Integrated Systems

Phone caution

by msecadm4921

BullGuard has urged that smartphone users exercise caution to avoid an increasing number of malicious apps, and encourages safe practice to prevent being infected by an array of malware specifically designed to target portable devices.

After some high-profile incidents last year, 2012 has already seen an increase in both the number of malware strains and the methods by which malicious coders would seek to infect a device. Cybercriminals are working around the clock to create illegitimate, malware-infested apps for download, many of which can make personal information such as bank details, contact data, passwords and media files available to a third party.

“Despite the abundance of malware designed to target smartphones, we’re seeing that many users are unaware of the increasing threat to their devices and how to combat it,” says BullGuard CTO, Claus Villumsen. “There’s still work to do in educating consumers about the dangers of casual smartphone use, particularly in the case of app downloads.”

To avoid being infected by malware the firm offers consumers the following advice:

Only download applications from the platform’s official app store: Android Market, App World (Blackberry), Ovi Store (Symbian) or Apple Store

Third-party app repositories may appear to be attractive alternatives to official stores but are inherently more dangerous because there is often little or no control over what gets published. In addition, spam e-mails or SMS messages with links to download apps directly, or that link to apparently legitimate websites, represent a similar security risk to that found on a desktop or notebook computer.

Read the reviews

All app stores display reviews for the software available for download. Always take some time to sift through the reviews and pay attention to what other people say. If there are several pages of reviews, be sure to go through some of them randomly to avoid being caught by a stream of “fake” reviews that are often written to generate interest or make the software look more legitimate. Even if the app is for real, reading reviews can also tell you whether the software may cause issues on the device. When sifting through pages and pages of free apps, a healthy dose of scepticism is required to keep malware away from a smartphone.

Read permission and resource access carefully

This is particularly important on permission-based mobile platforms such as Android, Blackberry or iOS. Smartphone users should always take the time to look at the app’s advertised features and compare those features to the list of permissions and resource access the software asks for. For example, it does not make any sense for small, entertaining games to have access to the contacts list and messages, or to send text messages to random numbers or being allowed to delete files from the device. Vigilant users should be able to easily identify discrepancies between advertised features and what the application will really do on the smartphone. If something looks strange, ask yourself whether you really need to download this app or whether there are more legitimate sounding alternatives available elsewhere.

Don’t jailbreak or root a smartphone

Rooting a phone may sound appealing, and will often allow a user far more control over a device, but there’s a reason why sensitive areas of the operating system have been protected and one of the key benefits is increased security. iOS device owners may want to install apps that do not necessarily come from Apple’s App Store, but in stripping away security layers a device is left defenceless against malware or hacking attempts. Android users are in a similar situation, potentially offering installed apps full access to core device features and functionality.

Check the developer

One trick that some malware writers use is to produce an application that looks identical or very similar to a popular legitimate app to try and trick people into downloading. Sometimes this is simply used as a rather disingenuous marketing ploy, but in other instances malicious code can actually be built into a “fake” app that’s designed to steal information from a phone. It’s usually easy to find the developer’s name (and a link to their website) on the app download page, so from here you can check to make sure everything seems in order. Also be sure of exactly what you’re looking for – downloading “Angry Burds” from Malcamp Studios is unlikely to be as entertaining as the real thing.

Install a mobile security suite and keep the operating system up to date

Just as with a desktop or notebook computer, it’s always advisable to keep software as up to date as possible, as in many cases security issues have been addressed that can help prevent infection on the new version. Similarly, installing a reputable security suite is essential and this will help provide protection against malware as well as offering additional features should your phone be lost or stolen. It is important to remember that smartphones are effectively miniature computers, potentially subject to the same sorts of threats, so if you wouldn’t leave a computer without sufficient security, be sure to treat a smartphone the same way.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing