If you are like me, you keep a loose inventory on previous decisions that have greatly benefited your life. Some of mine include choosing to rent as opposed to buying a home, purchasing an 800 dollar Ford Festiva, and changing jobs. In 2009 I converted to a Smartphone against the advice of my friends. This has been an amazing tool that brings convince to my life. It is basically a mobile computer, which makes me wonder how safe it is to use. Is my phone susceptible to the same kind of attacks that my computer is? Are there any measures that I need to take to protect my phone and the information it contains/handles?
In December of 2010, the European Network and Information Security Agency (ENISA) released report that investigates the security risks involved with using Smart phones and what can be done to reduce these risks. This report identifies common uses as it pertains to common users, employees, and executives. Being a common user, the information on my phone is not normally sensitive. I have names and numbers, pictures, music, and some account email information. The report claims that most incidences are due to user error. Common reasons for security incidents can be attributed to the following:
· Not properly disposing of phone
· Not setting phone back to factory setting before phone changes hands.
· Network Spoofing Attacks
· Surveillance/shoulder surfing/eavesdropping.
· Malware – financial
· Network Congestion –dos attack
· Phishing
· Lost or theft devices
These techniques appear to be similar to the threats users encounter on their home computers. The same awareness and caution will need to be exercised when using your smart phone. Some recommended precautions to observe include:
· Be aware of your surroundings
· Be aware of what apps you download
· Lock your keypad and phone memory
· Reset and wipe memory occasionally
I currently do not conduct much business on my phone. Avoiding online purchases, accessing bank account sites and information, and actions that require my SSN, is very important in protecting my sensitive information. The smart phone users who conduct business with their phones have a higher risk of leaking information. Some things to keep in mind is that Not all apps in the marketplace are safe. Your phone stores information about what you type and sites you visit. Iphone holds a cache of all words ever typed on the device (with exception to words entered in password fields). There are many rogue WiFi hotspots out there that intend to intercept and tamper with your network communications. Often time’s theft occurs by making hidden use of premium SMS services.
Now that we see that cell phones are not immune to attacks, lets take a look at the effects of the attacks? According to Kiplinger.com impact ranges from mild to medium. Some annoying effects of attacks include freezing or slowing phone operations. More advanced attacks can remove numbers and text messages. However, it appears that the impact is relatively minor when compared to some attacks conducted on home PC’s and corporate networks.
On a final note, let’s review protection. Companies have come out with and continue to develop antivirus programs for mobile phones. Be aware that some companies may use fear to push their products. However, the fact is that the need for these services is not present. Successful attacks are relatively rare in the US and Asia. Service providers have taken steps to reduce the marketing of these vendors. I’d like to give a tip of the hat and a wave of the finger. First a wave of the finger to these companies for trying to push protection that is not needed for the general public at this time. Of course marketing stuff we don’t need is not a new concept. This is not to say that security software may not be required in the future. Advances in technology could produce a need in time, but for now it appears most of us are ok. Tip of the hat to the service providers for their efforts in protecting the general public from corporate greed. Before we get too sentimental on behalf of the service providers, I think it is obvious that this action is don’t only to benefit the company itself. The last thing they need is for customers to be worried hacked cell phones which would surely result in reduced sales.
I hope this was helpful. Please be advise that this is just the beginning. There is a lot of information out there, and the best thing that we can do to protect ourselves is be educated and aware of the threat and their capabilities.
REFS:
http://www.enisa.europa.eu/act/it/oar/smartphones-information-security-risks-opportunities-and-recommendations-for-users
http://www.zdnet.com/news/is-your-cell-phone-due-for-an-antivirus-shot/146956
http://www.kiplinger.com/businessresource/forecast/archive/smart-phones-under-cyber-attack.html
No comments:
Post a Comment