Mobile Security Concerns Heighten

Thirty years into the personal computer revolution, most consumers are savvy enough about Internet security to know that they shouldn’t be surfing the Internet without some sort of protection. But those same consumers, not to mention the corporations for which many of them work, think nothing of using their smartphones to conduct all manner of potentially sensitive communication. Not surprisingly, developers of malware are paying attention.

According to Beth Jordan, vp of communications for security software developer AVG, recent research that the company conducted in conjunction with the Ponemon Institute revealed a disturbing lack of consumer awareness regarding the vulnerability of information on a smartphone.

For the research, 734 U.S. smartphone users aged 18 or older were polled. Among the findings: Thirteen percent of surveyed smartphone users said location data had been unknowingly embedded on their handset, enabling others to track their location. Only 21 percent of respondents were aware this could happen.  Six percent of respondents said that mobile applications had transmitted confidential payment information such as credit card details without the users’ knowledge or consent. Only 11 percent of respondents were aware this was possible. And 8 percent said their handsets had been infected by a sort of malware called dialerware that enables criminals to make use of premium services that are then charged to the cell phone owner. Only 10 percent of respondents were aware of this risk.

Jordan says that the researchers asked about 11 of the most common ways in which consumers are taken advantage of in the mobile space. Of the 11, only two had a consumer awareness of more than 50 percent. Additionally, she points out, the “awareness” numbers and the “impacted by” numbers are, in most cases, very close, meaning that, very often, consumers are aware of a potential security problem involving their cell phones because they have already experienced the problem.

According to Chris Wysopal, chief technical officer for Veracode, which has developed a cloud-based mobile app security verification service aimed at big enterprise customers in the healthcare and financial industries, malware embedded in mobile apps and particularly in information downloaded from the mobile web is becoming more and more pervasive.  “The same type of phishing attacks that happened to PC users are now happening to mobile users,” he says. “The browser is smaller; there is less information in the URL. You have to be more careful.”

The problem is especially acute for large companies because of the way in which people use their mobile devices to interact with their workplaces. By attacking a smartphone, malware developers can, conceivably, gain access to sensitive information stored on the phone itself or, using the smartphone to connect to a company’s central databases, do even more damage.

Wysopal thinks that most consumers don’t understand how little security checking is done before an app is uploaded to an app store. “Google doesn’t really do any validation of apps that are uploaded,” he says. “The iTunes store has a policy where they review the app, but it’s unclear what level of security screening they do. I would suspect very little, if any.”

“I think we’re just at the beginning of understanding the risks of the mobile platform,” says Wysopal.

https://staging.digiday.com/?p=457

More in Media

NewFronts Briefing: Samsung, Condé Nast, Roku focus presentations on new ad formats and category-specific inventory

Day two of IAB’s NewFronts featured presentations from Samsung, Condé Nast and Roku, highlighting new partnerships, ad formats and inventory, as well as new AI capabilities.

The Athletic to raise ad prices as it paces to hit 3 million newsletter subscribers

The New York Times’ sports site The Athletic is about to hit 3 million total newsletter subscribers. It plans to raise ad prices as as a result of this nearly 20% year over year increase.

NewFronts Briefing: Google, Vizio and news publishers pitch marketers with new ad offerings and range of content categories

Day one of the 2024 IAB NewFronts featured presentations from Google and Vizio, as well as a spotlight on news publishers.