Don’t you hate it when you’re right?

One of the ways that writing this blog has provided me with satisfaction, is that I end up surveying the technical landscape for trends and new technologies.  I enjoy doing this research that frankly I wouldn’t be doing if not for the desire to find new topics for the blog.  These surveys have identified upcoming trends, which I’ve shared in some of my posts.

IMG_0167So, there are a couple related trends that I’ve previously identified as hitting their strides in 2013.  However, I’m really not happy that my prognostications were turning out to be correct.  The trends are:

  • Malware will become sufficiently sophisticated enough to overpower efforts to mitigate them.
  • The smart phone will become a significant platform of choice for malware writers.  Note: When I use the term “smart phone”, it applies to tablets and other like devices.

I wrote about both in my New Year’s The War on Malware post.  I also wrote about smart phone risks in my The Canary in the Coal Mine post from last August. 

WhileI’m not shocked to find that both trends are indeed coming true, I’m not happy that I was right on this.

Yesterday, I decided to catch up on some of the articles in Bob Sullivan’s Red Tape Chronicles and two recent posts caught my attention.  The first is about the fact that cybercriminals are getting the upper hand on the cyberwar on financial institutions.  They are using compromised computers (like yours) to attack these financial institutions.  These attacks have the potential of impacting your and my personal accounts, as well as adversely affecting various national economies, especially those effecting a  fragile economic recovery.  I’ll explore this particular topic in more detail in a future post, but here is the Sullivan post for you to read.

Today’s topic is the the smart phone issue, which has the potential to more significantly impact our privacy, plus our personal and financial health.

To set the stage, let me reiterate why smartphones are such a juicy target.  First, sheer numbers: There are more than 1 billion (that’s BILLION with a B) smart phones worldwide and several hundred million in the US.  Next, the promise of the smart phone is being realized.  We carry our lives in our smart phone: Contacts, email, photographs, banking apps, Facebook, Twitter and soon: medical records.  We use our phones to transact banking, buy lunch and message our friends and families.  Don’t forget that there is enough location information in some phones to help  a stalker predict where you might be tomorrow. The problem is made worse by the fact that most users don’t follow best-practices, like password locking or not downloading non-approved apps or worse yet, jail breaking their phone.

All that said, it’s really difficult to compromise smart phones due to some of the architectural structure that vendors have erected around them.  However it’s not impossible, but the good news here is that the phones have been compromised in the US to date had help from the user.  According to Bob Sullivan’s article, the method was the age-old, send a message to someone that appears to come from a friend.  the message contains a link for an app that the friend says is cool.  The user clicks on the link and downloads the app, which contains the malware.

Apple devices are still the best at avoiding malware, due to the architecture of the devices as well as the App Store.  Google’s Android has the Play Store.  This method is also the best method to get apps, though the standards are somewhat looser than the App Store.    Also, the “open” architecture of the Android makes it less secure.  As a result, most hackers are focusing on Android and leaving iPhones alone (for now).

The article also mentions another hack that is happening in Europe, but hasn’t crossed the Atlantic.  It’s a so-called hybrid attack that infects one’s PC and phone.  Once the PC malware has figured out the credentials for a banking account, it initiates a transfer to a foreign account.  When the bank sends an out-of-band number to the cell phone to be entered as confirmation, the phone’s malware intercepts the number, gets it to the malware on the PC to confirm the transaction.

So, how to stay safe?

  • Only load apps from the appropriate store.  Also, it’s a good practice to do a “Google” search on the app to see if any warnings pop up.   News of App Store apps containing malware will almost certainly go viral.
  • Do not jailbreak your phone.  Jailbreaking disables many of built-in protections.  See my Hazards of Jail Breaking for more information.
  • Properly safeguard your phone.  Be sure it’s password protected and if you use a short password, that it’s limited to 10 tries before the phone will be wiped.
  • Know how to find a lost/stolen phone quickly and how to wipe the phone remotely.
  • All the standard PC practices apply, like don’t click on a link that’s contained within an email.  Either cut-n-paste the URL into the browser or ignore if you’re not sure.
  • Keep a close eye on your financial accounts and your cell bills.  This is more important than ever before.  This means transactions as well.  Many of the scams trickle small amounts from bank accounts. which you’d never find by watching your balances.  Keep an eye on your data usage.  If you see a significant spike, that could indicate your phone has been hijacked.

Stay tuned … this issue is just starting.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: