Just because you’re not an A- lister doesn’t mean you’re immune to phone hacking, writes Maureen Shelley
Why no one is immune.
MOBILE phone hacking has come to prominence recently, but you don’t have to be a celebrity to be a victim of mobile attack.
As one LifeHacker. com contributor writes: ‘‘ If you are not paying for the product, then you are the product.’’
In Singapore last week, anti-virus software maker Symantec warned smartphone users that their most-carried devices were not immune to hacking and malware more commonly associated with computers.
Once Symantec and its products such as Norton and PC Tools were all about anti-virus protection. The products now cover security, safety and privacy because users and their personal information are now the product.
Symantec mobile group product manager Mark Kanok says hackers generally look for three things: Is the platform widely used?; is it easy to code or outsource the code?; and can the hacker make money from malware?
The four most popular phones are the Apple iPhone, RIM BlackBerry, those using Google’s Android operating system and Microsoft’s Windows 7.
‘‘ Android stands out because it puts the security responsibility with the user,’’ Kanok says.
He says Android software is the most vulnerable to attack because it uses open-source code, security is user-driven and many users favour convenience over security.
Accordingly, Symantec has developed a program called Mobile Security for phones and tablets using Android software, from Eclair ( v2.0) onwards.
Threats to mobile security come from clicking on unsolicited links, visiting hacked or malicious websites or downloading apps that can take over the phone. Kanok demonstrated professional hacking software available online for as little as $ 1 for a 24-hour licence that can be used to make mobile phone malware.
Some mobile malware can initiate calls or text messages to premium-rate services. Other programs collect keystrokes, locations, passwords, birth dates or physical and email addresses. The data is then used to obtain access to banking, shopping or social networking accounts and can be used to steal goods, money or information. Information can then be sold or used as a gateway to physical theft.
One piece of malware-authoring software, DroidDream, pulls legitimate apps off the market and injects ‘‘ root exploits’’ or malicious code into them and republishes them to the application store or market. One such ‘‘ poisoned app’’ generated between 50,000 and 200,000 downloads within four days, Kanok says.
Kanok also says hackers can infect app code in minutes. Though it takes time to develop malicious code, once written it can be deployed in hundreds of apps and takes less than five minutes to install.
To determine the spread of the problem, Symantec analysed hundreds of thousands of mobile phone apps. It found 62 per cent use internet permissions that mean they can send data, 29.7 per cent access privacy-sensitive information such as passwords or location, and 18.7 per cent have potential to leak sensitive information, Kanok says.
So what can you do to avoid your phone being infected with malware? Symantec suggests six things.
Users should password-protect mobile devices, Kanok says, quoting that one in three Australian mobile phone users do not. Users should also read permission requests before installing new apps or app upgrades, looking for unusual requests or pleas for money.
Checking your phone bill for premium rate calls or unusual data charges is also important, and users should be cautious when connecting to open wi-fi hot spots, especially when transmitting passwords.
Don’t click on unsolicited or unexpected links even where they appear to be from friends, Kanok advises.
And consider insuring your phone against theft or loss. Also, you can do the seventh thing that Symantec suggests and use mobile security software with anti-theft and anti-malware features to wipe or locate a lost device and to stop phony and malicious apps.