Smartphone Security Disappearing through Lack of User Protection, New Software Installs, Stolen Device IDs

By: Lee Rickwood

October 3, 2012

By Lee Rickwood

Despite a steadily increasing threat from malware, fraud and theft, less than five per cent of us have security software installed on our smartphones and tablets.

Maybe more personal and corporate users will clue in to that fact and recognize the need to protect their data and their devices, yet only one in five mobile devices will be protected five years from now.

https://whatsyourtech.ca/2012/09/12/apple-establishes-leadership-role-in-mobile-with-iphone-5-release/iphone53/

The safety and security of mobile devices, smartphones and tablets is being compromised by hackers and users alike.

A new report from Juniper encourages mobile operators, device vendors and users alike need to recognize the risks, and also the value of integrating key security features such as ‘Track the Device’ or ‘Lock and Wipe’ into mobile products must be realized.

The report, called Mobile Security Strategies: Threats, Solutions & Market Forecasts 2012-2017, indicates that device loss or theft will continue to increase, and it expects consumer and corporate markets to demand more security solutions in both sectors.

Report author Nitin Bhas expects mobile security apps and other managed services to be bundled by service providers, both to guarantee better customer satisfaction and to reduce customer ‘churn’. Wireless providers will offer device-installed and remote monitor device security services to customers as a value add service and market differentiator.

 

Yet some mobile device threats come from software that’s already installed.

A new privacy bill unveiled in the U.S. Congress would require wireless phone manufacturers, carriers and app developers to inform consumers about monitoring software installed on their devices.

It’s driven by allegations like the ones surrounding the Carrier IQ software that’s pre-installed on an estimated 150 million phones.

It seems to track and log user keystrokes, and while the company said that was a ‘bug’, it did acknowledge that its software does capture the contents of messages, that its software was intended to help mobile carriers to discover the source of network problems, like dropped calls.

Companies like Path and Hipster were also seen as collecting user data without permission.

So the proposed Mobile Device Privacy Act says companies must inform consumers what type is data collected by their apps or services, who will receive the data, and how it will be used.

The proposed law specifies that companies must disclose this information before people purchase phones, and before they install apps with those features.

However, the bill is not likely to see much action ’til next year, due to the American elections.

 

If it or similar bills here in Canada are passed, they may want to include not just third party software or internal tracking tools, but the very nature of mobile devices themselves.

Every smartphone, handset and tablet has its own unique identification, a number that has tremendous value and utility in both legal and illegal activities.

Unique device identifiers (UDIDs) and so-called ‘Push Notification’ tokens can be used to access a device, its content, its connectivity and other features without the user’s knowledge or permission.

The issue came to light recently with word that the unique identifiers of more than a million – some say 12 million – Apple iOS devices were stolen, perhaps from the servers of a Florida-based digital publishing and distribution firm.

BlueToad has developed iOS and Android apps that magazine and newspaper publishers can use to distribute some 2,000 titles and related content to mobile users.

“A little more than a week ago, BlueToad was the victim of a criminal cyber attack, which resulted in the theft of Apple UDIDs from our systems,” Paul DeHart, CEO and president, said in a recent blog post. “Shortly thereafter, an unknown group posted these UDIDs on the Internet.”

The story took a really strange turn when a hacker group posted more than 12 million UDIDs, along with phone numbers, user addresses and zip codes, that it said came from a compromised FBI laptop computer.

The FBI denied the allegations.

In any event, Apple itself is reducing the use and importance of the UDIDs, reports indicate, and apps that utilize them are no longer being accepted.

Bluetoad says it is cooperating with law enforcement and their ongoing criminal investigation of the parties responsible.

Others say the leak is a “privacy catastrophe”, and similar scenarios are likely to be repeated without greater legal protection, industry cooperation and user awareness.

They say our global addiction to social media and smartphones has already led to a spike in the number of people falling victim to cybercrime, and that’s likely to increase.

-30-

 

 submitted by Lee Rickwood


2 comments

  1. Meaghen says:

    Great article. There is definitely huge potential with the mobile industry to further enhance business environments. However, security is a huge factor.

    Meaghen
    Mosaic Technology

  2. Julie Patton says:

    Thanks Lee for the tips on secure software for my smartphone. Yes it has been overlooked by many users. I will follow your advice
    on security features such as ‘Track the Device’ or ‘Lock and Wipe’ into mobile products.

Leave a Reply

Your email address will not be published. Required fields are marked *