The Norman Transcript

August 11, 2013

Cell phone hacking: don’t be a victim


The Norman Transcript

NORMAN — Unless you’ve been living on Pluto for the past 20 years, you probably know that computers need to be protected from the dangers of the Internet. It doesn’t matter if it’s a desktop or laptop computer, the same protections are needed.

But, what about that computer you carry around in your pocket or purse? You know, your cell phone?

Few new cell phones exist that don’t have some sort of Internet connectivity. If you are one of those folks still complaining that you “just want a phone that makes calls and nothing else,” well, I can sympathize. However, like it or not, the unstoppable future has arrived and it’s not going back, so it’s time to adapt.

Most people can’t even tell you what the word “cell” in the phrase “cell phone” means anymore. I guess that’s OK, because “cell” phones are becoming increasingly irrelevant.

Goodbye cell phone, hello “smart” phone.

What exactly makes a phone “smart” is not entirely clear, but one thing is certain: the device responsible for engraving the phrase “smart phone” forever in stone is Apple’s iPhone. Not long after being released, the iPhone quickly surpassed the Blackberry, the former king of smart phones.

With the iPhone offering not only contacts, calendaring and email features, but easy website surfing, photo/video capabilities and the ability to pick from thousands of “apps” (“applications,” AKA, “programs”), the iPhone was a no-brainer. In spite of its limitations and shortcomings, the iPhone was about as close as you could get to having a true pocket computer. Plus, you could make phone calls, too.

Other smart phones have followed, with Android phones (my favorite) surpassing the iPhone in sales and flexibility. The new kid on the block, Microsoft’s Windows Phone, is an unproven platform and its success remains to be seen.

All of this hand-held Internet-connected power has not gone unnoticed by cyber-criminals. In the January 25, 2011 edition of SANS NewsBites, security guru Eugene Schultz predicted, “We are only three or four years away from what will be a massive abandonment of conventional desktop and laptop computing systems in favor of mobile devices, which keep growing in their capabilities and functionality at an amazing rate.”

The bad guys know what the future holds, too, and are preparing to unleash a virus-filled storm of Internet-based attacks targeting smart phones that will take most people completely by surprise. Viruses targeting cell phones have been around for quite a while but have not been a massive problem because there was no real payoff for the Internet crooks in the end.

The new era of smart phones is changing that dynamic. Finally, there is a payoff for bad guys wanting to steal information from mobile devices, such as smart phones and iPads. People are starting to use their highly-insecure phones for activities previously reserved for secure desktop and laptop computers, such as making online purchases, bill paying and banking. People are also downloading potentially dangerous “apps” like there’s no tomorrow, giving no thought to security. The bad guys know this and are targeting smart phones at an accelerated rate.

Not long ago, 10 million iPhone, Android phone and Blackberry users were put at risk by a police speed trap-reporting phone app called Trapster. Criminals somehow figured out how to hack Trapster logins and steal the email addresses and passwords of millions of smart phone users. Following that, smart phone apps from USAA, Chase, Wells Fargo, Bank of America and TD Ameritrade were found to have huge security flaws that could allow crooks to steal account user names and passwords.

Again, quoting Eugene Schultz, “Most mobile application developers do not consider security much if at all when they code, and very little information about the security of mobile applications exists. Given the growing popularity and use of these applications, yet another area plagued with serious security vulnerabilities but without suitable control measures is rapidly overtaking us.”

What this all means is that you would be wise to secure your smart phone computer just like you should secure your desktop or laptop computer. I have a program called Lookout Mobile Security for my Android phone. Security products from Avast, F-Secure, Kaspersky and others exist for Windows, Blackberry and iPhones, and deserve your serious consideration.

A new era of Internet-enabled mobile devices is upon us. Start taking smart phone security seriously now and stay ahead of the bad guys.

Dave Moore has been performing computer consulting, repairs, security and networking in Oklahoma since 1984. He also teaches computer safety workshops for public and private organizations. He can be reached at 405-919-9901 or www.davemoorecomputers.com.