Not all applications that pose a risk were designed to be malicious. One such application was designed to remotely take photos; however, it also had the ability to view other folders and even system files and delete them. When the developer was contacted, he replied that he used a piece of code from another app he had made that was designed to be a file explorer and didn't set the restrictions yet on the photo taking application.
These issues have even been noticed by the FBI's Cyber Division assistant director Gordon Snow. He was quoted in The Wall Street Journal saying, "Mobile phones are a huge source of vulnerability," and "We are definitely seeing an increase in criminal activity."
None of the smartphones have been immune to attack. Apple, Blackberry, Windows mobile, and Android all have been under siege and the risk will continue to grow as these phones get smarter and more powerful. Companies such as Lookout offer free protection on supported devices. Symantec and McAfee are also getting involved with mobile security. As this threat grows, more companies will follow suit.
BlackBerry Security: Five Tips to Keep Your Smartphone Safe
Should you stop downloading apps? Probably not; but you should be a little more cautious about what you are downloading. Users are quickly learning not to click links in questionable emails because of phishing attacks; however, the same user will click the link from their phone simply because it is a phone. You must protect yourself, but how?
Securing your smartphone can be as easy as applying simple best practices and common sense. Users need to understand that they are holding more than a phone, and it can fall victim to the same perils as their laptop or desktop. Businesses should ensure a mobile security policy is defined and in effect, to handle such things as the ability to join open WiFi access points, locking the device, if the user can install apps, and encryption policies. Using similar policies as those for your desktop and laptop, you can ensure you are taking the correct approach to securing your mobile device. Anti-malware, anti-virus, and firewalls are available and they may be the options you choose.
Simple steps for a smart user:
- Use common sense.
- Keep the phone and downloaded apps up to date.
- Be cautious of clicking links.
- Use reputable app stores.
- Back up critical data.
Chris Murrey is a consultant at SecureState for the Profiling Team. Mr. Murrey has both led and participated in dozens of engagements ranging from internal and external attack and penetration testing, war-dialing, war-driving, social engineering, and physical access.