July 20, 2010, 8:19 AM — by Chris Murrey, SecureState - Smartphones have become an integral part of our lives; we rely on them for everything. They hold all of our personal information, calendars, emails, phone numbers, text messages, and documents. However, the average user is not very savvy when it comes to the security of these devices. A user can browse to one of the many app stores and download just about anything, and most users do just that.
Securing mobile devices
One of the exciting things about smartphones is the customization of them. You can get any type of application you want, and most of the time it is free. You can get games, productivity applications, web servers, and ftp servers. Users feel a false sense of security because it is "just a phone" and the apps must be secure because they are getting them from an app store.
These apps, however, are developed by programmers of varying levels and skill sets, and security might not be their top priority. None of the app stores put the apps through a thorough security check; most run virus scans but it is usually done randomly and done after the app is posted. Even Apple has fallen victim to mobile malware.
Some apps have even been signed safe by the stores only to have malicious code be discovered at a later date. Samsung's Wave shipped with malware installed on the SD card, which activated as soon as it was connected to a PC.
Lookout, a mobile security firm, stated "we've gone from seeing 4 pieces of malware and spyware per 100 phones per year in December 2009 to 9 per 100 phones per year in May 2010. That's more than double the prevalence of malware and spyware on smartphones in less than 6 months."
The phones themselves have put in some protections such as limiting which app stores you can download apps from. Other protections can notify the user what the app will have access to, i.e. Contacts, GPS, or network info.
But how many users actually look to see what that cool app will do before they run it?
Once a malicious application has been activated, it can disable your phone, make toll calls, get your exact location, view your SMS messages, or even turn on the microphone to eavesdrop on your conversations.
Could your mobile device land your CEO in court?