Saturday, May 26, 2012 Last update: Yesterday, 6:04 PM
U.S. Technology Company News from the Inside

Tips To Avoid Mobile Cyber Attacks in 2012 - 403 Web Security

print this article - email to a friend - join our eNewsletter
Submitted by admin on 2/2/2012 @ 11:19 AM

Smartphones – An Illusion of Security

True story – I was at the gym a few nights ago (this is meant to impress you) when my wallet was stolen (this to remind you I can be dumb). It was my fault; I had left my wallet in the car, just under the console where someone with good eyesight and maybe a flashlight could see it. Five seconds, a brick, a fast thief and my wallet was gone.

As I dug through the thousands of pieces of glass on my front seat I found my smartphone (in my case, an iPhone) and silently said, “Thank you, God”. Like many people, I would rather lose my wallet than my smartphone; I called my wife (with my iPhone) and told her Ilucked out.

OK, you say, I’m safe as long as I don’t lose my smartphone. Well, that might have been true a few years ago, but unfortunately no longer. The goal of cyber thieves is not to stealsmartphones, but rather to embed malicious software into smartphones to steal data without the owners awareness.

It’s a given that crime follows money, with the information on your smartphone potentially representing billions of dollars in the cyber crime world – your smartphone is a target. Cyber thieves want to duplicate the desktop computer industry - stats indicate 25% of all computer systems harbor invisible (and perhaps virtually undetectable) malware.

OK, face it, your smartphone is a cyber target and you may not be paying attention.

Let’s look at how you can stay smartphone safe.

Staying Smartphone Safe

The first thing to remember is the fact that smartphone security is an illusion.

Your smartphone, or any computer, in the hands of a technology adept cyber thief is an open book. For every physical or software protection you have installed on your phone, cyber criminals have already found a way around.

× Worry About Financial Features First - Sure, take your best shot to keep the smash-and-grab kids from gaining immediate access, but don’t pretend your data is safe. But, when your smartphone is stolen, immediately run the cancellation traps for whatever financial features your smartphone might contain.

× Remote Wipe Feature - Most smartphones have a remote ‘kill’ or ‘wipe’ feature that can be triggered with the correct codes. Some of these implementations are free, but even the paid versions are well worth the peace of mind if your smartphone is stolen or lost. The good news is that this works great, the bad news is that the smartphone needs to be turned on and connected to a WIFI or telephone network for this feature to work. Maybe you’ll get lucky and the thief will be slow or technically inept.

× GPS Tracking Feature - The remote ‘kill’ and ‘wipe’ feature noted above is often combined with a remote GPS tracking feature that lets you remotely pinpoint your smartphone, using the GPS within your smartphone. However exciting it might be to track your smartphone thief to his hideout, I would suggest avoiding this potential use. A better use of the remote GPS tracking feature might be to find whether you left your smartphone in a friend’s car, restaurant or in the middle of the street after it fell off the roof where you left it. It’s ether free or very inexpensive, it will be worth every penny the next time you misplace you smartphone.

× NEVER Jailbreak Your Phone - At the risk of offending my geek friends and associates across the country, I strongly suggest you never jailbreak your phone (modifying the operating system to implement features or functions the vender had not intended). The vendor (i.e., Apple, Google, Microsoft) has provided a relatively secure, tested OS for your use. Any jailbreak is guaranteed to reduce the inherent security of your smartphone.

× Consider every app as a potential security risk - Avoid the temptation to download an app just because it seems like fun or a friend recommended it. I think we are all past the days when we would install arbitrary software on our home or work computers; as I said above, a smartphone is a real computer that just happens to fit in your pocket. Treat it with the same respect.

× Use Strong Passwords - For those credible apps that you do download (only from major app stores and vendors) install respectable passwords whenever possible.

× Operating System Up-To-Date - Finally, make sure your apps and phone operating system is the current version. Just like the desktop and notebook world, security flaws are being discovered and repaired all the time; it is important that you are current.

The recurring theme in this article is, of course, the fact that, for all practical purposes, smartphones are simply smaller versions of their larger desktop and notebook counterparts.

Smartphones suffer from the same security Internet-related issues as desktop and notebook computers, but without the public’s awareness that major security issues exist. This will prove to be a deadly perceptual flaw on the public’s part as cyber criminals turn to smartphones as the next financial bonanza in the billion-dollar cyber crime wave.

On the physical security side (e.g., a lost or stolen smartphone) the public perception is equally skewed. The physical security safeguards (i.e., passcodes, GPS tracking, smartphone wipes) that can be put in place are easily circumvented; with the result of the data on the errant smartphone being entirely open to a hacker with even moderate technical skills.

There is no doubt that smartphones will fall under serious and sophisticated attacks by well funded and organized cyber criminals. This will be combined with security applications being created and sold for smartphones (again, analogous to desktop and notebook computers).

Alan Wlasuk is CEO of 403 Web Security, a full service, secure web application development company. Alan’s a Bell Labs Fellow award-winner with 18+ years of experience building secure web applications. From web security evaluation to secure web development and remediation, 403’s seasoned developers have secured web-based applications against hackers and security breaches. Drawing upon the company’s involvement with Software Quality Assurance (SQA), security is always at the forefront of any development efforts. To learn more about 403 Web Security or for a complementary vulnerability scan of your website, please visit: www.403.wddinc.com.