Smartphone security and challenges
How many times a day do we actually take our smartphones out to make phone calls compared to the amount of time we spend on other app features? If you are like the majority of those with smartphones, you probably use your “telephone app” a lot less than other features on your phone like social networking, web surfing, contact management, calendaring, online banking, etc.
According to a recent survey conducted by European telecom giant, O2, we spend more time browsing the internet, checking social networks, playing games, and listening to music than we do actually making phone calls.
As we continue to use these apps more frequently, we may be opening ourselves up to security issues with our personal information. Activities such as contact details, call logs, emails, credit card information, corporate data, etc. require our smartphones to carry lots of sensitive data, making this very attractive to malicious users. And since more and more people are deciding to make the switch to smartphones, with the International Data Corporation (IDC) predicting that smartphone shipments will approach 1 billion in the year 2015, malware to retrieve this sensitive information will continue to be on the rise. According to Junipers 2011 malware report, malware targeting the Android platform rose 3,325 percent in the last seven months of 2011 alone.
Most are probably familiar with the names of the malware that can wreak havoc on our laptops and desktops, such as viruses, Trojans and spyware. As our smartphones become increasingly our chosen device for activities once done on our computers, these three main categories (viruses, Trojans and spyware) are becoming popularly used for malware by those trying to hack into data on our smartphones as well.
Senior researcher for the National Center for Protection of the Financial Infrastructure and assistant professor at Dakota State University, Dr. Yong Wang, has been conducting research on smartphone security that includes policy enforcement and Bring Your Own Devices (BYOD) security.
“Both of these are essential for employees and enterprises,” says Wang. “We are developing novel approaches and techniques which could be used to protect both employees’ privacy and corporate data.”
Wang is on the forefront of this emerging area of smartphone security that has raised many interests, but with new research comes new challenges in working with the unique characteristics of smart phones. Smartphones are easy to tamper with physically and with simple setup, it is easy to reprogram the firmware and flash memory in a smartphone, physically clone a memory card or install spyware onto the smartphone. They are also easy targets because of central data management, thus many applications used for social networking or web surfing cache, or store, usernames and passwords on the device. Smartphones are also embedded with sensors inside including GPS, gyroscopic sensors, and accelerometer sensors. While these sensors greatly enrich the functions of the device, they also leave users vulnerable to those wishing to use the information maliciously.
With all of these caches of personal information and malware threatening that information, it is time for smartphone users to start taking their own precautions in protecting their data. Through the research conducted at Dakota State University, Wang has suggested these simple steps that any of us can do in order to better protect ourselves.
Increase security awareness. A smartphone is really the same as your desktop or laptop computer. It can be hacked, infected or phished. Be aware when installing software or authorizing software that needs privileges to access smartphone sensors, for example an app that wishes to use the GPS.
Apply password and auto-lock. Most smartphones support password and auto-lock functions.
Do not store data you cannot afford to lose in smartphones. They are easily lost or stolen.
Back up your device regularly.
Turn off Bluetooth. Viruses can spread through Bluetooth in your smart phone, so turn it off when not in use.
Do not use unsecure Wi-Fi hotspots. Packet sniffer software, which allows the user to capture and interactively browse the traffic running on a computer network, may disclose useful information from smartphone data traffic, leaving personal information vulnerable.
Use a smartphone security tool. Secure your phone using a reliable and trusted smartphone security tool.
Install anti-theft technology. Check your smartphone or service provider and find out if they provide anti-theft technology such as erasing data or restoring a smartphone to its default setting remotely.
Wang also points out there are subtle signs that may indicate your device is under attack. These include the cell phone battery being warm even when the phone has not been used, cell phone lights up at unexpected times, including occasions when the phone is not in use, unexpected beeps or clicks during conversations and so on. When these happen, be alert and have a security professional check your device.
As uses of smartphones continue to evolve, the threats will continue to change as well. Thus research done by Wang will become even more critical to everyone. “Our research on smartphone security focuses on sensitive data protection and security policy enforcement,” states Wang. “The innovative techniques and approaches will help secure smartphones and protect our daily lives.”