Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Mobile Assassin

Jaime Blasco | April 2, 2012
An ethical hacker’s view on the dangers of mobile malware and what steps to take to stop it.

That said, as market share moves and rogue programmers perfect their code, it would be foolish to think that any particular operating system will remain infallible indefinitely.

Prevention Better than Cure

The most successful form of attack against malware is a defensive stance and in this everyone has a function to perform.

As they're on the front line, phone users themselves must understand the risks, and the criminals' tactics, if they're to practise safe phone use:

Step one - are you already infected

It can be difficult for the end-user to know if they do have any malware on their phones, but there are a few basic factors that can be indicative. Users should regularly check which apps are actually running on their phones. Anything suspicious should be deleted. Indicators that malware is present can also include decreased battery life (because there is something running in the background on the phone) or an increase in data use (as the malware transmits data from the phone).

Step two - block activity

To prevent premium rate number scams, it is important to check your bill regularly for anything out of the ordinary or, better still, contact your provider and block this type of number.  

Step three - prevent infection

There are a number of elements to this that, while not a guarantee, will help minimise malware when used together.

§                Antivirus software for mobile phones is available to download, however it is argued that they can be ineffective

§                Settings on the phone can be changed to prevent installation of content that isn't from trusted sources

§                Just like spam mail, be careful following links sent from contacts within the address book

§                Only use bona fide marketplaces, such as the Google marketplace, to purchase and download apps. Of course the free ones, while attractive, could offer more than you bargained for

§                Check the apps permissions before its downloaded and ensure you restrict them from conducting any unwanted activity.

Regardless of whether the handset is corporate or personally owned, organisations should encourage their workforce to practice the security steps above.

For businesses issuing staff with phones, they should also consider:

§                Installing antivirus software as standard

§                Looking for, and deploying, tools that can manage mobile devices in much the same way as traditional PCs

§                Thinking about device encryption capabilities to avoid data leakages resulting from device loss or left, and perhaps a solution that can remotely locate and destroy AWOL devices

§                Where possible, restricting and controlling what can and can't be done on the phones

§                (If you can't stop it then) creating and communicating security policies that govern what data can, and can't, be accessed and stored. It is also essential that users understand why this is so important.

 

Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.