Why our smart­phones need hack­ing pro­tec­tion

Smart­phones are in­creas­ingly car­ry­ing per­sonal fi­nan­cial data – an at­trac­tion to hack­ers

The Hamilton Spectator - - COMMENT - HOWARD RABB Howard Rabb is a Hamil­ton-based en­tre­pre­neur.

We’ve all been trained that we need to in­stall an­tivirus soft­ware on our com­put­ers, and most of us are now do­ing this. Ev­ery De­cem­ber I get a call from my fa­ther-in-law telling me his virus pro­tec­tion is about to ex­pire and I walk him through up­dat­ing it for the next year. This is great be­cause it means the mes­sage is fi­nally out there. While we’re all get­ting bet­ter about pro­tect­ing our home com­put­ers from hack­ers we are dread­fully bad about do­ing so for our smart­phones.

If you have a rea­son­ably cur­rent iPhone, chances are your phone is up­dated to the lat­est ver­sion of iOS and you are (for the most part) good and se­cure. But if you’re like me and use an An­droid phone, chances are, your phone hasn’t been up­dated for a while. While Google con­tin­ues to im­prove An­droid ev­ery year, these up­dates do not al­ways get sent out by the cell­phone man­u­fac­tur­ers, and if they do, there is no guar­an­tee your cell­phone car­rier will send it to you, or even make it avail­able. In­ex­pen­sive cell­phone man­u­fac­tur­ers are some of the worst of­fend­ers, but even the big guys like Sam­sung get ac­cused of drag­ging their heels on up­dates.

Why does this mat­ter? What pos­si­ble good could come from break­ing into some­one’s phone? The an­swer is that the smart­phone in your pocket is get­ting more and more pow­er­ful ev­ery year. That makes it an at­trac­tive tar­get for a cy­ber­at­tacker. A ma­li­cious user can chain to­gether many thou­sands or even mil­lions of phones and con­trol them from a sin­gle point. This is re­ferred to as a bot­net. These bot­nets that can pose a huge threat to our telecom­mu­ni­ca­tions in­fra­struc­ture.

Last Septem­ber, a re­search pa­per pub­lished at Ben-Gu­rion Uni­ver­sity of the Negev en­ti­tled 9-1-1 DDoS: Threat, Anal­y­sis and Mit­i­ga­tion caught my at­ten­tion as I had never con­sid­ered how a cy­ber­at­tack on our 911 sys­tem might take shape. The pa­per showed how as few as six thou­sand phones could take down the 911 sys­tem in a state the size of North Carolina.

A group of hi­jacked phones in an area could be used to make re­peated calls to 911 and this at­tack would lead to an over­load of the sys­tem that could in­ter­rupt ser­vice for days. Part of the rea­son for this is an FCC re­quire­ment that all 911 calls must be routed re­gard­less of where they come from. Ba­si­cally, a cell­phone can call 911 even if it’s not an ac­tive phone with a cel­lu­lar plan.

In Canada, the CRTC is cur­rently look­ing at ways to im­prove the 911 sys­tem and is ac­tu­ally look­ing at vul­ner­a­bil­i­ties to en­sure we don’t ex­pe­ri­ence a ma­jor dis­rup­tion, but a po­ten­tial 911 at­tack is only one pos­si­ble use case for tak­ing over a group of phones.

Your per­sonal in­for­ma­tion, photos, videos, emails, call logs, phone num­bers, and even lo­ca­tion his­tory are all stored within your phone. With Ap­ple Pay now sup­ported by most Cana­dian Banks and An­droid Pay com­ing soon, our fi­nan­cial de­tails will also be at risk if our phones are not se­cure.

As most of these phones are sold by our fed­er­ally reg­u­lated mo­bile phone com­pa­nies, I would sug­gest that it is time for the CRTC to step up and re­quire our reg­u­lated mo­bile car­ri­ers to pro­vide soft­ware up­dates for a min­i­mum of three years af­ter the sale of the phone. This would en­sure the only hand­sets sold would be from man­u­fac­tur­ers that prom­ise to pro­vide these up­dates, and would pre­vent car­ri­ers from sell­ing prod­ucts that are about to be dis­con­tin­ued leav­ing a pur­chaser with an out­dated and inse­cure

Your per­sonal in­for­ma­tion, photos, videos, emails, call logs, phone num­bers, and even lo­ca­tion his­tory are all stored within your phone.

phone for the life of that con­tract.

The CRTC has not had to think a lot about this type of se­cu­rity in the past, but with nearly ev­ery one of us walk­ing around with a net­worked com­puter in our pocket that if used in­cor­rectly could cause se­ri­ous harm to our telecom­mu­ni­ca­tions sys­tem, it may be time for them to look closely at this is­sue go­ing for­ward.


Most of us don’t know it but our smart­phones need pro­tec­tion just like our com­put­ers do.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.