It would be a fairly safe bet to wager that every single person reading this on a computer has some kind of protection from viruses and hacking. But what about those of you reading this on a mobile phone? It seems that such devices, and of course smartphones in particular, have become the main target for hackers.
According to Reuters, the first mobile virus emerged in June 2004, but the risk of hacking remained limited because of the relatively small size of the market. That, however, has changed thanks to the massive growth in smartphone use and ownership, which outgrew the PC market in 2011.
In particular, the increasing use of mobile payments has attracted the attentions of hackers and data thieves. Steven Nathasingh, chief of US research firm Vaxa Inc., told Reuters: “Mobile security has become a major concern since smartphone transactions are now of much higher value, including corporate data access, managing personal finances and online purchases.”
Despite this, most people have done nothing to protect their devices: Less than 5 percent of smartphones and tablets are installed with security software, according to Juniper Research. The research firm expects to see the total annual market for mobile security software growing to $3.6 billion by 2016.
Getting Remote Control of a Phone
And yet things could well be about to get worse. Until now, software needed to be installed on a victim’s phone for most attacks. But at the 28th Chaos Communication Congress here in Berlin, which came to a close today, security researcher Karsten Nohl demonstrated a method of gaining remote control of a phone.
Nohl, from Berlin-based Security Research Labs, and his colleague Luca Melette used a mobile phone emulator based on open source software to make calls and send texts to expensive premium rate phone numbers. Nohl said that the attack carries a high risk of abuse and is already being actively used by criminals. In contrast to other known attacks, most of which are aimed at listening in on phone conversations, this attack poses a threat to anyone with a GSM mobile phone.
Now Nohl has called for mobile network operators, network equipment suppliers and device manufacturers to implement techniques already available for improving GSM encryption mechanisms, which should use better random numbers, switch frequencies, and stop recycling of previously used session keys.
But for now, phone users may well need to start thinking a little more about how secure their device actually is.