Smart phones offer new frontier for identity theft

As more people switch from traditional cell phones to smart phones, worries have increased that users will fall prey to the same virus and malware problems that can plague personal computers.

Industry experts say they're managing to keep ahead of that threat so far; they're more worried about the possibility of identity theft when a phone is lost or stolen.

With the iPhone and other smart phones, a few taps or clicks can access email accounts, check bank balances, update a Facebook profile and call up calendars and photos.

"What's really going on today is fraudsters and cybercriminals are looking to steal data," said Peter Beardmore, director of product marketing at security company Kaspersky Lab.

"A mobile phone is not a good candidate for a botnet like you have in the PC world, where it can enslave your computer and let it do work to send spam or whatever. But (a mobile phone) is a great candidate to steal user data from."

In one of the most recent high-profile cases of a lost smart phone, a young Apple employee left a prototype of the next-generation iPhone on a Redwood City, California, barstool in March.

The company remotely wiped the phone by the next morning, but not before the patron who found the abandoned device identified its owner by looking at his Facebook page, which was on the phone's display.

Although concerns about mobile malware and viruses have circulated in industry circles for years, there have been few reports of real threats to consumers.

That's in part because infection is a numbers game, meaning perpetrators go after devices in mass quantities, and there are far more PCs in circulation than smart phones.

Wireless carriers also catch some threats, such as spam text messages, before they reach consumers.

Because viruses and malware remain a distant threat to mobile phones, security companies are concentrating their efforts on preventing old-fashioned loss and theft.

"Your average consumer's main concern about their mobile phone is about losing it or having it stolen," said Dave Cole, senior director of product management at Symantec Corp.

This month, as part of an effort to broaden its Norton line beyond PC security, Symantec is launching an application for Google's Android operating system that allows users to remotely lock down or wipe their phone by texting a code to the device.

Symantec's product is not the first of its kind to hit the market. But consumer awareness of mobile security issues is still relatively low, given that threats have been rare and smart phones are just beginning to take off outside of the BlackBerry-toting business world.

According to research firm Gartner, worldwide smart phone sales hit 54.3 million units in the first quarter of the year, up 48.7 percent from the same period in 2009. These devices represented 17.3 percent of mobile handset sales in the first quarter, compared with 13.6 percent in the year-earlier period.

More users could protect themselves by setting a PIN for their device, a simple safeguard that many people neglect, said Randy Gross, chief information officer at the Computing Technology Industry Association. He also advises backing up a phone's data.

The popularity of third-party applications, such as those available for the iPhone or Android devices, provides another potential avenue for cybercriminals to attack smart phones.

So far, carriers, device manufacturers and other industry players have done an effective job of vetting applications from outside developers, Beardmore said.

But he and other security experts advise that consumers stick with programs from trusted publishers.

One of the biggest challenges for the wireless industry is consumer education.

"Maybe because of [the phone's] 24-hour presence, we do take it for granted and don't think about the sophistication or the complexity ... of that device," Walls said.

"This thing is living and breathing and working all the time," he added. "If a carrier is telling you that there's a certain update or upgrade you can easily access to make yourself a little bit safer, take advantage of that."

Staying safe with smart phones

• Take advantage of your phone's built-in security features, such as setting a PIN or password to unlock the device.

• Pay attention to system updates from your wireless carrier and be sure to install required upgrades.

• Back up data such as contacts and documents and sync regularly to keep the information current.

• Don't click on links in text messages from unfamiliar senders.

• Stick with trusted sources and well-known brand names when downloading third-party applications.

Add a Comment