IEEE Experts Predict Smartphone Hacking Will Soar in 2012 Source: Jeffrey Voas
"Free Isn't Necessarily Free," Warns IEEE Fellow Jeffrey Voas
PISCATAWAY, N.J., Nov. 29, 2011 Experts at IEEE �C the world's largest technical professional association �C say smartphone owners are increasingly paying a high price for free mobile applications, with 2012 set to be a disruptive year of widespread mobile hacking.
Research by IEEE Fellow Dr. Jeffrey Voas in the US has so far uncovered malware in more than 2,000 free smartphone apps. Voas says free, rogue applications like this will be the most common access-point for hackers over the next year.
"The issue with free apps is that you're paying a price you don't know about," says Voas, who is also a computer scientist at the National Institute of Standards and Technology (NIST). "Of free mobile applications, approximately 1 in 100 now visibly contain malware �C and that doesn't even account for the ones where the malware is so hidden it's impossible to spot. This number is growing by the day and with most of these rogue apps offering good functionality for free, it's easy to be victimized."
Adds Voas, "Smartphone users need to remember that free isn't necessarily free. It can lead to hackers accessing all of the information stored on your phone and transmitting it within two to three seconds."
Dr. Madjid Merabti, an IEEE Senior Member and Professor of Networked Systems at Liverpool John Moores University, UK, says while the public has been trained to recognize cyber-security threats associated with their PCs and laptops, they do not see their smart phones as computers and subject to the same threats. And in some ways those threats are even worse.
"Unlike on a PC, where web browsers often give plenty of warning about dodgy websites with warning lights and alerts, the screens on smart phones are too small to display this protection," Merabti says. "These devices contain identifying information, potentially saved passwords, and authentication details, and are much more likely to be misplaced or stolen than other larger portable computing equipment."
Kevin Curran, a Senior Member of the IEEE and Head of the School of Computing and Intelligence Systems at the University of Ulster, UK, says businesses will be the main victims in 2012. "With more people using the same phone for business and personal reasons, the upsurge in smartphone hacking presents a real issue for businesses as well as consumers," he says. "A company can have all appropriate firewalls in place, but it takes just one employee to download malware onto their phone. In fact, with more senior employees using phones for work, it is likely to be C-suite executives exposing businesses to vulnerabilities."
According to Curran, a "trusted app" approach is needed to combat hackers, something he hopes can be in place by 2013. He says he expects an increased number of people hacked via mobile phones in 2012 will motivate the industry and governments to define and implement such a system.
IEEE and its members are responding to the growing cyber-security threats by sharing knowledge and understanding through publications such as IEEE Security & Privacy as well as the Silver Bullet Security Podcast with Gary McGraw. You can subscribe to the security podcast here.    IEEE also holds an annual IEEE Symposium on Security and Privacy, with the next one being held 20-23 May 2012 in San Francisco. The full proceedings of the 2011 conference are available free online. In addition, IEEE's 2012 International Conference on Information Security and Intelligence Control will be held 14-16 August 2012 in Yunlin, Taiwan.
Other resources from IEEE:
        IEEE Spectrum recently reported that there were approximately one million cyber crime victims each day last year across 24 countries.
        Watch an IEEE.tv video interview with McAfee Vice President of Strategy Vimal Solanki on current threats from the 2011 NIKSUN World Wide Security and Mobility Conference.
        The IEEE Xplore Digital Library provides subscribers with both conference proceedings and peer-reviewed, research, including a proposal for an "application lockbox" for mobile device security outlined at the 2011 International Conference on Information Technology: New Generations.
Curran said the numbers game is working to attract hacker attention. "We saw 2011 as the year of the social network attack," he says. "But with the number of smartphone users now representing approximately 20 percent of the mobile market, we will now see an explosion in smartphone attacks, both by technical experts and by novices buying tools from dark websites and conducting low-tech but effective scams. It only takes a couple seconds to steal personal information."
| }
|