Just a short decade ago, most online users felt very little threat from any type of outside intrusion by hackers that meant to steal their identities or do them harm. However, in the last 10 years many things have changed regarding how individuals perform their daily routines online and off-line. With recent advancements in mobile technology, many tablets and mobile phones have become the devices we use to connect to the Internet, whether it is for pleasure or for work.
While much concern is given to how individuals connect from their desktops to online financial institutions and other sites that contain personal information, connecting through a mobile device is often not given as much focus. For instance, a recent issue with the Galaxy SIII made it possible to completely bypass the lock screen, granting full access to the device.
A Settled Federal Mobile Security Case
Not long ago, the Federal Trade Commission (FTC) settled with HTC America after a complaint had been filed against them. The complaint was over the software vulnerabilities of all of their mobile products, including Windows Phone, Windows Mobile and Android products.
The FTC addressed the long list of problems that involved the mobile software used to operate HTC products. While many of the issues seem small and insignificant, when grouped together, they created serious security issues that affected every mobile user. In addition to that, the company was cited for their failure to implement the appropriate means to evaluate the security levels in all of the products the company shipped to its customers.
Provided Inadequate Security
Other issues involved the failure to implement adequate security and privacy guidance for its own in-house engineering staff or to provide the required training. The company also failed to conduct reviews, audits, tests and assessments that could help ascertain all of the potential vulnerabilities and security on the mobile devices they sold.
The company also failed in the implementation of addressing many of the security vulnerability reports that were provided through third-party academics, researchers, and the public. Their inaction helped to delay the opportunity to provide a variety of corrections and solutions once the incidents had been reported.
Some of these stated vulnerabilities included non-secured communications, the misuse of application permissions, non-secured application installations, and the insertion of a harmful debug code. The complaint filed by the FTC fully outlines the risks that were developed because of HTC America’s practices.
The settlement surely sent a shiver through the software development industry, especially those that provide mobile software solutions. The precedent set by the federal government and their concern over mobile security seems to have found solid footing. Hopefully, the direct actions of the mobile provider industry will reflect more protection in the products that are shipped to customers.
As a Consumer
As a consumer, most of us do not realize the mobile security threats that lurk every day on our mobile devices, smart phones and tablets. Many of these problems include malware, SMS spoofing, and toll fraud. To the online hacker, mobile cybercrime creates large amounts of money. It is estimated that cybercrime on the Internet caused all consumers over $100 billion worldwide back in 2011. Studies indicate that mobile crime will cost significantly more in the near future.
Once considered to be the crime of desktops and laptops, phishing scams have made their way into mobile technology. Included with that are unsolicited text messages that have the ability to capture personal confidential information. It can also infect the phone with nothing more than an SMS message. The bottom line is that every smart phone requires the same level of protection that a PC or Mac does.
Now instead of using email social engineering to request information, cyber-thieves have incorporated the process into SMS text. The SMS message will likely have an embedded link or provide a phone number to listen to a “voicemail” in an effort to garner personal data.
Installing Spyware on a Mobile Phone
Cyber-hackers that want to obtain information on a child, spouse, employee, or even a rival will often turn to another individual’s smart phone by installing spyware. Many spyware applications have the ability to disguise or hide themselves and will not even show up on the long list of running applications. The application allows the hacker to use GPS tracking to locate the individual, or even activate the microphone or camera to record conversations. So far, most spyware applications need to be initiated using the phone. By keeping it protected with a passcode and only installing applications from official app stores, most would-be hacking or spy action can be averted.
Without most mobile phone users becoming aware, cyber criminals and hackers have apparently found mobile technology to be the next platform to exploit. Through malicious websites, spyware technology, SMS phishing, covert emails, and harmful malware every mobile phone owner should be aware of the problems lurking inside their phone.