August 26, 2015 — For the longest time, securing wireless communication devices wasn’t high on the OEM’s priority list. And for much of that time, there really wasn’t much of a concern with security on phones, and smart devices in general. But that is starting to change. With the integration of Wi-Fi and web browsing, the same miscreants that attack computer networks have a new vector to compromise data.
In general, the Android and Apple operating systems (OS) aren’t particularly hack-able so the operational components are safe. The value in hijacking a smart phone is in what’s on it and what else it can be used for, to attack. Their interest is in things like personal, financial, credit card, and other data, as well as to put it to use as a portal to other devices and systems. That is now possible using a smartphone.
But with Wi-Fi and Internet access, it isn’t just about your data. There is a virtual cornucopia of opportunity with all the social media that most people have on their smartphones. So if you’re hacked, everyone whose data is on your device is a potential target as well.
That is the gravity of the situation, and it is serious. Most consumers are aware of securing their PCs. But few realize that today’s mobile phones are just as vulnerable. And when the Internet of Everything (IoE) materializes, your smartphone will be connected to everything from smart socks to smart cars.
Just recently, a group of researchers from Indiana University, Peking University and the Georgia Institute of Technology revealed some deadly zero-day flaws in Apple’s iOS and OS X, claiming it is possible to crack Apple’s password-storing keychain, break app sandboxes and bypass its App Store security checks. Apple is supposedly not hackable. Well, so much for that theory. Similar conditions exist for Android, as well. And, simply put the term “smartphone hack” into any search engine; pages and pages come up on how to and what hacks are available.
An excellent overview of smartphone security overview, titled “A Window Into Mobile Device Security.” from Symantec. While this report is a few years old and some progress has been made towards addressing these flaws, a significant number of them still exist, in addition to new ones that have been discovered since then.
And another issue is just how easy it can be done. Recently, a cyber-company named iSEC partners demonstrated how texts, cell phone calls and other information were fully able to be disclosed on the Verizon smartphone through the use of a femtocell, which can be bought for under $300!
Today, there are three common methods of cell phone hacking: the first can be done, even when the phone is off, using peripheral technology such as Bluetooth. Hackers can still access your info without your even being aware of it.
Another method, and this has risen to the top of late, is the use of mini-cell phone towers where outsiders can read off cell phone data, or spoofed cell towers (devices that fool the phone into thinking it is talking to a real tower).
Another method of hacking into phones is to reroute the info to an outside source, typically referred to as “man in the middle. This is when a person can get into your phone’s operating system and pass the information onto unscrupulous persons who just wait for information to come to them.
We are just scratching the surface, here. But the time has come to start taking smartphone security very seriously. With the IoE, the potential for expanded threats ramps up by orders of magnitude because the devices that will be interconnected will be expanded by those same orders of magnitude.
Meanwhile, there are some things one can do to keep the possibility of being hacked to a minimum:
The point here is that it is time to understand that smartphones aren’t any less vulnerable to hacking than computers or other networks. It just hasn’t come into the center of the radar screen, yet…but it will. Let’s hope we are prepared.