Mobile security threats rise

Digital crooks are turning to mobile malware, SMS spoofing, and worse as people move toward smartphones and tablets.

Security threats to your mobile device lurk as malware, fraudulent lures such as SMS spoofing, and toll fraud, but they're all becoming favorites of digital crooks as people move away from using PCs and toward smartphones and tablets, according to a new report.

Such cybercrime is worth big money, whether it happens on your PC or smartphone. Cybercrime in 2011 cost consumers $110 billion worldwide and $21 billion in the United States, according to Symantec's recently released annual Cybercrime Report (PDF).

But online crime may soon cost us more. The frequency of mobile threats doubled between 2010 and 2011, Symantec says, and 35 percent of online adults worldwide have either lost or had their mobile device stolen, exposing them to identity and data theft.

In its report, Symantec defines mobile cybercrime as unsolicited text messages that captured personal details, an infected phone that sent out an SMS message resulting in excess charges (typically known as toll fraud), and traditional cybercrime such as e-mail phishing scams.

It sounds like your cell phone is open to some nasty threats, but is mobile security really something you should be worrying about? Does your smartphone need the same kind of 24/7 threat detection that your PC does?

No doubt, mobile devices are the next big target for malicious actors looking to make a quick buck. During this year's Black Hat conference in Las Vegas, for example, vulnerabilities were demonstrated against popular technologies used in mobile devices such as near field communication, baseband firmware, and HTML 5.

The problem is that while mobile threats may be rising, it's unclear just how prevalent these issues are in the United States. Symantec's statistics, for example, say that 31 percent of mobile users in 2011 received a text message from someone they didn't know or an SMS requesting they click on an embedded link or dial a certain number to get a "voicemail." All of these techniques are tricks the bad guys can use to inject malware onto your phone or attempt to trick you into handing over personal data.

But that 31 percent of users is a worldwide statistic based on interviews with more than 13,000 people in 24 different countries around the globe. Symantec also said it found the highest incidence of cybercrime in countries such as Russia, China, and South Africa where the rate of victimization ranges from 80 to 92 percent. High incidences of cybercrime in concentrated areas can often skew worldwide results, especially when those areas are highly populous nations such as China and Russia.

Lookout Weighs In

Lookout Mobile Security also recently released its annual mobile security report and noted that toll fraud, where malware secretly contacts high-priced SMS services that slap hidden charges on your mobile bill, is currently the most prevalent type of mobile malware. But this type of activity primarily affects users in Eastern Europe and Russia, the security firm says.

Links to malicious Websites, however, are a concern for mobile device users in the United States. Around four in ten American users are likely to click on an unsafe link, according to Lookout. Malicious links can come from e-mail, social networks, or the SMS-based spam and phishing techniques that Symantec described.

If you're an Android user, you should also be aware that your platform is the most popular target for malware creators, according to a recent report from security firm McAfee. That's hardly a surprise given the open approach Google takes to apps on Google Play as well as the fact that Android is the largest smartphone platform in the world.

One popular trick is to create an app that looks like a more popular program such as Angry Birds and bundle that fake app with malicious software. Lookout in late 2011 uncovered just such a scam in Google Play used for SMS toll fraud; however, that scam affected users in Europe and parts of Western Asia, not North America.

Mobile security threats are apparently on the rise, and this trend is bound to grow as more people turn to using smartphones and tablets in their everyday lives. For now, however, it appears the best approach for North American users to practice mobile security is to be wary of what you download and the links that you click on.

Make sure you're downloading genuine apps and not imitations from app stores such as Google Play or GetJar. Signs to look for in trusted apps include a large number of good user reviews written in coherent English, a link to the app developer's website to see if the app is actively supported, and the number of users an app has. 

Beyond apps, just as on a PC, never click on a Web link purporting to be from a bank or other financial institution, especially if that link comes to you via SMS.

Mobile devices may be the next frontier for malware creators, but as with PCs, the best defense is to use common sense and be on your guard for incoming scams via e-mail, social networks, and text messages.

Connect with Ian Paul (@ianpaul) on Twitter and Google+, and with Today@PCWorld on Twitter for the latest tech news and analysis.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place