Mobile Phone Operating System Insecurity

Tuesday, April 26, 2011

Robert Siciliano

37d5f81e2277051bc17116221040d51c

As more online retailers introduce mobile ecommerce applications, criminal hackers are taking notice.

Existing mobile operating systems are under attack and, like standard PC operating systems, they sometimes fail to provide the necessary security to support a payment application.

Current research is primarily geared towards securing mobile payments, but there is a lack of coordination between mobile payment developers, device manufacturers, and mobile operating system platform developers.

Hackers are taking advantage of the loophole created by this lack of coordination.

Mobile phone spyware has been a concern for years. Legitimate software companies sell mobile phone spyware that allows the user to monitor a spouse, kids, or employees. And criminals deploy mobile phone spyware, as well.

Beijing-based mobile security services firm NetQin Technology reports that an application called Xwodi, which allows third parties to eavesdrop on cell phone conversations, has infected more than 150,000 phones in China.

Apparently, the malware targets mobiles running the Symbian platform, and monitors phones by silently activating the conference call feature or microphone.

One security company, Trusteer, informed The New York Times, “Mobile users are three times more likely to fall for phishing scams than PC users…because mobile devices are activated all the time, and small-screen formatting makes the fraud more difficult to spot.”

In the same article, another mobile security firm, Lookout, claimed that in May 2010, 9 out of 100 phones scanned for malware and spyware were infected. That’s up from 4 out of 100 infected phones in December 2009.

  • Protect yourself by refraining from clicking links in text messages, emails, or unfamiliar webpages displayed on your phone’s browser.
  • Set your mobile phone to lock automatically and unlock only when you enter a PIN.
  • Consider investing a service that locates a lost phone, locks it, and if necessary, wipes the data, as well as restoring that data on a new phone.
  • Keep your phone’s operating system updated with the latest patches, and invest in antivirus protection for your phone.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses spyware on FOX Boston. (Disclosures)

Possibly Related Articles:
5143
fraud Mobile Devices Operating Systems ecommerce hackers applications Mobile Payments
Post Rating I Like this!
5e402abc3fedaf8927900f014ccc031f
Allan Pratt, MBA Despite the advice, how many people actually use passwords/PINs to access their smartphones? It is an easy way to add a layer of security. Good tips, Robert.
1303878310
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.