Apple patched the security vulnerability in its messaging applications shortly after Charlie Miller, a professional hacker, demonstrated how easy it would be to hack into iPhones using a text message. The IT conference last July pointed out loopholes in existing messaging security of cellphones, benchmarking the need to revamp security for mobiles and fixed-line companies. Cloudmark’s CTO, Jaime De Guerre, clarified that Miller did not really invade any mobile privacy, “That was a demonstration, it never really happened in the wild.”
Other cell phone users, however, have not been so lucky. Worms like The Sexy View, named because it sends pretentious links supposedly to view sexy pictures, attacked some Nokia phones. When a user mindlessly clicks the link, the worm will take over the phone as a botnet invades a computer, sending itself to the contact list. Although the Sexy View has been more of a problem in Asia, it’s only a matter of time before it lands itself on the hands of cellphone users in America.
Attacks range from simple eavesdropping to extraction of personal information like phishing for passwords, theft of data sent or stored in the phone, and spam. Every phone’s new feature opens up bigger vulnerabilities. “Social media is expanding to mobile devices,” notes Martha Vazquez, senior research analyst in the Network Security practice at consulting firm Frost & Sullivan. “While this is a great way to market your business, many threats are attacking these sites and it’s common to find a malicious URL link. SMS messages are another very common way to receive malware.”
“The thing to understand is that smart phones today have all the power of a full computer,” says De Guerre. “They can have a 1 gigahertz processor and hundreds of megabytes of RAM. So all the same types of attacks that could happen to a computer can happen to a smart phone.”
There are several ways to discuss mobile short ends especially for the security of small businesses. Without having to give up entirely on cellphone use, there are ways that the experience remains safe and efficient. Here are some steps to consider.
- Insist on password protection. You can set a security setting on your phone such that when an incorrect password is entered a certain number of times, the phone will automatically be wiped of data. “The simple act of enabling a password or PIN number on a phone can save you a tremendous amount of hassle,” says Randy Gross, CIO at CompTIA, a trade association for the IT industry.
- Use encryption. Sometimes password protection is not enough. If you want more security, have your phone encrypted. It’s an even better way to protect cellphone data, after all, a 16G phones can contain a lot of information. “With the right security software, you may be able to remotely wipe the phone if it is lost or stolen,” adds Gross.
- Stay up to date on operating system patches. Don’t put off software updates for your phone. Gross advises, “Whenever the phone maker releases new patches or new versions of its operating system, make sure you have the latest version on your device.”
- Use antivirus software. Khoi Nguyen, group product manager, Mobile Security Group at Symantec, focuses the risk to small businesses. “Small businesses must treat mobile devices as they would their PCs by installing security software and keeping it up to date,” says Nguyen. “This will protect the device from new variants of viruses and other malware.”
- Warn users about malicious sites and phone numbers. Most importantly, be a conscious cellphone user. Unsolicited text messages are major vehicles of malicious links. Avoid clicking unknown links as these could lead to phishing networks or may contain malware. Also, refrain from calling numbers that come from unsolicited text messages. Though the message might appear to be from the bank, employer, or any significant company, it’s best to verify the validity of the message first. Independently find the company’s number instead and submit your concern.
- Educate users about phishing. Recently, twitter has been the avenue of some of the most successful phishing attacks. This incident caused users to be more wary when entering user account names or passwords. Never input personal information or passwords to any site unless you navigated there yourself. The same goes for any phone call where the number came from an unknown or unsolicited source.
- Shut out unknown Bluetooth devices. Bluetooth is a convenient alternative to wires in terms of file transfers and the like. But a downside to this is that Bluetooth is an open network where unknown devices can connect to you if you haplessly leave it on. This can attract malware, like a virus called CommWarrior, which infects some phones via Bluetooth. “A phone’s Bluetooth setting is on by default, so it needs to be turned off, or configured for a specific device or headset,” Nguyen says. “If not, it will look for other Bluetooth-enabled phones, which could result in malware being loaded on the device.”
- Be wary of open Wi-Fi networks. Wifi networks are easy targets for security breach. Open networks can let unwanted parties to see data that is sent and receive via the network, such as emails. “Make sure before you join that it’s a network you know and trust,” De Guerre advises.
Have questions about mobile security? Our mobile security experts are here to address any security challenges you may have. We deploy BYOD solutions and make recommendations on how to best protect your business. Call (02) 8212 4722 or email us at [email protected].