Criminal cyber networks have begun creating viruses to hack into mobile phones in order to steal sensitive information off devices which are increasingly becoming mini-computers in our pockets.
After years of developing software to infiltrate computers, experts say overseas-based hacking networks have begun targeting mobile phones because tech-savvy consumers are now using them for so much more than calls.
Until recently there has been little incentive for hackers to develop dubious software – known as “malware” – for mobiles because there was only a limited number of ways to scam people. Most previous scams centred around getting people to text or call premium rate numbers, or by tricking people into giving away their bank details with fake calls.
But the ever growing numbers of smartphones – which allow users to surf the internet, shop online and email from their phones – has created a fertile market for hackers to exploit in a similar way to how they target PCs, experts warn. Software already exists for the iPhone which allows a jealous lover to keep a record of every single call, email or web surf that Apple’s highly popular phone makes. The so-called “spy tool” has to be uploaded manually onto the phone but analysts fear hackers will soon work out how to install such software remotely.
“At the moment the amount of malware out there specifically aimed at mobile phones is thankfully quite low, we're probably where PCs were ten years ago,” says Sean Sullivan, a security advisor at Finnish cyber-security company F-Secure, which has been tracking mobile malware. “But at some point soon someone will develop a killer application that is very successful at hacking into phones and all the bad guys will take notice. Nowadays a phone is probably the single biggest personal database you carry around with you on a daily basis so it has become a sensitive and lucrative device to exploit.”
Earlier this year two viral worms emerged out of China that were the first to infiltrate a mobile phone user’s contact book and send hundreds of spam text messages to their friends. The worms exploited smartphones operating on Symbian OS software which is predominantly used by Nokia. Symbian have since closed the loophole that allowed the virus in but analysts believe such worms could herald the beginning of a new hacking era where criminals target our phones as well as our computers.
“Those two worms were particularly interesting because they were the closest thing we’ve seen on a mobile phone that resembles a bot-net attack,”says Rik Ferguson, a cyber security expert at Trend Micro, referring to the most common type of hacking method used to target ordinary computers. “The cyber security industry is often accused of crying wolf and I think sometimes that is the case. We’ve been warning about malware for mobiles for many years and it lulls people into a false sense of security. But we do now need to start paying attention to mobile phones.”
Because mobile phone users are now using their phones to make financial transactions, Ferguson argues, it is only a matter of time before the hackers start to target mobile devices en masse.
“Without wanting to sound too alarmist, the more people use their phones to carry out sensitive financial transactions, such as banking or shopping online through their phones, the more the same criminal networks that target our computers will start developing ways to attack our phones,” he said.
Fear of hackers was part of the reason why it took so long for Barack Obama to have his White House Blackberry cleared by his security team. Previous Presidents have steered clear of the devices, fearing they could be easily inflitrated.
Mobile phone manufacturers are usually tight lipped about highlighting the potential flaws in their products but last month a senior Google executive admitted that hackers would begin to target mobile phones. “The smartphone will become a major security target,” said Rich Cannings, the head of Google’s Android Security team. “Personally I think this will become an epiphany to malware authors.”
The growth of third party applications which can be downloaded onto our phones is causing particular concern. In an attempt to roll back Apple’s increasing dominance of the smartphone market with their iPhone, Google have developed Android, an open-source software platform that allows those with the know how to create their own applications for phones that use the software.
Google hope Android will create a vibrant community of tech-savvy users who will invent ingenious applications in a similar way to how the iPhone community has benefited from users creating their own “Apps Store”. But while Apple insists on signing off each App before making it available to the pubic – leading to accusations that it is trying to control any applications that might lose them money – Google has taken a more open approach to Android allowing users to develop what they like.
“We wanted developers to be able to upload their applications without anyone stopping them from doing that,” said Cannings. “Unfortunately this opens us up to malware.”
Industry experts are also concerned that unlike computers, most mobile phones have no anti-viral software on them.
A new independent You Gov survey into smartphone users, commissioned by Trend Micro and The Carphone Warehouse, found that over 60 per cent of smartphones contain sensitive information such as log-in details or banking details but only 7 per cent of users have any sort of security measure on their device.
Over half of the 2000+ respondents (54 per cent) admitted to submitting their credit card details via their smartphones to purchase or download items online on the move over the last three months.
“People are simply not aware of the kinds of risks they are exposed to through their mobile devices or the amount of personal information stored there,” Mr Ferguson says. “While more and more companies are encrypting their computers, the same cannot be said of protecting personal data that resides on consumer smartphone devices.”