Mobile Security Concerns Heighten

Thirty years into the personal computer revolution, most consumers are savvy enough about Internet security to know that they shouldn’t be surfing the Internet without some sort of protection. But those same consumers, not to mention the corporations for which many of them work, think nothing of using their smartphones to conduct all manner of potentially sensitive communication. Not surprisingly, developers of malware are paying attention.

According to Beth Jordan, vp of communications for security software developer AVG, recent research that the company conducted in conjunction with the Ponemon Institute revealed a disturbing lack of consumer awareness regarding the vulnerability of information on a smartphone.

For the research, 734 U.S. smartphone users aged 18 or older were polled. Among the findings: Thirteen percent of surveyed smartphone users said location data had been unknowingly embedded on their handset, enabling others to track their location. Only 21 percent of respondents were aware this could happen.  Six percent of respondents said that mobile applications had transmitted confidential payment information such as credit card details without the users’ knowledge or consent. Only 11 percent of respondents were aware this was possible. And 8 percent said their handsets had been infected by a sort of malware called dialerware that enables criminals to make use of premium services that are then charged to the cell phone owner. Only 10 percent of respondents were aware of this risk.

Jordan says that the researchers asked about 11 of the most common ways in which consumers are taken advantage of in the mobile space. Of the 11, only two had a consumer awareness of more than 50 percent. Additionally, she points out, the “awareness” numbers and the “impacted by” numbers are, in most cases, very close, meaning that, very often, consumers are aware of a potential security problem involving their cell phones because they have already experienced the problem.

According to Chris Wysopal, chief technical officer for Veracode, which has developed a cloud-based mobile app security verification service aimed at big enterprise customers in the healthcare and financial industries, malware embedded in mobile apps and particularly in information downloaded from the mobile web is becoming more and more pervasive.  “The same type of phishing attacks that happened to PC users are now happening to mobile users,” he says. “The browser is smaller; there is less information in the URL. You have to be more careful.”

The problem is especially acute for large companies because of the way in which people use their mobile devices to interact with their workplaces. By attacking a smartphone, malware developers can, conceivably, gain access to sensitive information stored on the phone itself or, using the smartphone to connect to a company’s central databases, do even more damage.

Wysopal thinks that most consumers don’t understand how little security checking is done before an app is uploaded to an app store. “Google doesn’t really do any validation of apps that are uploaded,” he says. “The iTunes store has a policy where they review the app, but it’s unclear what level of security screening they do. I would suspect very little, if any.”

“I think we’re just at the beginning of understanding the risks of the mobile platform,” says Wysopal.

More in Media

YouTube is under fire again, this time over child protection

Adalytics Research asks, ‘Are YouTube advertisers inadvertently harvesting data from millions of children?’

Illustration of a puzzle that spells out the word 'media.'

Media Briefing: Publishers pump up per-subscriber revenue amid ad revenue declines

Publishers’ Q2 earnings reveal digital advertising is still in a tight spot, but digital subscriptions are picking up steam.

Lessons for AI from the ad-tech era: ‘We’re living in a memory-less world’

Experts reflect how the failures of social media and online advertising can help the industry improve the next era of innovation.