We’re obsessed with our phones (especially if they’re smarter than we are). A March 2010 Nielsen study found that, as of the fourth quarter of 2009, 21% of American wireless subscribers used smart phones — and predicts that number will increase substantially by 2011. (That’s out of a whopping 85% of Americans that own mobile devices.) Increasingly, businesses are turning to cellular phones to sell products, and consumers are using them as virtual mobile workspaces. The only problem? Their mobility makes them much, much easier to gain access to.
Curious about the trouble with smartphone security? Want to know what you can do to protect your personal information? Read on:
Surveying The Risks
The risks of storing private information on your phone — just like storing that information on your computer — are many, and often times unseen. Many of us are growing increasingly dependent on our hi-tech phones, through which we can now pay bills, send e-mails, network on social sites, and even deposit checks. But regular feature phones have their dangers too, if you’re using them to store pin numbers and login codes, or send text messages with containing sensitive personal information.
Experienced hackers can easily use this information to take control of your phone and run up phone bills — some up to $25,000. They can also sometimes even access your personal banking data via SMS and transfer funds from your account to one that funds illegal activity. Phone identity thieves can impersonate you, gain access to medical records in order to obtain certain prescriptions, create a whole new identity using bits and pieces of your information, or, simply, ruin your reputation.
Methods of Invasion
In August 2010, MIT’s Technology Review reported that apps developed for “smartphones” like the iPhone or Blackberry might be leaking private information to third-party developers. The APP Genome Project analyzed every app in Apple’s store and in Google’s Android Market, and found that many have “data-harvesting” capabilities that aren’t revealed by the developer — either intentionally, or because they simply didn’t know. Some free iPhone and Android apps try to access users’ location, while others try to access contacts. One app that allows you to change wallpapers even sends user-specific data to a server in China. The worst part? Most developers can’t even tell whether a specific piece of code is malicious or not. And researchers worry that third-party developers with questionable intent might use such data to try and control faraway phones.
Bluetooth Data Acquisition
Bluetooth technology was developed to enable the transmission of documents and other data over wireless connections (your computer to your phone, for example.) Many smartphones have native bluetooth capability that helps them connect to the internet. A typical phone that stores sensitive login information, passwords, encryption keys, bank account numbers, etc. — and leaves Bluetooth as its default setting — can be easily hacked into by intercepting a bluetooth signal and download your information from (usually up to) a mile away.
Opening up a suspicious text message on your phone is probably not the greatest idea if you want to avoid viruses and malware — but, since many phones are internet-compatible, they might have the same vulnerabilities as your regular old desktop computer.
There are a number of preventative measures that one can take to curb phone identity theft. Perhaps the easiest and most obvious one is to always is to keep it physically safe by locking it up when you’re away (or when it’s left charging) and keeping it hidden from plain view during day-to-day activities. Keep the SIM card holder safe, and encrypt your memory card (using built-in phone options.) Use passwords for sensitive areas of your phone — or, better yet, don’t keep sensitive information on there at all. Disable bluetooth when you’re not using it. And, if you’re getting a smartphone anyway, make sure you get one with a reputation for security (the iPhone has Mobile-me, for example, which you can use to remotely wipe your phone of all data — or even trace its location –in case of loss or theft.) And if you don’t want your movements tracked, shut off your phone and remove its battery.
In any event, make sure to report any loss as soon as possible to your phone company, as they can disable the SIM card immediately.