Thursday, February 24, 2011

SECURITY - It's Not Just Your PC Anymore

"Security to Ward Off Crime on Phones" by RIVA RICHMOND, New York Times 2/23/2011


More consumers are buying smartphones. So more criminals are taking aim at those devices.

Criminals still prefer PCs for stealing personal data, bank and credit card account numbers as well as for running frauds. However, most PC attacks focus on Microsoft’s decade-old Windows XP operating system, which is slowly being replaced by the more secure Windows 7. Over the next few years, hackers will have to find new targets.

With smartphones outselling PCs for the first time — 421 million of the hand-held computers are expected to be sold worldwide this year, according to market analysts at IDC — the long-predicted crime wave on hand-held devices appears to have arrived. According to the mobile-security firm Lookout, malware and spyware appeared on 9 out of 100 phones it scanned in May, more than twice the 4-in-100 rate in December 2009.

In fact, the most practical rule for protecting yourself is to start thinking of the smartphone as a PC.

Most malicious incidents on mobile devices involve bogus phone or text-message charges or rogue mobile applications, of which there are now more than 500 varieties, according to F-Secure, a Finnish security firm. All these ruses require users to take some kind of action, like clicking to accept or install a program, so caution while using mobile devices can prevent most problems. (However, experts warn that automated attacks are possible and could emerge in the future.)

Most attacks happen in Eastern Europe and China. An overwhelming number — 88 percent, according to F-Secure — have singled out devices running Nokia’s Symbian operating system. Symbian is the world’s most commonly used smartphone platform, but Nokia said this month that it would be replacing it over the next few years with Microsoft’s Windows Phone operating system.

Early attacks, like the Cabir and Commwarrior worms in 2004 and 2005, caused little damage. But since 2009, attacks have grown more menacing. In September, hackers trying to steal money from accounts at a Spanish bank installed malicious applications on Symbian devices when they synced to home PCs infected with a version of the ZeuS malware. The application enabled criminals to reply to security codes sent by the bank to validate cash transfers.

Such assaults could be a preview of what is to come for devices popular in the United States. Criminals have attacked phones running on Google’s Android, Research In Motion’s BlackBerry, Apple’s iPhone and Microsoft’s Windows Mobile operating system software, suggesting that more is ahead.

No comments: