This article (part 2) focuses on logical risks and pitfalls of insecure mobile devices.
Malicious software is software like viruses, hidden spyware, phishing software, background software for monitoring or recording of user credentials, diallers to connect to premium calling services or software to send expensive premium SMS.
The measures to protect your device, your apps and data against malware for mobiles have to be the same as for personal computers or notebooks.
Wireless Local Area Network (WLAN or Wi-Fi) technology uses radio waves to exchange information. These are generally sent out in specific or all directions (depending on the type of antenna). The waves may be reflected from certain surfaces and spread over a larger area as normally expected.
Every mobile device capable to receive these signals may copy the information transferred by radio waves. In case of Wireless Local Area Networks hackers may use specific software to capture your data and read what your device has exchanged (e.g. your downloaded emails, the passwords your device used to authenticate at your email server). This is very unsecure and you should avoid using Wireless Local Area Networks when you want to access corporate data from remote. The same may happen when you try to access your online banking account or other services requiring some confidence and secrecy.
Untrusted Applications (Apps)
A large number of apps are for free. Be cautious! The developers of the app may have specific goals they want to achieve. Apps may protect and inject malicious code needed to collect your bank account data and forward them to suspicious objects. The software may collect user data it really doesn´t need. Or can you tell me for example, why your flash lamp app collects location information of your smartphone? You don´t need it. But who else will use it? You may be surprised what information is collected and sent to anybody else.
Developers of mobile apps have different knowledge and use different development tools. There may be some coding flaws in the mobile software. It may communicate with other apps and exchange information or influence the behaviour of other apps. It may circumvent security measures.
Personal apps (multimedia players, games, social networks, etc.) disrupt working time and lead to lower productivity.
You bought your mobile device with many apps already installed. You may download and install additional apps from (hopefully) trustworthy app stores. The apps need certain permissions to run on your device. Remember, you were asked during the installation process. Did you really read all the listed permissions of the apps you have to grant?
Use of social networks like Facebook, Google+, Tumblr, Twitter, Xing, LinkedIn, Orkut raise some issues like privacy (giving out too much personal information to the public), data mining (companies use software to analyse published information in social networks for marketing purposes), the potential of misuse (e.g. by defining profiles in the names of popular persons or fictional names) and much more. Privately used social network services disrupt your working time.
QR (Quick Response) codes are easy to use. An app takes a snapshot of the code and translates it to a web link. A malicious QR code may direct your mobile device to a malicious website and start any kind of attack.
Your mobile device may support Global Positioning System GPS). The navigation software is able to identify your current position anywhere. This information is stored in your mobile device and can be forwarded by any app which has granted access to these data.
The location information may be of interest to ad networks, thieves, security organizations and many others.
Data in Smartphones
You may store personal data like email addresses, calendar events like meetings, trade secrets, banking accounts, personal identities, PIN codes, credit card IDs and much more. Your device buffers web page addresses, screen shots, downloaded images, codes you entered and many other data.
Data thieves try to copy these data for further activities like money transactions, buying goods, paying bills, and more using your hardly earned money. They may identify your business partners or personal friends and contact them to gain more information about your behaviour, your planned meetings or holiday trips (your home is untenanted!).
Previous Part 1 of “Risks and Pitfalls of Insecure Mobile Devices” covers physical risks and pitfalls of insecure mobile devices. Additional articles will describe how to protect your smartphones and tablets.
Don´t want to miss new blogs? Register to the newsletter of Ronald Schlager´s Blog today!
Book: Ronald Schlager: “Simple Security for Smartphone and Tablet”
About the Author
Ronald Schlager is independent trainer, consultant, author and blogger with main emphasis on communications technologies and their applications.