro-democracy “Occupy Central” movement in Hong Kong.

Governments are using malware to turn mobile devices into personal intelligence agents, eavesdropping on conversations and accessing the device’s camera, even when the device is turned off.

The world’s most secure phone?

Users who are concerned about security could try a mobile device promoted as the world’s most secure. The Blackphone uses a proprietary operating system called PrivatOS which is based on the Android operating system but is focused on security.

But while the manufacturer claims it’s the “world’s most secure mobile device,” it’s also subject to attack.

Last August, it was announced that the Blackphone was hacked. Blackphone’s PrivatOS operating system has been updated since the hack, but the news may give a user second thoughts.

Mobile users should always avoid clicking on ads when Web surfing. Ad-blocking apps exist for both Android and Apple devices, and browser settings can be adjusted to prevent pop-ups for ads. Also, downloading the newest version of operating system software will help protect a device from hackers. The updates usually contain security patches and new features that can protect a device from attacks.

Malware apps can be found at less-than-reputable, third-party app stores, which emphasizes the importance of sticking to legitimate providers such as Apple, Google Play and Amazon. While not 100 percent safe, these stores scan their uploaded apps for malware.

Frequently updating passwords will also put up another barrier to hackers. There are password-manager apps available for mobile devices that can generate complex passwords, remember them for you and log you into accounts automatically, eliminating the need for keystrokes that can be recorded.

Mobile malware will continue to be a threat to users both in the business and home environments. While it is impossible to stay completely ahead of hackers, some simple precautions can make things more difficult for hackers and possibly entice them to look elsewhere.

Steve Elwart

Steve Elwart, P.E., Ph.D., is the executive research analyst with the Koinonia Institute and a subject matter expert for the Department of Homeland Security. He can be contacted at [email protected]. Read more of Steve Elwart's articles here.


Leave a Comment