All of this hand-held Internet-connected power has not gone unnoticed by cyber-criminals. In the January 25, 2011 edition of SANS NewsBites, security guru Eugene Schultz predicted, “We are only three or four years away from what will be a massive abandonment of conventional desktop and laptop computing systems in favor of mobile devices, which keep growing in their capabilities and functionality at an amazing rate.”
The bad guys know what the future holds, too, and are preparing to unleash a virus-filled storm of Internet-based attacks targeting smart phones that will take most people completely by surprise. Viruses targeting cell phones have been around for quite a while but have not been a massive problem because there was no real payoff for the Internet crooks in the end.
The new era of smart phones is changing that dynamic. Finally, there is a payoff for bad guys wanting to steal information from mobile devices, such as smart phones and iPads. People are starting to use their highly-insecure phones for activities previously reserved for secure desktop and laptop computers, such as making online purchases, bill paying and banking. People are also downloading potentially dangerous “apps” like there’s no tomorrow, giving no thought to security. The bad guys know this and are targeting smart phones at an accelerated rate.
Not long ago, 10 million iPhone, Android phone and Blackberry users were put at risk by a police speed trap-reporting phone app called Trapster. Criminals somehow figured out how to hack Trapster logins and steal the email addresses and passwords of millions of smart phone users. Following that, smart phone apps from USAA, Chase, Wells Fargo, Bank of America and TD Ameritrade were found to have huge security flaws that could allow crooks to steal account user names and passwords.