PHONE HACK­ING

Just be­cause you’re not an A- lis­ter doesn’t mean you’re im­mune to phone hack­ing, writes Mau­reen Shel­ley

Sunday Tasmanian - Tassie Living - - Front Page - Mau­reen Shel­ley trav­elled to Sin­ga­pore as a guest of Sy­man­tec.

Why no one is im­mune.

MO­BILE phone hack­ing has come to promi­nence re­cently, but you don’t have to be a celebrity to be a vic­tim of mo­bile at­tack.

As one LifeHacker. com con­trib­u­tor writes: ‘‘ If you are not pay­ing for the prod­uct, then you are the prod­uct.’’

In Sin­ga­pore last week, anti-virus soft­ware maker Sy­man­tec warned smart­phone users that their most-car­ried de­vices were not im­mune to hack­ing and mal­ware more com­monly associated with com­put­ers.

Once Sy­man­tec and its prod­ucts such as Nor­ton and PC Tools were all about anti-virus pro­tec­tion. The prod­ucts now cover se­cu­rity, safety and pri­vacy be­cause users and their per­sonal in­for­ma­tion are now the prod­uct.

Sy­man­tec mo­bile group prod­uct man­ager Mark Kanok says hack­ers gen­er­ally look for three things: Is the plat­form widely used?; is it easy to code or out­source the code?; and can the hacker make money from mal­ware?

The four most pop­u­lar phones are the Ap­ple iPhone, RIM Black­Berry, those us­ing Google’s An­droid op­er­at­ing sys­tem and Microsoft’s Win­dows 7.

‘‘ An­droid stands out be­cause it puts the se­cu­rity re­spon­si­bil­ity with the user,’’ Kanok says.

He says An­droid soft­ware is the most vul­ner­a­ble to at­tack be­cause it uses open-source code, se­cu­rity is user-driven and many users favour con­ve­nience over se­cu­rity.

Ac­cord­ingly, Sy­man­tec has de­vel­oped a pro­gram called Mo­bile Se­cu­rity for phones and tablets us­ing An­droid soft­ware, from Eclair ( v2.0) on­wards.

Threats to mo­bile se­cu­rity come from click­ing on un­so­licited links, vis­it­ing hacked or ma­li­cious web­sites or down­load­ing apps that can take over the phone. Kanok demon­strated pro­fes­sional hack­ing soft­ware avail­able on­line for as lit­tle as $ 1 for a 24-hour li­cence that can be used to make mo­bile phone mal­ware.

Some mo­bile mal­ware can ini­ti­ate calls or text mes­sages to pre­mium-rate ser­vices. Other pro­grams col­lect key­strokes, lo­ca­tions, pass­words, birth dates or phys­i­cal and email ad­dresses. The data is then used to ob­tain ac­cess to bank­ing, shop­ping or so­cial net­work­ing ac­counts and can be used to steal goods, money or in­for­ma­tion. In­for­ma­tion can then be sold or used as a gateway to phys­i­cal theft.

One piece of mal­ware-au­thor­ing soft­ware, DroidDream, pulls le­git­i­mate apps off the mar­ket and in­jects ‘‘ root ex­ploits’’ or ma­li­cious code into them and re­pub­lishes them to the ap­pli­ca­tion store or mar­ket. One such ‘‘ poi­soned app’’ gen­er­ated be­tween 50,000 and 200,000 down­loads within four days, Kanok says.

Kanok also says hack­ers can in­fect app code in min­utes. Though it takes time to de­velop ma­li­cious code, once writ­ten it can be de­ployed in hun­dreds of apps and takes less than five min­utes to in­stall.

To de­ter­mine the spread of the prob­lem, Sy­man­tec an­a­lysed hun­dreds of thou­sands of mo­bile phone apps. It found 62 per cent use in­ter­net per­mis­sions that mean they can send data, 29.7 per cent ac­cess pri­vacy-sen­si­tive in­for­ma­tion such as pass­words or lo­ca­tion, and 18.7 per cent have po­ten­tial to leak sen­si­tive in­for­ma­tion, Kanok says.

So what can you do to avoid your phone be­ing in­fected with mal­ware? Sy­man­tec sug­gests six things.

Users should pass­word-pro­tect mo­bile de­vices, Kanok says, quot­ing that one in three Aus­tralian mo­bile phone users do not. Users should also read per­mis­sion re­quests be­fore in­stalling new apps or app up­grades, look­ing for un­usual re­quests or pleas for money.

Check­ing your phone bill for pre­mium rate calls or un­usual data charges is also im­por­tant, and users should be cau­tious when con­nect­ing to open wi-fi hot spots, es­pe­cially when trans­mit­ting pass­words.

Don’t click on un­so­licited or un­ex­pected links even where they ap­pear to be from friends, Kanok ad­vises.

And con­sider in­sur­ing your phone against theft or loss. Also, you can do the sev­enth thing that Sy­man­tec sug­gests and use mo­bile se­cu­rity soft­ware with anti-theft and anti-mal­ware fea­tures to wipe or lo­cate a lost de­vice and to stop phony and ma­li­cious apps.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.