The mobile devices of late have more compute power than the full desktop PC of yesteryear, and they fit it your pocket, great news for folks “on the go.” And since you’re so multi-tasked anyway, why not load it up with things to make your life easier, after all, it’s really a phone with a few embellishments, right? During the app install (while you wait for the trolley) it asks inane questions about permissions, but you plow right through and get on the trolley, can’t miss the trolley, right?
Problem is, many folks “on the go” carry more and more personal information on these handy devices, and eventually they have your whole life on them. I’ve turned around and driven miles back home to get my Android if I’ve forgotten it, we’re glued to them. Turns out prying eyes have also figured this out, so now you can be robbed while in traffic, using nothing more than a malicious app. You download an app, use it a few times and forget it, or move on to the next one. But in the background, it’s potentially harvesting the rich personal information you have typed, touched and tapped in, building a profile and sending it down the line to the highest bidder, all without you knowing.
A recent report from Trusteer points this out. According to their estimate, 1 in 20 mobile devices of various families will be infected with financial malware in the next 12 months, not too shabby for nasty hackers, very bad for the rest of us. According to Trusteer CEO Mickey Boodaei, “Fraudsters have all the tools they need to effectively turn mobile malware into the biggest customer security problem we’ve ever seen. They are lacking just one thing – customer adoption.” But don’t worry, customers are snapping up the latest fangled mobile devices in droves, and moving their lives slowly (or sometimes quickly) to center around the technology.
As they become more prevalent and we become more integrated with them, we will transact more and more with vendors using our mobile devices. This is where the environment gets “target rich.” Mr. Boodaei continues along this vein, “The number of users who bank online from their mobile devices is still relatively low. Additionally, transactions are not yet enabled for mobile devices on many banks’ websites. Since online fraud is mostly a big numbers game, attacking mobile bankers is not yet an effective fraud operation. But expect a change. In a year from now this is all going to look completely different as more users start banking from their mobile phone and fraudsters release their heavy guns.”
So how do you protect yourself and your financial information in the wake of this disconcerting trend? 2 simple steps will help you get headed in a good direction. These are targeted for people (like me) with short attention spans, you can do much more, but here’s some quick ones that won’t cramp your style too much:
1) take 2 minutes (more if you have it) instead of 1 minute to look around a bit at what other users have to say about an app before you install it. Is the company reputable? Have users had issues?
2) Be careful about allowing escalated privileges to the app when it prompts you instead of just clicking along until it installs. If it’s a simple app, it really shouldn’t be asking to probe the deep recesses of your device, or you should know why.
Also, various vendors are releasing anti-malware products for mobile devices, expect to see more hitting the market down the road. While there is no “magic bullet” for security, mobile or otherwise, an extra minute or 2 of research and a healthy dose of curiosity if something “just doesn’t seem right” will go along ways toward protecting your online life you’ve grown so fond of.
Author Cameron Camp, ESET