Smartphones aren’t the prime target of virus writers — yet. Hackers are ramping up their efforts, however, unleashing a variety of attacks that specifically target smartphone owners.
In the past year, “we’ve noticed a 900 percent increase of malware for mobile devices that run the Android OS,” said Catalin Cosoi, global research director at Romanian security firm Bitdefender. “Although some of the samples are oriented towards profit, by sending text messages or phoning to premium-rate numbers, the wide majority [are] focused on extracting personal information from the device, such as contacts, text messages, browser history and GPS location.”
So, without further ado, here are the top eight terrible threats that smartphone owners should be aware of.
A short text-messaging variation on phishing attacks, smishing uses text messages to trick victims into calling a fake bank or credit card company and divulging his or her account number and password, under the pretext of needing to confirm a purchase or update security settings. When the customer calls the texted number, a voicemail system set up by the cybercrook records the account number and password.
Everyone wants a free ride, so some hackers set up free Wi-Fi hotspots in public places such as parks, cafes, and airports. Unsuspecting users who log onto the hot spot are then monitored for passwords, credit card numbers, and account information.
First demonstrated on connected car systems such as GM’s OnStar that allow owners to remotely unlock or start their vehicles, war texting is a hacking technique that sniffs out the codes used to communicate between a smartphone and a car. Once the codes have been uncovered, the hacker can unlock and start the vehicle without a key. In some cases, the criminal may also be able to track the car if someone else is driving it.
A sophisticated method of intercepting cellular calls, baseband hacking exploits vulnerabilities in the chips and firmware used in both iPhones and Android-based smartphones. Such attacks use the phone’s baseband processor to turn it into a listening device that allows the intruder to eavesdrop on conversations. However, it requires knowledge of the firmware in these phones, as well as setting up a temporary cellular node (essentially, a fake cellular tower).
Open Hot Spot
Many smartphone owners use their own phones to create an instant hot spot so that their laptops can get online. That’s fine, as long as one creates a strong password requirement (letters and numbers) to sign into the hot spot. Otherwise, hackers may be able to gain instant access to your connection and your communications.
Bluetooth device-pairing default passcodes for smartphones are usually “0000” or “1234.” For convenience’s sake, many users never change the defaults; that’s a mistake that can give an attacker access to all your messages and contacts. Additional Bluetooth attacks have also been demonstrated (so-called “fuzzing” attacks) that overwhelm and crash a device using Bluetooth signals.
Text messages, Facebook postings, and Twitter tweets are rampant with shortened URLs thanks to services such as bit.ly. Unfortunately, shortened URLs are being used to hide malicious sites and software, leading surfers astray to porn sites, spam pages, and worse.
The One-Minute Attack
The problem with smartphones is that they are always on, which means that a smart hacker can attack quickly and get out before the victim is aware anything is wrong. That’s the idea behind Android.Spyware.GoneSixty.Gen, an attack recently discovered by Bitdefender. Once installed on a phone, it sends all messages, recent calls, browsing history, and other information to a remote location and then uninstalls itself. All this takes place in less than sixty seconds.
©2012 Off the Grid News