source from: http://www.nytimes.com/2011/02/24/technology/personaltech/24basics.html
by: RIVA RICHMOND
More consumers are buying smartphones. So more criminals are taking aim at those devices.
Criminals still prefer PCs for stealing personal data, bank and credit card account numbers as well as for running frauds. However, most PC attacks focus on Microsoft’s decade-old Windows XP operating system, which is slowly being replaced by the more secure Windows 7. Over the next few years, hackers will have to find new targets.
With smartphones outselling PCs for the first time — 421 million of the hand-held computers are expected to be sold worldwide this year, according to market analysts at IDC — the long-predicted crime wave on hand-held devices appears to have arrived. According to the mobile-security firm Lookout, malware and spyware appeared on 9 out of 100 phones it scanned in May, more than twice the 4-in-100 rate in December 2009.
In fact, the most practical rule for protecting yourself is to start thinking of the smartphone as a PC.
Most malicious incidents on mobile devices involve bogus phone or text-message charges or rogue mobile applications, of which there are now more than 500 varieties, according to F-Secure, a Finnish security firm. All these ruses require users to take some kind of action, like clicking to accept or install a program, so caution while using mobile devices can prevent most problems. (However, experts warn that automated attacks are possible and could emerge in the future.)
Most attacks happen in Eastern Europe and China. An overwhelming number — 88 percent, according to F-Secure — have singled out devices running Nokia’s Symbian operating system. Symbian is the world’s most commonly used smartphone platform, but Nokia said this month that it would be replacing it over the next few years with Microsoft’s Windows Phone operating system.
Early attacks, like the Cabir and Commwarrior worms in 2004 and 2005, caused little damage. But since 2009, attacks have grown more menacing. In September, hackers trying to steal money from accounts at a Spanish bank installed malicious applications on Symbian devices when they synced to home PCs infected with a version of the ZeuS malware. The application enabled criminals to reply to security codes sent by the bank to validate cash transfers.
Such assaults could be a preview of what is to come for devices popular in the United States. Criminals have attacked phones running on Google’s Android, Research In Motion’s BlackBerry, Apple’s iPhone and Microsoft’s Windows Mobile operating system software, suggesting that more is ahead.
Some experts believe that Android will become a top target for malware because anyone can create and distribute an app anywhere on the Web. Google does not check apps for security issues but has instead imposed technical hurdles to thwart malicious activity. For instance, apps run in a “sandbox,” a closed environment where they cannot affect one another or manipulate device features without user permission. Google removes from its official Android Market any apps that break its rules against malicious activity.
Ten attacks have been directed at Android users, including a malicious program called Geinimi that appeared in third-party Android app markets in China in December. This addition to legitimate applications, primarily games, allowed hackers to manipulate text messages, steal contact lists, place calls, visit Web sites and quietly download files.
The attacks underscore the importance of exercising care when downloading mobile applications. Users should install apps only from sites they trust. They should research apps to ensure they are not malware. A smartphone is “a microcomputer in your hand, and you can have Trojans and worms and viruses like a PC can,” said Andy Hayter, anti-malcode manager at ICSA Labs, an independent security-testing firm owned by Verizon.
No comments:
Post a Comment