We do everything on our mobile devices, from banking to shopping to email and beyond. Given this reality, it makes sense that the security of our smartphones and tablets is suddenly being questioned.
For many of us, the proximity of our bodies to our devices at (nearly) all times gives a false sense of safety –but physical security is only one threat; hackers are something else entirely.
Hackers come in a variety of shapes and sizes, from the white hat who is really just looking for vulnerabilities to exploit for the sake of the challenge and accomplishment to the black hat style whose motivations are much more malicious or even profit-driven. No matter the flavor, most of us would really rather not have our devices compromised. Our mobile devices are personal.
To date, most smartphones and tablets are devoid of any significant security measures –unlike most of our desktop computers which feature virus scanners, firewalls and spyware monitors now that many of have learned our lessons with those the hard way.
According to the Juniper Networks 2011 Mobile Threats Report, the biggest concern is the data we transmit to and from our phones. In many cases, email and other text being sent from our phones is done over WiFi using clear text. This is the cellular equivalent to yelling our message across a crowded room for everybody to overhear. The defense of having secured your home WiFi connection is valid and may dissuade most hack-attempts, but the reality of mobile devices is that they are always on the move and subject to the networks you connect to that are beyond your control.
Besides sniffing out the data being transmitted, other attacks are also possible. Focusing on the vulnerabilities of systems such as SMS or MMS could allow for a malicious hacker to gain control of your device and either render it inoperable or gain control in an effort to perform tasks of their own choosing. In addition, with mobile browsers become as powerful and feature-rich as their desktop counterparts there exists a greater opportunity for hackers to attack.
To date, most malware attacks have been on Android and Java-based mobile operating systems with 2011 seeing 28,500 samples of malware (an increase from only 11,000 in 2010), but this doesn’t mean that Apple and iOS-based devices are not also at risk. Apple has a tightly controlled infrastructure for app submission and approval which makes it more difficult (but not impossible) to get malicious software through to the App Store. This of course doesn’t matter much if the attack comes from methods that circumvent this process, such as HTML 5-based web apps.
So far the type of malware most common is spyware. While this is the most gentle of all hacks, it does mean you could be transmitting your location to interested parties, sending sensitive information to people you didn’t intend or even sending expensive text messages to pay-for-message based services (maybe you are unknowingly voting 20,000 times a night for the next American Idol!).
Unfortunately there is very little you can do to protect yourself at the moment, aside from basic common sense maneuvers. Be cautious about the work you do over unsecured WiFi connections, watch what you download and be careful about the emails you open. In the meantime, groups like Google are starting to actively scan their Marketplace for offenders and Apple is cracking down on issues as they are made aware.