The Public Eye with Eric Chabrow

Paying the Price for Those Free Apps

Not Getting What You Don't Pay For: Security
Paying the Price for Those Free Apps

We often don't get what we don't pay for with smartphones and their free apps: security.

That's the conclusion of experts at IEEE, the technical professional association, who in a statement issued Tuesday predict that 2012 will be a disruptive year of widespread mobile device hacking. No wonder. Smartphones represent 20 percent of the mobile device market, and growing, the IEEE experts say, making them attractive for hackers to target.

IEEE Fellow Jeffrey Voas, who also is a computer scientist at the National Institute of Standards and Technology, says his research has uncovered more than 2,000 free smartphone apps containing malware. Rogue applications will be the most common access-point for hackers in the coming year, he says.

See Also: Live Webinar | Special Delivery! Defending and Investigating Advanced Intrusions on Secure Email Gateways

Voas says one of 100 free mobile applications contain malware, and that doesn't account for others where the malware is so hidden it's impossible to spot. "It's easy to be victimized," he says.

Free isn't necessarily free, Voas says: "It can lead to hackers accessing all of the information stored on your phone and transmitting it within two to three seconds."

Uusers who understand threats aimed at their PCs and laptops don't see them with their mobile devices. And, IEEE senior member Madjid Merabit says, threats to smartphones can be worse. "Unlike on a PC, where web browsers often give plenty of warning about dodgy websites with warning lights and alerts, the screens on smartphones are too small to display this protection," says Merabti, a professor of networked systems at Britain's Liverpool John Moores University. "These devices contain identifying information, potentially saved passwords and authentication details, and are much more likely to be misplaced or stolen than other larger portable computing equipment."

It's not just consumer users, but businesses who are exposed. "With more people using the same phone for business and personal reasons, the upsurge in smartphone hacking presents a real issue for businesses as well as consumers," he says. "A company can have all appropriate firewalls in place, but it takes just one employee to download malware onto their phone," says Kevin Curran, an IEEE senior member and head of the School of Computing and Intelligence Systems at the University of Ulster in Londonderry. "In fact, with more senior employees using phones for work, it is likely to be C-suite executives exposing businesses to vulnerabilities."

But there's a silver lining. Developers will be motivated by the increase in smartphone intrusions in 2012 to create trusted apps to combat hackers, Curran says, but he doesn't see that happening until 2013.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.