Tuesday, November 02, 2010

Phone users fail to protect themselves

Many people fail to lock their mobile phones and risk identity theft. Research by Unysis has found users in many countries fail to take advantage of security features leaving themselves vulnerable should their phone be stolen.

Unisys managing director Brett Hodgson said many people kept phone numbers, addresses, birthdays and bank account numbers on their mobile phones and the with the rise of smartphone ownership the risks are growing. Despite many people being aware of the importance of using security features on laptops and home computers, when it came to their mobile devices there was less importance attached. 

Research found that around 60% of mobile phone owners never secure their devices and even fewer use anti-virus software which can guard against applications which might contain malware. And many are not aware of the risks that some applications might pose. Some applications on the Android market have raised particular concern as some ask for access to sensitive data such as address books and phone numbers. 

But there are also reports that certain aspects of the code used in some smartphones may also leave users open to risks. The "Scan 2010 Open Source Integrity Report" found 359 defects in the HTC Incredible, a handset using the Android operating system. Of these, 88 defects were considered "high risk", a category that includes memory corruption, resource and memory leaks [Inquirer]. Coverity which compiled the report have passed their findings to HTC, but it highlights the increased security problems that come with new smartphones.

It is such concerns that has spawned a new generation of specialist security software specifically aimed at the mobile market. Lookout is once such company. It has recently expanded its cloud-based security service for smartphones to include the ability to wipe or lock lost phones, backup photos, and find out what information installed apps are accessing on the device. But some features come at a price. The new Lookout Premium service, costs $2.99 a month, or $29.99 a year, and includes all the basics in the free version: antivirus, anti-malware, firewall, backup and restoration of contacts, Web-based console management, as well as the ability to locate a lost phone via an online map and to force a "scream" on the device to help locate it in the event it is misplaced, John Hering, chief executive, told CNET.

Lookout are not the only firm to enter into the field of mobile phone security. Symantec, well known for its computer based security products, launched an Android App earlier this year adding to its support of Windows Mobile and Symbian systems [CNET / IntoMobile]. Juniper too have rolled out a security product [CNET].

Mobile phone security is in its infancy, and so far there have not been widespread instances of hacking. But if people fail to protect their data on their mobile phones as well as their computers this may well change.

While choosing anti-virus software may be tricky, users should start off by using the phone-lock. On Android devices there are three alternatives. One may use a password, entered by using a QWERTY keyboard, or a PIN, using numbers only. But they may also use a 'pattern' in which a user joins a series of dots from a configuration of nine. While the password and PIN are undoubtedly the most secure, it can be frustrating to constantly enter a series of numbers or letters every time the phone is used. The pattern lock is quick, and as long as one is not being overlooked, can be quite secure. Though iPhones do not come with a pattern lock installed as standard, there are apps that provide similar functionality. However recent reports suggest that even a locked iPhone is not entirely secure. A security flaw has been found in Apple's latest iPhone which allows strangers to bypass the handset's passcode-protected lock screen with a few button presses [Guardian].

[McAfee / Cisco / Norton / Juniper / LookOut]

tvnewswatch, London, UK

No comments: