Most smartphone users do not realize how much personal data is stored and transmitted through apps. Criminals can hack into a social networking accounts, steal passwords, ATM codes and other personal data.
“The main problem is that social networks allow almost anyone to learn about the person’s life and profile. This includes the person’s habits, age, frequently visited sites, blogs viewed, as well as information about mobile devices, personal computer, operating system, applications deployed, and the level of security. This opens up a new opportunity for well-directed attacks against social network users”, Chesla told Infosecurity.
In addition, “if a person is known to usually go to a certain site and download a specific type of application, the attacker can exploit this by injecting into these websites malicious code….This will be downloaded without the user even knowing about it. This is true for phishing and other social-based attacks as well”, he warned.
The popularity of smartphones makes them an attractive attack vectors for criminals. Also, there is a often a lack of security awareness among smartphone users. “Users have a false sense of intimacy when they are using their mobile phones. But they are in fact completely exposed”, he stressed.
Smartphone users can increase their security awareness by looking out for “red flags” raised by the presence of malware on the phone. These red flags include unexpectedly large cell phone bills and unusually battery consumption.
Also, mobile carriers can reduce the security risks for smartphone users by employing website reputation services that score websites' trusworthiness. “Reputation services can be adapted to identify strange behavior of smartphones, such as communication with bad reputation websites or drop points, which are servers used to store stolen information”, Chesla said.
More and more mobile phone carriers are using reputation services to identify smartphones that are infected with malware or to prevent users from visiting malicious sites. Carriers can alert users if they are visiting malicious sites and even suspend the account, if necessary, he said.