Smartphone vulnerabilities entice hackers
July 21, 2010 8:40 PM
Smartphones are a great hit among Bay Area citizens, but another group of fans also love the popular devices: hackers.
Just as information stored on a computer can be a target for hackers, Internet-capable phones pose similar security flaws, according to Collin Mulliner, a Ph.D student at the Technical University of Berlin who specializes in mobile phone security.
"Right now, you can still say smartphones are at lower risk because most phones don't have as many features as desktop computers," he said.
Smartphone use is on the rise, and the number of users are expected to grow to more than one billion by 2014, according to Parks Associates, a digital technology research firm.
According to Mulliner, who has done presentations on mobile phone security, a smartphone is essentially a computer in your pocket. Although cases of hacking from mobile devices are not as frequent as that of hacking from computers, smartphone users still face the same risks that desktop computers present. The vulnerabilities include exposing one's web browsing history, settings, preferences and location, according to Sai, a leading member of San Francisco-based hacker club Noisebridge.
"Smartphone users would face all the same risks that you would face in any web browser," Sai said.
When the opportunity presents itself, hackers can obtain sensitive data either physically or through an Internet connection. According to many mobile device related corporations and security companies, leaving a phone unattended in the public eye and having it found by an individual with malicious intentions can lead to loss and manipulation of information.
"Suppose you have physical access to somebody's Andriod phone," Sai said. "The default method of security on those phones is you have a little slide pattern that you do on the screen. The trick is if you look at an Android edge-on, you can see the pattern of oil that somebody's finger has left on the screen as they're unlocking their phone all the time and you can easily replicate that. And if you do that, then you're on the phone and you can do whatever they can."
According to a 2009 study by media analysts Universal McCann, 53 percent of America's smartphone users download material from the Internet daily. Many mobile security experts say that viruses and worms can be contracted from downloads and viruses can do numerous malicious things to one's phone.
"A virus will probably destroy your data. The bigger risk is a Trojan that steals your private data, like the address book," Mulliner said.
Other than the physical loss of one's phone and attracting viruses, information such as phone conversations, text messages and one's location can also be tracked, according to Grey David, an IT administrator for iSEC Partners, a security consulting firm.
But users aren't helpless.
"The first thing would be: update your software as much as possible," said Sai, who runs cssfingerprint.com, a research project that he conducts himself. "Don't use old versions of web browsers, because almost certainly they have severe vulnerabilities."
Sai also said using "better" browsers such as Mozilla Firefox and Google Chrome, rather than Internet Explorer, can help ward off hackers from accessing information from one's web browsers. Mulliner also recommends not downloading applications from "fishy looking websites."
Jailbreaking iPhones, installing an altered version of the operating system, is popular among users to personalize the phone. However, Mulliner does not recommend it since it "disables many security features."
The installation of open source software can do a more efficient job at protecting information on an iPhone, according to Mulliner. "But in order to install it, you have to give up some protection put in place by Apple. It's more or less a trade off. If you need security and know what you are doing, jailbreak it. If you need security but are more or less clueless, don't do it."
Amy Storey, a representative for the Cellular Telephone Industries Association, said that while current phone technology might limit the functions of a smartphone, "Complete freedom without concessions for security come at a cost. This would require the customer to take a larger role in protecting themselves against spam, viruses and other kinds of threats."
Creating challenging passwords is one safety strategy that Heidi Flato, a Verizon Wireless representative, suggests people do to protect their information.
"Never use any word in any type of dictionary for passwords or PIN numbers, since hacker programs can also check for this type of change," Flato said. "Changing the letter "O" to zero or the letter "I" to a "1" also does not make a password secure, as hacking programs can also check for this type of change."
Mulliner advises people to take the same measures in protecting both their smartphone and computer because, "your iPhone is a computer; it's just a smaller one."
POST A COMMENT
|BACK TO TOP|| |
Copyright © 2008 [X]press | Journalism Department - San Francisco State University