Most users unaware of smartphone security risks

Consumers are indifferent to the many serious security risks associated with the storage and transmission of sensitive personal data on iPhone, Blackberry and Android devices, according to The Ponemon Institute.

Following are three of the most alarming results of the survey:

• 89 percent of respondents were unaware that smartphone applications can transmit confidential payment information such as credit card details without the user’s knowledge or consent.
• 91 percent of respondents were unaware that financial applications for smartphones can be infected with specialized malware designed to steal credit card numbers and online banking credentials, yet nearly a third (29 percent) report already storing credit and debit card information on their devices and 35 percent report storing “confidential” work related documents as well.
• 56 percent of respondents did not know that failing to properly log off from a social network app could allow an imposter to post malicious details or change personal settings without their knowledge. Of those aware, 37 percent were unsure whether or not their profiles had already been manipulated.

Other smartphone security dangers include geo-tracking based on location data embedded onto image files; the transmission of confidential payment information without the user’s knowledge or consent; and unauthorized (and often unnoticed) premium-service orders on the monthly bill.

“The findings of this study signal what could be an overlooked security risk for organizations created by employees’ use of smartphones. Because consumers in our study report that they often use smartphones interchangeably for business and personal, organizations should make sure their security policies include guidelines for the appropriate use of smartphones that are used for company purposes,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute.

According to the study, 28 percent of respondents were unaware that using their smartphone for business and personal reasons can put business information at risk.