Lookout, a mobile security firm, stated “we’ve gone from seeing 4 pieces of malware and spyware per 100 phones per year in December 2009 to 9 per 100 phones per year in May 2010. That’s more than double the prevalence of malware and spyware on smartphones in less than 6 months.”
The phones themselves have put in some protections such as limiting which app stores you can download apps from. Other protections can notify the user what the app will have access to, i.e. Contacts, GPS, or network info.
But how many users actually look to see what that cool app will do before they run it?
Once a malicious application has been activated, it can disable your phone, make toll calls, get your exact location, view your SMS messages, or even turn on the microphone to eavesdrop on your conversations.
Not all applications that pose a risk were designed to be malicious. One such application was designed to remotely take photos; however, it also had the ability to view other folders and even system files and delete them. When the developer was contacted, he replied that he used a piece of code from another app he had made that was designed to be a file explorer and didn’t set the restrictions yet on the photo taking application.
These issues have even been noticed by the FBI’s Cyber Division assistant director Gordon Snow. He was quoted in The Wall Street Journal saying, "Mobile phones are a huge source of vulnerability," and "We are definitely seeing an increase in criminal activity."
None of the smartphones have been immune to attack. Apple, Blackberry, Windows mobile, and Android all have been under siege and the risk will continue to grow as these phones get smarter and more powerful. Companies such as Lookout offer free protection on supported devices. Symantec and McAfee are also getting involved with mobile security. As this threat grows, more companies will follow suit.
Should you stop downloading apps? Probably not; but you should be a little more cautious about what you are downloading. Users are quickly learning not to click links in questionable emails because of phishing attacks; however, the same user will click the link from their phone simply because it is a phone. You must protect yourself, but how?
Securing your smartphone can be as easy as applying simple best practices and common sense. Users need to understand that they are holding more than a phone, and it can fall victim to the same perils as their laptop or desktop. Businesses should ensure a mobile security policy is defined and in effect, to handle such things as the ability to join open WIFI access points, locking the device, if the user can install apps, and encryption policies. Using similar policies as those for your desktop and laptop, you can ensure you are taking the correct approach to securing your mobile device. Anti-malware, anti-virus, and firewalls are available and they may be the options you choose.
Simple steps for a smart user:
• Use common sense.
• Keep the phone and downloaded apps up to date.
• Be cautious of clicking links.
• Use reputable app stores.
• Back up critical data.
Mobile Malware Attacks and Defense