Cell phones have come a long way in the last twenty years. Zach Morris’ brick from Saved By The Bell was a strictly utilitarian device, built for no reason other than making and answering phone calls. Today’s iPhones and Droids, by contrast, are full-fledged computers, capable of virtually anything a laptop or desktop PC can do. In many ways this is a step forward, but our phones now also share one bad similarity with our computers: exposure to security risks.
Here are some of the most serious to watch out for:
Phishing has been a major security threat to laptop and desktop users for at least the last decade. It typically works in the following manner: you receive an official-looking email from someone claiming to represent a major, well-known institution (such as the bank you use.) In this email, you are asked to provide your account information for a “security check” or other seemingly legitimate reason. You may even be directed to a website that looks very much like the real thing. Unfortunately, the entire process was nothing more than a cleverly crafted ruse designed to trick you into giving scammers your account details.
These same scams are now targeting mobile phone users as well. A 2010 article in the Wall Street Journal said that “the next generation of “phishing” scams, focused on mobile banking, has begun, and it has the potential to do much more damage than earlier versions.” Rather than tricking you into visiting a fraudulent website, scammers are now populating the web with fraudulent banking apps that carry out the same purpose.
Every few years, a worm virus slithers its way onto millions of computers around the world, inflicting financial damage and whipping the tech world into a panic until it finally dies out. Melissa, SoBig, ILoveYou and MSBlast were some of the bigger culprits of the last decade. Our phones have long been immune to these gigantic hassles but no longer. Inc.com tells the story of one nasty mobile worm that hit Asia and parts of the U.S as well:
“The Sexy View worm, so dubbed because it sends a text inviting users to look at sexy pictures, targets some Nokia phones. If a hapless user tries to look at the pictures, it will take over the phone much the way a botnet takes over a computer, and then send itself to the entire contact list.”
Cloudmark CTO told Inc.com that it’s only a matter of time before mobile worms such as these become the widespread norm in the United States. “They [smartphones] can have a 1 gigahertz processor and hundreds of megabytes of RAM. So all the same types of attacks that could happen to a computer can happen to a smart phone.”
Many of today’s smartphones have built-in GPS capabilities, allowing users to transmit their exact geographic coordinates to anyone they wish. Though this is certainly a handy feature to have, it carries the potential for misuse. Last February, ScienceDaily.com reported that because smartphones “run the same class of operating systems as desktop and laptop computers” all sorts of abuses are now possible – including GPS hijacking that lets unscrupulous people track the travels of a phone’s owner.
Today, the web is filled with mobile apps that let you secretively “keep track of your untrustworthy boyfriend” or “always know where your wife is.” These same tools (and others) can just as easily be used by criminals or hackers.
Unknown Privacy Settings
There is also a substantial security risk connected with not being aware of your phone’s privacy settings. Take Facebook’s iPhone app, for instance. Unbeknownst to many iPhone owners, this app will broadcast your exact location unless you deliberately turn that feature off. The same is true of any number of other apps, including FourSquare and AroundMe. True, this is not necessarily a risk in and of itself – but it could be. Someone determined to intercept data transmissions from your phone could very easily determine where you are if these features are left on.
That’s why it’s imperative for mobile phone users to be fully aware of location-based services and the risks they pose.
In 1999, having your cell phone stolen was an annoying inconvenience, but hardly a security risk. After all, what was the thief really getting his hands on: your contact list and (maybe) a few personal text messages? Surely nothing to be concerned about. Today, the theft of your mobile phone could be downright catastrophic. Depending on which apps you use, the thief could now have total, unrestricted access to your emails, bank accounts and investment portfolio.
In short, you could be in for a whole world of trouble. Luckily, most of these risks can be prevented. As Inc.com explains, the simple act of setting an access code on your phone that wipes your data after a certain number of wrong tries goes a long way.
“SMS Of Death”
On December 30, 2010, CNN Tech discussed another serious mobile security risk: the “SMS of Death” Here’s how it works:
“…many popular feature phones operating on GSM networks (the world’s most popular mobile network standard) are vulnerable to remote-controlled disabling or damage via the “SMS of Death.” This is according to a presentation by German researchers at this week’s Chaos Computer Club Congress in Berlin.”
In short, your entire SIM card can be corrupted just by receiving an SMS text message with a “damaging payload” in it. When this happens, your phone gets completely disconnected from the network. Worst of all, this particular security threat mostly targets lower-end phones, not the expensive smartphones. Researchers at the German conference “performed their tricks on handsets made by Nokia, LG, Samsung, Motorola, Sony Ericsson, and Micromax, a popular Indian cell-phone manufacturer” according to TechnologyReview.com.