Smartphone scams gaining traction

The days of feeling safe using a smartphone are numbered — if not gone — say security specialists, because scammers see them as the new frontier for fraud.

The days of feeling safe using a smartphone are numbered — if not gone — say security specialists, because scammers see them as the new frontier for fraud.

Internet security experts warn that smartphone scams will take off in 2011. ((Jeff Chiu/Associated Press))
The exploding popularity of mobile devices and their many software applications is already being exploited by those out to steal personal information.

"We think 2011 is the year of the threat to the mobile device, particularly the mobile app," said Dave DeWalt, chief executive of McAfee Inc. security software.

There are about 20 new computer tablets coming out, "tons" of new smart devices and literally hundreds of thousands of applications being developed for them, DeWalt said in an interview.

"There's an ecosystem of application developers who are building applications with the sole purpose of downloading to a mobile environment, making it very viral and then actually stealing from you," he said.

Next year, it's expected there will be more consumer warnings and research into these kinds of threats, DeWalt said.

"You will now see that for mobile apps in a much bigger way," he said.

Games especially vulnerable

Games are particularly vulnerable to malware because they are the most shared, social-network oriented mobile applications, and players enter personal information on their sites.

People playing games on their smartphones are particularly vulnerable to Trojans. ((Eric Risberg/Associated Press))
Dan Shey of New York-based ABI Research said it's up to an app store or website to ensure that their software applications aren't concealing some form of malware.

But Shey noted that even signed certificates saying an application has been reviewed, tested and approved for use on a device aren't always foolproof.

He said the "Sexy Space" Trojan, disguised as a legitimate application, was introduced in 2009 and had a valid certificate from the Symbian operating system that was issued to a company in China before its true purpose was discovered. It let attackers send a link via text message to a malicious website, prompting a mobile to download the worm. Then, it would send similar text messages to all contacts listed on the phone.

Shey predicts the biggest threats to smartphones and tablets in 2011 will be phishing attacks. These will lure people to fake websites and trick them into giving away credit card and bank account numbers, user names and passwords.

"Essentially, mobile has increased the number of channels available for phishing attacks," said Shey, practice director of enterprise at the technology research company.

Security threats to mobile devices will become more common based on the simple math that more and more people use them, Shey said. By 2015, smartphone use among mobile voice subscribers is expected to exceed 60 per cent.

Mobile commerce ups the risk for fraud

Mobile commerce on smartphones also could come under attack once the technology is more widely used by retailers to allow consumers to pay for coffee, sandwiches and other small items using their phone.

Models display Samsung's new Galaxy phones running Google's Android operating system at Samsung headquarters in Seoul. Google's aggressive promotion of mobile commerce on Android phones opens the door for cybercriminals. ((Wally Santana/Associated Press))
Senior security researcher Kurt Baumgartner said Google is pushing mobile commerce on Android smartphones, and he expects Apple to follow suit, opening a door for cybercriminals to exploit any weaknesses.

"The devil is in the details, and a lot of the time, the encryption is not implemented properly or how the data is being handled is not necessarily being implemented properly," said Baumgartner, who works for Kaspersky Lab, an antivirus, internet and mobile security company.

DeWalt said when the U.S., Canada and Europe reach a level where consumers are commonly using their mobile phones to pay for goods, anti-virus software will either be embedded into the device or provided by a telecom company.

DeWalt predicted antivirus software will likely come first on tablets and noted there already are products to recover lost information and to locate a lost device.

Symantec's Marc Fossi said there will be enough smartphones and mobile devices with common operating systems that cyber criminals will create malicious code that targets them.

"While we haven't seen a lot of specific threats directed at these devices, I think that we're getting closer to that sort of tipping point," said Fossi, manager of development at Symantec Security Response in Calgary.

By mid-2010, more than 300 vulnerabilities were reported on Apple's iPhone, Fossi said, noting it's the same software that the iPad tablet uses.

"We also saw some vulnerabilities on the Android platform," he said, referring to Google's open source operating system that powers a number of Samsung, HTC and LG smartphones.

PCs also can expect the year to bring more malware and more spam.

Fossi said 88 per cent of all email is spam.

"Cyber criminals are making enough money that they can hire good programmers to write this stuff for them," he said.