[pullquote_left]Free Isn’t Necessarily – IEEE Fellow Jeffrey Voas[/pullquote_left] Free apps may seem appealing, but according to the IEEE if it’s too good to be true then it probably is. Experts at IEEE – the world’s largest technical professional association – say smartphone owners are increasingly paying a high price for free mobile applications, with 2012 set to be a disruptive year of widespread mobile hacking.
Research by IEEE Fellow Dr. Jeffrey Voas in the US has so far uncovered malware in more than 2,000 free smartphone apps. Voas says free, rogue applications like this will be the most common access-point for hackers over the next year.
[quote]”The issue with free apps is that you’re paying a price you don’t know about…Of free mobile applications, approximately 1 in 100 now visibly contain malware – and that doesn’t even account for the ones where the malware is so hidden it’s impossible to spot. This number is growing by the day and with most of these rogue apps offering good functionality for free, it’s easy to be victimized.” Jeffrey Voas, coputer scientist at the National Institute of Standards and Technology (NIST).[/quote]
Dr. Madjid Merabti, an IEEE Senior Member and Professor of Networked Systems at Liverpool John Moores University, UK, says while the public has been trained to recognize cyber-security threats associated with their PCs and laptops, they do not see their smart phones as computers and subject to the same threats. And in some ways those threats are even worse.
[quote]”Unlike on a PC, where web browsers often give plenty of warning about dodgy websites with warning lights and alerts, the screens on smart phones are too small to display this protection…These devices contain identifying information, potentially saved passwords, and authentication details, and are much more likely to be misplaced or stolen than other larger portable computing equipment.” – Dr. Madjid Merabti[/quote]
Kevin Curran, a Senior Member of the IEEE and Head of the School of Computing and Intelligence Systems at the University of Ulster, UK, says businesses will be the main victims in 2012. “With more people using the same phone for business and personal reasons, the upsurge in smartphone hacking presents a real issue for businesses as well as consumers,” he says. “A company can have all appropriate firewalls in place, but it takes just one employee to download malware onto their phone. In fact, with more senior employees using phones for work, it is likely to be C-suite executives exposing businesses to vulnerabilities.”
According to Curran, a “trusted app” approach is needed to combat hackers, something he hopes can be in place by 2013. He says he expects an increased number of people hacked via mobile phones in 2012 will motivate the industry and governments to define and implement such a system.
IEEE and its members are responding to the growing cyber-security threats by sharing knowledge and understanding through publications such as IEEE Security & Privacy as well as the Silver Bullet Security Podcast with Gary McGraw. You can subscribe to the security podcast here. IEEE also holds an annual IEEE Symposium on Security and Privacy, with the next one being held 20-23 May 2012 in San Francisco. The full proceedings of the 2011 conference are available free online. In addition, IEEE’s 2012 International Conference on Information Security and Intelligence Control will be held 14-16 August 2012 in Yunlin, Taiwan.
The overall message may be a scary one, but the important thing to remember is that free isn’t always free. Staying safe on your phone is the same as staying safe on the internet, steer clear of anything suspicious and always do your research.
