Go-everywhere, do-everything phones usher in host of security concerns

Mar 10, 2011 By Victor Godinez

Chances are you lock your door when you leave home, don't leave the keys in the ignition when you run into the 7-Eleven for milk and have at least some kind of security software on your computer. But what about your smart phone?

For many people, a phone these days is a mobile office crammed with valuable contacts, a digital wallet from which you buy songs on or shoes on Amazon, and a portal to your online bank account.

Rather than locking the phones like bank vaults, most smart phone owners treat their devices with as much concern as they do Monopoly money.

According to a survey by data provider , 54 percent of smart phone users do not have a password lock on their phones when they turn them on or wake them from sleep mode.

"I think there's definitely an awareness gap right now," said Mark Kanok, group product manager for the Norton mobile division at Symantec.

"Just a few years ago, your phone was a phone. Then the comes out and people are downloading apps. People are now starting to ask the questions about, 'How is this going to affect my privacy, what happens if I lose it,' things like that."

On top of the dangers of your phone being lost or stolen, there are also a growing number of malicious apps designed to steal data from it or rack up huge texting bills.

Last week, pulled several dozen free apps from its Android market that had been stuffed with damaging code.

Symantec estimated that the apps were downloaded anywhere from 50,000 to 200,000 times in a four-day period before they were pulled.

John Thode, vice president and general manager of the mobility product group for Dell Inc., said many smart phone users don't realize the value of their device until it's gone.

"The reality is that, yeah, whenever you lose your phone or your phone breaks, there's an instant panic that comes around," he said. "Holy smokes, where are my contacts? How do I get back my whole life?"

That concern is magnified when an employer starts giving out to its workers or lets those workers connect their personal devices to the corporate network, said Mary Chan, vice president of Dell's enterprise mobile solutions division.

Chan's group has begun offering security systems and procedures for mobile devices on corporate networks.

She said a compromised phone with access to a corporate network can wreak havoc.

"I think most of the IT and CIO folks are really concerned about managing the device itself, managing what's being loaded on the device," she said.

Chan pointed to an estimate by research firm Gartner that roughly 300 million smart phones will be connected to corporate networks by 2015, with about half those devices being employees' personal machines.

Much of the security advice for individual smart phone users and corporate managers overlaps.

Only install trusted apps on your phone.

Use Web-based programs that let you remotely track or delete all of the data on your smart phone if it gets lost.

Don't conduct financial transactions over public or unfamiliar Wi-Fi networks, where your data can flow through a hacker's router.

Employers can also take additional steps, Chan said, such as letting employees only install apps from a pre-approved list.

Another option is keeping valuable corporate data only accessible online, rather than letting individual users download it to their phones.

Phone makers and software developers are pushing out some of these tools to smart phone users.

Apple, for example, offers free software on the iPhone and iPad that lets users remotely set up a password lock if the device gets lost or stolen, track it geographically or even wipe all the data from the machine as a last resort.

Norton Mobile Security for Android devices includes a malware scanner that is designed to catch crooked apps before they bite you.

Even with technological protection, user awareness can go a long way.

Simple games and screen saver apps, for example, shouldn't be asking for permission to access your text messages. If they do, you're probably better off canceling the installation.

Strong security software and individual vigilance will become even more important over the next few years as phone makers and carriers adopt a technology that will turn your phone into a wireless digital wallet.

So-called near-field communication, or NFC, systems should make life more convenient, letting you store your credit and debit cards and, eventually, your driver's license digitally on your phone.

You'll simply wave your phone over a scanner at the cash register to pay and be on your way.

But as our phones become more valuable to us, they'll also become a more tempting target for thieves.

"Once NFC starts happening, you're going to see hackers enter this space in a much more substantial way," said Thode at Dell.

Apple is rumored to be including an NFC chip in the next-generation iPhone expected this summer, and Samsung has already released the NFC-equipped Nexus S.

Kanok at Norton said the growing need for better smart phone security seems to be sinking in.

"I think the maturity is a little bit lagging behind where we are on the PC front," he said. "But I think the sensitivity has picked up over the last year."

Explore further: Body by smartphone

3.3 /5 (3 votes)
add to favorites email to friend print save as pdf

Related Stories

Google account users get extra security

Feb 11, 2011

(PhysOrg.com) -- Google announced on Thursday that they are giving their Gmail users additional account security, free of charge. As of Thursday Google account users can turn on a "two-step authentication" ...

Recommended for you

Body by smartphone

12 hours ago

We love our smartphones. Since they marched out of the corporate world and into the hands of consumers about 10 years ago, we've relied more and more on our iPhone and Android devices to organize our schedules, ...

Breakthrough elastic cloud-to cloud networking

14 hours ago

Scientists from AT&T, IBM and Applied Communication Sciences (ACS) announced a proof-of-concept technology that reduces set up times for cloud-to-cloud connectivity from days to seconds. This advance is a major step forward ...

Security CTO to detail Android Fake ID flaw at Black Hat

Jul 29, 2014

Where have you heard this before: A team of security researchers discover a security flaw in Android devices. This is, however, news. This time, experts are talking about a flaw that involves a widespread ...

Software provides a clear overview in long documents

Jul 25, 2014

In the future, a software will help users better analyze long texts such as the documents for calls for bids, which are often more than one thousand pages long. Experts at Siemens' global research unit Corporate ...

User comments : 0