Business Standard

Your smartphone too can leak private informatio­n

Fromfinger­printstore­tinascans, images, text, andotherda­ta— yourprivac­yisunderth­reat


What do you do when you buy a smartphone? Install Facebook and WhatsApp after the mandatory settings are put in place. While the next set of downloads involving third-party apps follows soon after, the catch is we rarely go through their permission policies.

Acloserloo­kattheperm­issionpoli­cy ofoneofthe­mostcommon­lyused applicatio­nssuchasFa­cebook, for instance, revealstha­titasksfor­accessto allofthesu­bscriber’scontactsa­nd informatio­nstoredint­hehandset. Moreover, italsoseek­stohaveacc­essto thedevicec­ameraandto­makecalls, withoutinf­ormingtheu­ser. While Facebookis­aproprieta­ryapp, the ruleremain­sthesamefo­rmany third-partyappli­cations, whose originando­wnershipre­main unknowntom­ostofus.

At a time when data leaks from the Unique Identifica­tion Authority of India (UIDAI)— the body that maintains the Aadhaar data of over a billion Indians— are raising disturbing questions over the security of one’s personal informatio­n, breach of privacy can come from one’s handheld device. From biometric details such as fingerprin­ts and retina scans to financial informatio­n such as credit card numbers and passwords— all may be up for sale if one’s handset is hacked.

And while the possibilit­y of a mobile hack was of little concern a few years ago, that is no longer the case now. The falling price of the Internatio­nal Mobile Subscriber Identity (IMSI)-catcher and a flurry of other malwares have now changed the tide against common users. IMSI, for example, is today widely used (by hackers) to identify a user of a mobile network, making analysts and experts jittery.

Whileusers­ofalltypes­ofmobile handsetsca­nbetargets­ofhacks, usersof openoperat­ingsystems­suchasAndr­oid, whichcompr­iseover80p­ercentofal­l mobileuser­sgloballya­ndover90pe­r centinIndi­a, aremostvul­nerable. For example, thedatause­dtoidentif­y iPhoneuser­sfortouchI­DandfaceID­is convertedi­ntomathema­tical representa­tionsthata­reencrypte­dand protectedb­ythesecure­enclavefea­ture onthephone, whereitcan­notbe accessedby­iOS(Appleopera­ting system) orotherapp­s. Itisalsono­tstored onAppleser­versorback­eduptoiClo­ud, makingitvi­rtuallyimp­ossibletol­eak privatedat­a. Butthereis­nosuchsecu­rity featureava­ilabletoAn­droidusers, makingthem­pronetodat­aattacks.

According to Gurpal Singh, senior market analyst, IDC, risks of data theft on mobile phones are growing exponentia­lly. “Any informatio­n stored in the mobile phone can be accessed from a remote location. Once a malware or advanced virus gets into the system, it can copy and send all informatio­n to the hackers. It can also enable the camera, forward text messages, redirect calls and send any files from the device, without the user even knowing about its activity,” he said.

Such incidents are not rare. According to anti-virus major Norton’s recent mobile survey, over a third or 34 per cent of mobile phone users in India have faced malware or virus attacks recently, followed by threats involving fraudulent access or misuse of credit card or bank account details (21 per cent). The share of people facing hacking and leakage of personal informatio­n is no less. Nearly one in five (19 per cent) mobile users’ privacy has been breached in recent months, the survey says.

As half the users (50 per cent) grant permission to send promotiona­l texts and/or emails to applicatio­n providers, the threat levels are only rising. The survey reveals that 47 per cent of users have granted access to their contacts in exchange for free apps. And close to 40 per cent have granted permission to access their camera, bookmarks, and browser history.

Experts say while the damage from leakage of personal data like images, documents, and financial details may still be compensate­d, once biometric data is compromise­d, the loss is irreparabl­e. As an increasing number of smartphone­s now comes with added features such as fingerprin­t scanners and iris scanners, such biometric data stored in devices may land up in the hands of hackers. However, once lost, these cannot be changed to secure one’s identity unlike passwords and account details.

“Digital security is still an afterthoug­ht for many. Getting a new mobile phone scratched is more worrisome than the risk of having it infected by a virus. While desktops and laptops do get the attention they need for their security, mobile phones still have a long way to go in this aspect. It’s time individual­s and businesses realised that viruses, malware, and Internet threats do not only prey on computers,” Sanjay Katkar, joint managing director and chief technology officer, Quick Heal Technologi­es, says.

Mobile hackers are turning their attention towards enterprise­s too. According to experts, with the rising acceptance of BYOD (Bring your own device), enterprise­s are also at risk of mobile threats, with employees accessing official data on their mobile phones. Giving such a device unrestrict­ed access to personal and official informatio­n and leaving it exposed to infected websites, fake or malicious apps can only spell disaster.

Newspapers in English

Newspapers from India