Smartphones are a Growing Vector for Cyber Attacks

Thursday, July 12, 2012
By: Angela Render

For those of you who took my webinar on cyber security you’ll recall that I predicted that smartphones would be one of the fastest growing vectors for cyber attack. According to security firm Trend Micro, I was spot on in that prediction.

The firm had predicted that it would delete around 11,000 malware samples from droid OS smartphones in the second quarter of 2012. They ended up deleting 25,000, more then double their prediction. They now predict that the number will grow exponentially as the year progresses.

We didn’t get a chance to go into smartphone security much in the webinar due to the time constraints. We mentioned that the phones are used for email, web surfing and text messaging much in the way our computers are, which leaves them vulnerable to compromises similarly to a desktop (infected file attachments, infected websites, links to infected sites etc.) What we didn’t talk about was the method of infection that is the fastest growing for Android OS phones: malicious apps made available for download on Google’s Play store. There were around 5,000 new malicious apps found in the first quarter of 2012, and security experts predict that since this vector of attack is extremely lucrative, it will accelerate.

Don’t think you iPhone users are immune. InformationWeek reported on July 9th that a malicious app made it past Apple Censors and into the Apple App store as well as onto Google Play.

Practicality often trumps security and in this instance, I think the usefulness of smartphones will win out. So here are some steps you can take:

Prevention

• Follow all of your security best practices for your network when using your smartphone.
• In addition, these latest infections are coming primarily from downloadable apps. We use these apps for entertainment, as well as to help us do business better. Be careful what you download. Read the reviews. Get referrals, but make sure you trust the source of the referral—and of the review for that matter. Research the app developer and the app itself.
• Read what permissions the app wants in order to run. Games have no business accessing your contact list. If a game is asking for permission to access things you know it doesn’t need to run, reconsider the installation.
• On that same note, one of the more clever hacks comes from apps where the initial installation is on the up-and-up, but future patches and upgrades to the app install the malware. Always watch those permissions.
• Look into antivirus and malware scanners for your phone.

Vigilance

• Be mindful of how your phone is operating. Has it suddenly started crashing? Has a friend of business acquaintance asked you about a strange text they received from you, but that you know you didn’t send? Is the phone acting flaky or sluggish?
• Make a habit of checking what programs are running on your phone. Look under Settings > Applications > Running Applications (or something similar). Are there apps running all by themselves?
• If you notice something’s not right, take your phone in for a check-up.

Mitigation
Life happens. You need to constantly plan to mitigate any damage caused by an accident.

• Delete apps that you don’t use.
• Keep your contact list as clean as possible.
• Don’t allow your phone to download your Facebook or Google+ contact list and vice-versa.
• Clean out old emails, photos, and text messages.
• Don’t save usernames and passwords into your phone.

I know it’s one more thing you need to be aware of, but once you get in the habit of asking the paranoid questions and listening to the answers, safe smartphone will not take up much of your time and could save you embarrassment as well as money.