We are all going mobile. And, generally speaking, that isn’t such a bad thing. To have a tool the approximate size of a deck of cards with you at all times that can manage your business and personal affairs over the “air” is a compelling sell indeed. However, along with the obvious benefits, there are certainly drawbacks, with security or lack thereof being not the least among them. In many respects, the lack of security does stand to some reason. What is far more troubling, however, is the general lack of awareness among mobile phone users regarding the risks associated with such “always on” connectedness.
BeSpacific blog highlighted a March 11, 2011 report by the Ponemon Institute, a group focused on security issues, on the findings from a survey of 734 U.S. mobile phone consumers over the age of 18. Ponemon was trying to get at two pieces of information: are consumers aware of the risks; and, do consumers care about the risks? The results, culled from their answers, are a tad shocking.
Ponemon reports that the key finding from their research is that users are unaware of the type and extent of security risks associated with mobile phone use and are not terribly concerned about them. Users are far more concerned with security on their laptop or desktop computers than they are with respect to their mobile phones. They are also far more concerned that a marketer will try to contact them over their phone then they are about weak links in the security chain. A sizeable percentage store sensitive data on their phones, but over 50% of users have not enabled the basic security of a keypad lock or password protection. And a 57% majority report that security is not an important feature on their phone at all. Nearly half of consumers are unconcerned about transferring a device to another person without properly wiping the phone’s data. Most are unaware of being “tracked” while using their phones or the lessened security that accompanies jailbreaking a device. Less than half are concerned about insecure wi-fi to phone connections. Only about half are aware of and less than half are concerned about “cross-over” – security of business information jeopardized by personal use of a device. And, it appears, a large percentage of smartphone use is mixed business and personal, with employers paying some or all of the bill.
Now, I am sure that Studio readers are well aware of the risks associated with mobile smartphone use and have implemented security measures to prevent against harm. But, as a public service, I list below the security scenarios addressed in the report. Maybe there is one you overlooked, who knows? But, knowledge being power and all, this is one arena in which ignorance is definitely not bliss.
1. location data embedded onto image files can result in tracking of the smartphone user
2. Smartphone apps can transmit confidential payment information (i.e. credit card details)
3. Smartphones can be infected by specialized malware called “dialerware” that enables criminals to make use of premium services or numbers resulting in unexpected monthly charges.
4. Smartphone apps may contain spyware that allows criminals to access the private information contained on a smartphone
5. Financial apps for smartphones can be infected with specialized malware designed to steal credit card numbers and online banking credentials.
6. If a social network app is downloaded on a smartphone, failing to log off properly could allow an imposter to post malicious details or change personal settings without the user’s knowledge.
7. A smartphone can be disposed of transferred to another user without properly removing sensitive data, allowing an intruder to access private data on the device.
8. In many cases, people use their smartphone for both business and personal usage, thus putting confidential business information at risk (a/k/a cross-over risk).
9. A smartphone can connect to the Internet through a local WIFI network that is insecure. This may result in a virus attack to the smartphone.
10. Smartphones contain basic security protections that can be disabled by jailbreaking, thus, making the smartphone more vulnerable to spyware or malware attacks.
11. Smartphone users can be targeted by marketers based on how the phone is used for purchases, Internet browsing and location. As a result, the user may receive unwanted marketing ads and promotions on their smartphone.