Trouble for Mobile Phones

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Phone security seems to be a hot topic the past week. My Twitter feed was full of news stories on the latest concerns in keeping safe from malware, smishing and vishing schemes. I can't help but think that some of this increased news is due to the reports about AT&T's problems and the very clear reminder that we have a long road ahead of us when it comes to phone safety.


So what are some of the issues being talked about?


Spencer Ante reported an increase in security flaws in phones -- the number of known flaws doubling between 2008 and 2009, and as smartphone use continues to rise, it would seem to follow that the number of security flaws will only go up in 2010.


At the Krebs on Security blog, the topic is an increase in phone phishing attacks, both in voice calls (vishing) and in text messages (smishing). Credit card fraud appears to be the primary topic of the attacks, with credit unions being the businesses most hurt. According to the blog:

A new report (PDF) from anti-phishing vendor Internet Identity found that credit unions continue to be a favorite target of smishing attacks, and that text-to-phone scams used a toll-free number in about half of the lures sent in the first quarter of 2010.
Internet Identity also tracked at least 118 smishing attacks in the first quarter of 2010, although the company said that number represents a 40 percent drop in these scams over the last three months of 2009.

And finally, Kaspersky Lab reported a surge in malware targeting smartphones. According to an article on Infosecurity, Denis Maslennikov, Kaspersky Lab's mobile research group manager believed the combination of the reduced costs in mobile Internet and the greater use of smartphones means cyber criminals have more resources to exploit. The article stated:

Maslennikov went on to say that new mobile malware boasts a broad range of functionality, including the capability to download other malicious files, detect internet connections or establish new ones, undertake URL redirection and carry out phishing attacks.