Community

Join the Community

21,471
Expert opinions
43,731
Total members
344
New members (last 30 days)
119
New opinions (last 30 days)
28,521
Total comments
Join Sign in

Mobile Phone Operating System Insecurity

2 comments
Robert Siciliano
Robert Siciliano
Security Analyst
Safr.me
Location
Boston
Followers
9
Opinions
843
Unfollow

As more online retailers introduce mobile ecommerce applications, criminal hackers are taking notice. Existing mobile operating systems are under attack and, like standard PC operating systems, they sometimes fail to provide the necessary security to support a payment application.

Current research is primarily geared towards securing mobile payments, but there is a lack of coordination between mobile payment developers, device manufacturers, and mobile operating system platform developers. Hackers are taking advantage of the loophole created by this lack of coordination.

Mobile phone spyware has been a concern for years. Legitimate software companies sell mobile phone spyware that allows the user to monitor a spouse, kids, or employees. And criminals deploy mobile phone spyware, as well.

Beijing-based mobile security services firm NetQin Technology reports that an application called Xwodi, which allows third parties to eavesdrop on cell phone conversations, has infected more than 150,000 phones in China. Apparently, the malware targets mobiles running the Symbian platform, and monitors phones by silently activating the conference call feature or microphone.

One security company, Trusteer, informed The New York Times, “Mobile users are three times more likely to fall for phishing scams than PC users…because mobile devices are activated all the time, and small-screen formatting makes the fraud more difficult to spot.” In the same article, another mobile security firm, Lookout, claimed that in May 2010, 9 out of 100 phones scanned for malware and spyware were infected. That’s up from 4 out of 100 infected phones in December 2009.

Protect yourself by refraining from clicking links in text messages, emails, or unfamiliar webpages displayed on your phone’s browser. Set your mobile phone to lock automatically and unlock only when you enter a PIN. Consider investing a service that locates a lost phone, locks it, and if necessary, wipes the data, as well as restoring that data on a new phone. Keep your phone’s operating system updated with the latest patches, and invest in antivirus protection for your phone.

 

Sponsored

This content has been created by the Finextra editorial team with inputs from subject matter experts at the funding sponsor.

4585

Share

 
 
 
 
 

Channels

/security /regulation & compliance

Comments: (3)

A Finextra member 

Apple iPhones now come with a remote wipe facility (providing you have subscribed to their Mobile Me service). Here is how: http://www.macworld.com/article/141605/2009/07/remotewipe.html
There is also the capability for administrators to remotely wipe Company 'phones for iPhones and Blackberries. For non-corporate owners, BlackBerry Protect is now available as a downloadable application from their appworld (also has a geo-locate-as-I-left-it-in-the-office and loud-ring-from-where-it-dropped-under-sofa function as well as remote wipe if it has been stolen ... unless you have encrypted it). However Android 'phones need third party security applications, such as the one offered by F-Secure or McAffee WaveSecure.
Remember also to wipe your 'phone, e.g. by reverting to factory settings, if you hand it back in to IT or sell it on e-bay... http://www.tuaw.com/2009/08/23/dont-forget-to-wipe-your-iphones-data/

Robert Siciliano

Robert Siciliano Security Analyst at Safr.me

Author

Thanks Mary!

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

There's another aspect to security, where I believe mobile scores well over PC, although it calls for an application design mindset that leverages the full power of mobile technology instead of treating it merely as a mobile-version of a PC-based application. 

Let me recount my last three mobile "commerce" transactions from three different apps: (1) Check bank balance (2) View stock portfolio (3) Order an additional channel from my satellite TV provider.  

On thing is clear: Each of these transactions works ONLY from a registered mobile phone # (mine), which can emnate ONLY from one handset (mine, again).

Thanks to SIM, "device authentication" is elementary to mobile technology. Judging from my experience it seems possible to incorporate it easily into any mobile app. I doubt if this is the case with PC-based applications. Besides, mobile phones are on all the time and carried almost everywhere, so configuring a mobile app to only work on a single handset is hardly a restriction. This can't be said for PC-based applications. 

Robert Siciliano
Robert Siciliano
Security Analyst
Safr.me
Member since
04 Feb 2009
Location
Boston
Followers
9
Following
0
Opinions
843
Unfollow

Most Security Awareness Training is Insufficient and Should Lead to Consequences

AI Spoofed Sites Lead to $50 Million Investment Scams

How and Why “Fun” AI Generated Spam On Social Media Will Manipulate the 2024 Election

Artificial Intelligence and Organized Crime Sitting In a Tree…

Why EVERYONE is Resistant to Engaging in Security Practices and How to Fix It

See all Opinions from Robert

More expert opinions

Nicole Pienkos

Nicole Pienkos Head of Regional Banking at FIS

Four Strategies to Grow Deposits

1

Sergio Barbosa

Sergio Barbosa CIO of Global Kinetic, and CEO of FutureBank. at Global Kinetic and FutureBank

Innovation doesn’t have to become collateral damage to FI legacy system budgets

Sergiy Fitsak

Sergiy Fitsak Managing Director, Fintech Expert at Softjourn

One Year Since the FedNow Launch: What You Should Know

Mete Feridun

Mete Feridun Chair at EMU Centre for Financial Regulation and Risk

What does the EC’s postponement of the FRTB mean for the industry?

See all opinions

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

21,471
Expert opinions
43,731
Total members
344
New members (last 30 days)
119
New opinions (last 30 days)
28,521
Total comments
Join Sign in

Trending

Sergiy Fitsak

Sergiy Fitsak Managing Director, Fintech Expert at Softjourn

One Year Since the FedNow Launch: What You Should Know

Mete Feridun

Mete Feridun Chair at EMU Centre for Financial Regulation and Risk

What does the EC’s postponement of the FRTB mean for the industry?

Oleksandr Strozhemin

Oleksandr Strozhemin Co-founder and CEO at Trinetix

Top 3 Key Challenges of Accelerating Digital Dexterity

Elaine Mullan

Elaine Mullan Head of Marketing and Business Development at Corlytics

From bias to buy-in: the behavioural economics advantage in RegTech sales to financial institutions

Now Hiring

All companies

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept