Mobile device security
I had my first mobile phone in the 1980s - it was the size and
weight of a brick and more likely to be regarded as an offensive
weapon than something that could be used to offend against me.
During the past 15 years almost everyone, including quite young
children, has obtained a phone of their own. For most of those
years the only functionality was that of making and receiving phone
calls. Some of us still regard that as the principal purpose of
a mobile phone!
Since 2009 we have seen the advent of the Smartphone and the tablet
computer. Other than their shape, weight and phone call functionality,
these share a great deal in common. Firstly, they can carry all
your personal information, documents (work and domestic), banking,
contacts (names, addresses, phone numbers and email addresses),
emails sent and received, and picture collections. Secondly, they
have exceptional connectivity with the internet using public and
private WiFi services and the mobile networks.
They also have the ability to download
programs designed to undertake a myriad of activities. As with
PCs, programs can do a great deal that we can't see or hear. The
mobile device has provided another weakness in our personal security
enabling the crook and the fraudster to extract information from
us for subsequent misuse against us and our contacts, and the commission
of frauds against our bank and other financial accounts.
Two types of device
Mobile devices generally fall into two types - those made by Apple
(iPad, iPhone), and those made by everyone else - especially those
supporting the Google Android operating system.
This division is important because you can't load a program into
an Apple device without obtaining it through the Apple iStore,
or the iOS App Store as it is becoming known. This means that Apple
have an opportunity to check in detail the functionality of every
program before it is made available to the public. This checking
is strictly enforced by Apple. This is designed to ensure that
apps do not have functionality that is not required to fulfil the
declared purpose of the app. Therefore we see few security problems
with apps for i-devices, but they are not unheard of! As a result
one can have a high level of confidence in the apps from the store.
I wrote most of that on 7/11/2011. On 8/11/2011 there was
report of someone (a well known Apple hacker) getting a piece of
potentially bad code into an Apple app which was published for
iPhones and iPads. I would expect Apple to tighten their procedures
for app vetting!
Android security weakness
On the other hand, anyone can write and market apps for devices
running the Android operating system. And they are, especially
the well known groups of foreign malware writers who have fraud
in mind. There are now significant numbers of apps that have been
designed with information theft and fraud as their main objective.
There are examples of fake versions of well known and popular apps
which can be obtained at low or no prices. In operation they appear
to be functioning as a game or whatever, but in the background
they are copying all your contacts and other information off to
the criminal perpetrators. A favourite is to quietly, in the background,
make phone calls to premium rate numbers, often abroad, so running
up enormous phone bills which you the account holder are contractually
obliged to pay. As a result one can have little or no confidence
that the apps downloaded from a wide variety of providers will
not reek havoc with one's device and empty one's bank account one
way or another. The number of these malware apps increased by 400%
in January 2012 alone (Sophos
Naked Security 3/2/2012
)!
My advice? Use Apple products with confidence. Use Android devices
with great care and be very cautious when obtaining apps - try
and identify the supplier as a well known name that you can trust,
such as official marketplaces like Google, Amazon or Barnes & Noble.
Avoid keeping critical personal information on an Android device.
Avoid making banking and credit/debit card transactions on an Android
device.
In the longer term
I suspect that Android products, while increasingly popular at
the moment (11/2011) because they are cheaper than Apple products
and because the Android interface is regarded as in some ways superior,
will ultimately suffer so much abuse and fraud that Google will
decide to bring apps in-house and vet them all, like Apple. Technically
this might prove to be a difficult change to make because Android
is an open system, where Apple's iOS is not.
... is a retired Information
Security Manager. I give no warranty that the advice given will prevent
your system from suffering from viruses, worms, spam, spyware, usage
trackers, keyloggers, abuse or any unauthorised programs, functionality
or macros of any kind introduced by any means. It must be accepted that
the subject is not fully explored in this document and descriptions of
problems and solutions are necessarily brief and incomplete. New security
problems are regularly being discovered in PC operating systems, mobile
'apps' and other software for all kinds of computer based consumer equipment
and users need to be constantly alert to the latest threats. Nor do I
give any warranty regarding personal identification protection, use of
social networking web sites, or calls to or from banks and finance houses.
Neither do I take any responsibility for any third party web site or
its contents nor for any products offered or supplied by those sites
or any retail outlet or the companies promoting them. If in doubt ask
for advice for your specific system or problem from a company offering
such advice or service. Always follow the specific advice of hardware
and software suppliers, banks and finance houses as appropriate.
© Copyright 2011 Tim
Boddington
