Your smartphone: A new frontier for hackers
LAS VEGAS — Hackers are out to stymie your smartphone.
Last week, security researchers uncovered yet another strain of malicious software aimed at smartphones that run Google's popular Android operating system. The application not only logs details about incoming and outgoing phone calls, it also records those calls.
That came a month after researchers discovered a security hole in Apple.'s iPhones, which prompted the German government to warn Apple about the urgency of the threat.
Security experts say attacks on smartphones are growing fast — and attackers are becoming smarter about developing new techniques.
"We're in the experimental stage of mobile malware where the bad guys are starting to develop their business models," said Kevin Mahaffey, co-founder of Lookout Inc., a San Francisco-based maker of mobile security software.
Wrong-doers have infected PCs with malicious software, or malware, for decades. Now, they are fast moving to smartphones as the devices become a vital part of everyday life.
Some 38 percent of American adults now own an iPhone, BlackBerry or other mobile phone that runs the Android, Windows or WebOS operating systems, according to data from Nielsen. That's up from just 6 percent who owned a smartphone in 2007 when the iPhone was released.
The smartphone's usefulness, allowing people to organize their digital lives with one device, is also its allure to criminals. All at once, smartphones have become wallets, email lockboxes, photo albums and Rolodexes.
And because owners are directly billed for services bought with smartphones, they open up new angles for financial attacks. The worst programs cause a phone to rack up unwanted service charges, record calls, intercept text messages and even dump emails, photos and other private content directly onto criminals' servers.
A criminal doesn't even need to tailor his attacks to a mobile phone. Standard email-based "phishing" attacks — tricking people into visiting sites that look legitimate — work well on mobile users.
The small screens make it hard to see the full Internet address of a site you're visiting, and websites and mobile applications working in tandem train users to perform the risky behavior of entering passwords after following links, new research from the University of California at Berkeley has found.
When it comes to security, smartphones share a problem with PCs: Infections are typically the responsibility of the user to fix, if the problem is discovered at all.
Still, mobile users have an inherent advantage over PC users: Mobile software is being written with the benefit of decades of perspective on the flaws that have made PCs insecure.
But smartphone demand is exploding, with market research firm IDC predicting that some 472 million smartphones will be shipped this year, compared with 362 million PCs. As a result, the design deterrents aren't likely to be enough to keep crooks away from the trough.