Under lock and key

We carry miniature computers around with us – but are we doing enough to protect them and our data?
[Article written by Nick Booth, andpublished in The Review, October 2012]

We take them for granted these days, but smartphones are actually miniature computers with more processing power than NASA used to put a man on the moon. Thanks to mobile broadband, smartphones now outsell PCs and laptops because they can do anything that a desktop computer can do - and more.

But while we routinely protect our PCs from viruses and hackers, a third of mobile users have no protection, according to McAfee research. This makes us - and our devices - incredibly vulnerable. If a criminal can plant some software on your phone, they can take control of it, steal all your banking details, spy on you and run up huge phone bills on your account. And with the number of smartphone users increasing by the day and ever more services being created, there is an increasing need for vigilance.

Criminals only need to find one open window for the virus writer, hacker or identity thief to steal everything. So what are the windows of opportunity for criminals and how do you close them down?
The most obvious way to safeguard your privacy is to passcode-protect your phone in case you lose it. Some handset vendors now offer biometric recognition; Motorola, for example, created a fingerprint sensor for the Atrix, its Android mobile phone.

Malware – rogue software used for criminal purposes – is the next biggest threat. Criminals can fool you into allowing rogue software on to your phone when you download apps, respond to texts or visit Facebook. As with desktop PCs, downloading apps from unknown sources is the biggest risk, as they can be conduits for malware.
But it is SMS texting, which is still phones’ most-used feature, that creates a hacker’s biggest opportunity to steal from you. Mobile malware can make your phone send thousands of premium-rate SMS texts and you won’t even know it until your six-figure phone bill arrives. By the end of 2011, there were 130,000 malware apps in existence for Android phones alone, according to Trend Micro, and most were for SMS fraud.

Even legitimate mobile apps have their security vulnerabilities, and cybercriminals are finding these coding weaknesses and beginning to load their rogue code into them.

Never assume

The moral is that you must never assume your software is safe, even if it comes from a reputable supplier. So how do you minimize the risk of falling prey to all these online threats? Here are some strategies to adopt.

Limit the number of downloads you make. The sites you visit most frequently are also likely to be havens for criminals, who try to exploit popular apps, URLs, attachments, social media or email. By clicking a link or downloading an attachment on your mobile device, you may end up installing mobile malware instead.

App stores are a danger area. Although the proprietors try to monitor their stores for malware, rogue software vendors can sneak in. Malware disguised as a stock market app – that was actually designed to steal information from the downloader’s device – made it into the iTunes App Store recently.

Apple users should avoid the temptation to “jailbreak” their iPhones using software that allows them to break out of the confines of iOS. This can lead to a malware invasion. If you use an Android phone, jailbreaking isn’t an issue as Android phones have no boundaries. That’s not to say they’re risk-free, however: in the last seven months of 2011, malware targeting Android grew by 3,325% and Android malware accounted for about 46.7% of unique malware samples, according to Juniper Networks. Google is now attempting to secure its App Market with an internal malware detector called Bouncer that scans apps submitted to the Android Market.

Even the most vigilant mobile users drop their guard at times, so it is vital to install security management systems. These software solutions and gadgets will create a secure foundation. The rest is up to you.

Vox Pop

"People are often petrified when their mobile goes. Losing their contacts is the major source of grief. The next biggest traumas are their lost photos and texts. Anything that’s important should be protected properly."

Robert Winter, 48, mobile data recovery manager, UK 

Eight ways to keep your mobile phone safe

Eight ways to keep your mobile phone safe

1- Go into the Settings menu and set up a passcode for your phone.

2 - While in Settings, Android users should turn off the Access from Unknown Sources option.

3 - Check the reputation of any publisher before you buy an app from it.

4  - When you install an app, check the permissions it asks for. Be very careful about granting any. No game app needs to know your contacts or location.

5 - Watch out for social media – hackers are now placing malicious links on your friends’ profiles that install malware on your device when you click them.

6 - Keep your phone updated with the latest security firmware to correct possible vulnerabilities.

7 - Block the installation of rogue software by using the Tools menu of your internet browser to disable Java.

8 - Don’t trust public Wi-Fi, especially for financial or other secure personal transactions.