Thursday 12 January 2012

SmartPhone App Security Advice

Smartphones really are a fraudster’s paradise, there are so many opportunities for fraudsters to monetise from them. From Rogue Malicious Apps sending premium rate text messages costing up to £6 a text, to stealing the personal information and passwords held on them. And there are even further fraud opportunities with smarphones being increasingly used for making Payments and with Online Banking. These factors together with a general smartphone user security naivety, are a major incentive for the bad guys to target these little handheld cash cows.
So it is no surprise cyber attacks targeting smartphones are rapidly increasing in the UK, "800% increase in cyber attacks on smartphones" (Nov 11) http://www.mirror.co.uk/news/top-stories/2011/11/07/800-increase-in-cyber-attacks-on-smartphones-115875-23543307/.   In this post we will look at how to go about protecting against one of the most commonly successful attacks at the moment, namely safeguarding against rogue malicious Apps.

Rogue Smartphone Apps
Most malicious or "Rogue" Smartphone Apps are Trojan Apps. A Trojan App can look very professional within the AppStore and once downloaded may well operate as expected and serve the purpose you wanted it for. However once downloaded and used, a Trojan App will perform malicious operations without your knowledge in the background. So the App may well be an entertaining game you play, but as you play the App sends premium rate text messages, suppressing all text message notifications on your phone, so you don't know its happening. The monetisation of the scam is the text messages are going to a premium rate line operated by the fraudsters, costing you £3 each time the App texts. You may not find out until your mobile phone company gets in contact or you clock very high text message costs on your bill. Of course by this time the bad guys will have cashed out and closed the text line.

Rogue Trojan Smarphone Apps can potentially appear within any of the major AppStores, whether it is operated by Apple (iPhone), RIM (Blackberry), Microsoft (Windows 7) or Google (Android).  Most of these suppliers do perform security testing against Apps for malicious elements before allowing them to be placed in their AppStores.  However it is fair to say the majority of rogue Apps have appeared on Google's Android, with Google removing 27 Rogue Apps just last month (Dec 11). http://www.bbc.co.uk/news/technology-16177013.

Given the 100,000s Apps in AppStores today, and the 1,000s of new Apps which are released every week, there is always the potential new rogue Apps could slip through any of these smartphone heavyweights AppStore security nets, therefore user vigilance is necessary.
5 Steps to Protect Against Rogue Apps
1. Be sure to update your Smartphone (operating system) software as often as possible. These updates often add security features and resolve security vulnerabilities, which can prevent Rogue Apps successfully operating.
2. Before downloading a new App, check and read through the reviews of the App. If the App is dodgy and has been around for a while, no doubt someone will have complained and added a warning in a review.
3. Be careful when allowing an App access to functions and information on your smartphone. Most smartphones have a security feature built in which requires the user to agree to provide an App with access to the various smartphone functions. For instance it doesn't bode well if an App is requesting permission to access your phone book when it is just a game. Don't blindly tap yes on such requests, always ask yourself whether the App really needs the function or information it is asking for, in order for it to work.
4. Rogue Trojan Apps perform functions in the background.  These functions can have a great impact on your smartphone's performance and battery life. So if your battery is draining much quicker than usual, or your phone is becoming more sluggish following the installation of a new App, be suspicious.
5. Check your mobile bill regularly. Typically most rogue Apps in the UK today, secretly send text messages to premium rate lines, therefore it is prudent to check your phone bill for any unusual or unexpected charges. Make it a habit to check your bill at least once a month or straight away if you suspect something is amiss.

Other Related Posts: