/ 16 February 2011

Smartphones the new El Dorado for computer criminals

Smartphones are the new El Dorado for computer criminals, security experts say, with many owners unaware of the risk or what to do about it.

The issue is not just one for consumers, but for businesses as well as many people use their smartphones or tablets to access corporate networks without authorisation.

As smartphones and tablets have risen in popularity to outpace sales of personal computers, criminals are increasingly targeting the devices, computer security companies say.

“The things that people need to be protected from on PCs they now need to be protected from when using their smartphones,” said Stephen Simpson of AVG, a major anti-virus software provider.

“The threat is not perceived,” Simpson said at the cellphone industry’s annual get-together in Barcelona. “There is a perception that smartphones are more secure than they really are.”

A study for AVG found that 6% of US smartphone owners had had their devices infected with malware that was surreptitiously sending out their credit card details.

There are already about 1 000 different pieces of malware circulating that target smartphones, according to Kaspersky Lab, a leading computer security firm.

One of the most prevalent is malware that has the phone make surreptitious calls or send text messages to premium numbers, landing the criminals fat fees and phone owners with fat bills.

Attractive target
Smartphones are an attractive target for criminals as “there is a lot of money involved, it is an easy job, and it is low risk”, said the firm’s founder, Eugene Kaspersky,

And while the overwhelming majority of people use anti-virus software on their PCs, just a fraction have considered doing so on their smartphones and even fewer have actually done so.

A study in four European countries conducted for Kaspersky Lab found that only 12% of smartphone owners had installed security software on their phones.

This is despite about one-third of people storing such valuable data such as access codes and passwords on their phones and one-third using their phones for online banking.

Oddly, that perception extends to the mobile industry, where at the trade fair this week there are seminars on mobile health initiatives but nothing about safeguarding the health of your mobile.

When Kaspersky started to attended the Mobile World Congress five years ago, most companies could not understand why they were there, although this has started to change, he said.

Kaspersky said people needed to be educated: “Don’t trust everyone, keep your brain on” while using smartphone applications.

Smartphone owners will begin using anti-virus software as they become victims or someone they know does, he said, and “in a few years 90% of people will have anti-malware or mobile security software installed”, the same level as for PCs.

‘Mobile devices are the weak link in corporate networks’
Kaspersky Lab announced at the Mobile World Congress a new version of its smartphone software that supports BlackBerry telephones and smartphones running on the Google-backed Android operating system.

AVG recently released an app to protect Android phones, which, like its flagship PC product, is free.

Both programmes have features that help users pinpoint lost phones and remotely lock and wipe their memory if necessary.

Another company, Open Kernel Labs, announced a security suite aimed at the business market.

“Mobile devices are the weak link in corporate networks,” said the company’s chief executive and founder, Steve Subar.

Employees have bought smartphones and tablets on their own and want to use them for work. These connections, if left unsecured, present risks to companies, as infected phones could reveal network access codes as well as confidential documents.

Open Kernel’s SecureIT Mobile Enterprise allows companies to secure employees’ private smartphones, which also saves the company the price of acquiring and issuing handsets. — AFP