Smartphone spying: How can users protect themselves?
by Catalin Cosoi - Chief Security Strategist, Bitdefender - Wednesday, 29 January 2014.
Smartphone users need to realise that their mobile phone is less of a phone and more of a mobile computer, in which applications can collect data from other applications installed on the same device. Some, such as browsers, can also access browsing history information from other machines belonging to the same user as well.

Smartphone apps are able to access information that is specific to other applications due to the way applications integrate with each other within the mobile operating system – for instance, a game could access and use the information stored in the address book or could read profile data taken from social connectors such as Facebook, LinkedIn, Twitter and Google+.

In addition to this, carriers (namely, mobile phone companies) also install their own software on the phones, both at the operating system level with personalized interfaces and at the baseband level – essentially, the part that puts the “phone” in “smartphone”.

The baseband has higher levels of access to the smartphone hardware than even the user-visible operating system itself, so any leak or compromise at this level cannot even be detected by security apps running on the smartphone. On an even lower and therefore more privileged level, there are SIM card operating systems, which deal with phone network operations such as registering with a base station and delivering baseband software updates over the air.

Depending on what permissions are granted upon installation, an application might process the accessed information and send it to the developer or a third party. Most of the time, these pieces of information are collected by independent third parties such as ad networks that use the information for pushing targeted advertisements, and, in exchange, pay the developer a specific amount per user.

As these pieces of information are exfiltrated from the “victim’s” device, another third party could just duplicate them as they travel across the carrier’s mobile network and store them for further processing. In this case, the ad network only serves as a vector.

Applications that require permissions related to social networks or access to the device’s sensors (for example the camera, accelerometer, microphone or GPS) are highly likely to collect and report these inputs. We advise users to not install any such applications unless they feel comfortable with this information landing in a third party’s hand.

Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //