Here is the second part of the blog series on secure computing, following on from part one “Dealing with Spam”. This blog talks about the possible security threats to smartphone users, the need for awareness about these security threats and a few smart steps to adopt in choosing the application market place and downloading an application.
There is a huge increase in smartphone usage year-on-year because it:
- is trendy
- helps in easy communication, both business and personal
- provides portable and easy internet access
Nowadays, almost everything is mobile. A smartphone user is now comfortable in carrying out all his/her day-to-day commercial activities like paying bills, booking tickets, shopping, etc., through the smartphone.
The available major operating systems for the smartphones are Android, Windows Phone, iOS, Blackberry and the growing Tizen.
The security threat level to a smartphone user is increasing at a rate equal to the surge in smartphone usage. Each of the above-mentioned mobile operating systems has had security threats. Android is the one that dominates other mobile operating systems in terms of malware count. Android malware’s growth rate is comparable to that for desktop Windows malware.
Generally, a mobile malware reaches a user’s smartphone through one of the following ways:
- Social engineering tricks
- Social networking sites
- Bundled applications (malware packed with good applications)
As there is a financial transaction involved in many user activities, it is advised to download the concerned applications from the recommended official market rather than downloading from any other third-party market. The reason behind this is that there are many malware or fake applications, especially in third-party markets that steal a user’s personal information like credit card details, contacts list, call logs, etc.,which ultimately result in a financial loss to the user by sending out premium-rate SMS messages that cost money or by downloading other malware applications.
For example, the supposed first iOS malware FindandCall hacks the contacts list from the victim’s device and sends it to a remote hacker. The hacked contacts list is used for sending out spam messages. Adding to this, the recent “Inception” malware identified with Blackberry devices attacks other operating system like iOS, Android and windows computers as well. This malware also collects various device specific information including call logs, contact information, etc.
It is also identified that there are a few malware applications that come pre-installed on new smartphones as well, as in the case of the Android malware “DeathRing”.
A few advertising applications (adware) identified in the third-party markets install themselves as system level applications. After their installation, the adware apps display unwanted advertisements irrespective of the application currently being accessed by the user. There is a possibility that clicking on such advertisements could download a malware application.
Here are a few of the steps to follow before downloading an application:
- Think twice before you download an application whether you really need it
- Check any documented usage of the application to ensure that it does not perform any functionality separate from your expectations
- Verify the reputation of the application by checking the reviews available
- Avail of the possible application verification feature(s) like “verify apps” in recent Android OSs to identify a malware before installation
In addition the following practices are advised to improve mobile security hygiene:
- Avoid using free Wi-Fi hotspots, in particular those that are not password protected, especially when conducting sensitive transactions such as online payments
- Always password-protect access to your smartphone to protect better against data theft if the phone is lost or stolen
- Install a reputed Mobile Security software such as K7 Mobile Security to stop a malware from infecting your mobile and acting silently in the background.
…to part3: Scareware,Rogue AV & Ransomware
Images courtesy of:
mobileinquirer.com
appmobile.co.za
techmoneyblog.com
K7 Threat Control Lab
If you wish to subscribe to our blog, please add the URL provided below to your blog reader: https://labs.k7computing.com/feed/