Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security Regulation & Compliance
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Mobile Phone Operating System Insecurity

As more online retailers introduce mobile ecommerce applications, criminal hackers are taking notice. Existing mobile operating systems are under attack and, like standard PC operating systems, they sometimes fail to provide the necessary security to support a payment application.

Current research is primarily geared towards securing mobile payments, but there is a lack of coordination between mobile payment developers, device manufacturers, and mobile operating system platform developers. Hackers are taking advantage of the loophole created by this lack of coordination.

Mobile phone spyware has been a concern for years. Legitimate software companies sell mobile phone spyware that allows the user to monitor a spouse, kids, or employees. And criminals deploy mobile phone spyware, as well.

Beijing-based mobile security services firm NetQin Technology reports that an application called Xwodi, which allows third parties to eavesdrop on cell phone conversations, has infected more than 150,000 phones in China. Apparently, the malware targets mobiles running the Symbian platform, and monitors phones by silently activating the conference call feature or microphone.

One security company, Trusteer, informed The New York Times, “Mobile users are three times more likely to fall for phishing scams than PC users…because mobile devices are activated all the time, and small-screen formatting makes the fraud more difficult to spot.” In the same article, another mobile security firm, Lookout, claimed that in May 2010, 9 out of 100 phones scanned for malware and spyware were infected. That’s up from 4 out of 100 infected phones in December 2009.

Protect yourself by refraining from clicking links in text messages, emails, or unfamiliar webpages displayed on your phone’s browser. Set your mobile phone to lock automatically and unlock only when you enter a PIN. Consider investing a service that locates a lost phone, locks it, and if necessary, wipes the data, as well as restoring that data on a new phone. Keep your phone’s operating system updated with the latest patches, and invest in antivirus protection for your phone.

 

4566

Channels

Security Regulation & Compliance
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (3)

A Finextra member
A Finextra member 27 April, 2011, 13:19Be the first to give this comment the thumbs up 0 likes Apple iPhones now come with a remote wipe facility (providing you have subscribed to their Mobile Me service). Here is how: http://www.macworld.com/article/141605/2009/07/remotewipe.html
There is also the capability for administrators to remotely wipe Company 'phones for iPhones and Blackberries. For non-corporate owners, BlackBerry Protect is now available as a downloadable application from their appworld (also has a geo-locate-as-I-left-it-in-the-office and loud-ring-from-where-it-dropped-under-sofa function as well as remote wipe if it has been stolen ... unless you have encrypted it). However Android 'phones need third party security applications, such as the one offered by F-Secure or McAffee WaveSecure.
Remember also to wipe your 'phone, e.g. by reverting to factory settings, if you hand it back in to IT or sell it on e-bay... http://www.tuaw.com/2009/08/23/dont-forget-to-wipe-your-iphones-data/
Report abuse
Robert Siciliano
Robert Siciliano - Safr.me - Boston 27 April, 2011, 13:24Be the first to give this comment the thumbs up 0 likes

Thanks Mary!

Report abuse
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 27 April, 2011, 17:50Be the first to give this comment the thumbs up 0 likes

There's another aspect to security, where I believe mobile scores well over PC, although it calls for an application design mindset that leverages the full power of mobile technology instead of treating it merely as a mobile-version of a PC-based application. 

Let me recount my last three mobile "commerce" transactions from three different apps: (1) Check bank balance (2) View stock portfolio (3) Order an additional channel from my satellite TV provider.  

On thing is clear: Each of these transactions works ONLY from a registered mobile phone # (mine), which can emnate ONLY from one handset (mine, again).

Thanks to SIM, "device authentication" is elementary to mobile technology. Judging from my experience it seems possible to incorporate it easily into any mobile app. I doubt if this is the case with PC-based applications. Besides, mobile phones are on all the time and carried almost everywhere, so configuring a mobile app to only work on a single handset is hardly a restriction. This can't be said for PC-based applications. 

Report abuse
Join the discussion
Robert Siciliano

Robert Siciliano

Security Analyst

Safr.me

Member since

04 Feb 2009

Location

Boston

Blog posts

839

Comments

62

More from Robert

Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more