Smart phones: risks!

The convenience of using smart phones and their available applications is unquestionable. Who does not like to have weather updates, points of interest such as gas stations, restaurants, and businesses, available on his phone one click away? This information is delivered through Location-Based Services supported by the new smart phones and their software. 

Location-Based Services can be delivered by means of wireless systems and the unique identification of communication devices combined with location data.

Examples of current uses of LBS relate to:

– the positioning of cell-phones in case of emergencies

– automatic payment services

– traffic and fleet management

– direct marketing services

– tracking services for people such as children.

Location-Based Services are regulated in European Union by the Data Protection Directive (1995) and E-privacy Directive (2002).

On your smart phone a feature is available to activate your “location” through the network provider. Also, that feature could be deactivated. The big players on the market such Android (Google) or OS (Apple) of course conform with the existing regulations regarding LBS and they follow the Data Protection and Privacy stipulations regarding their default applications installed on your device or available on their online application stores.

Third-party applications are available on those online application stores in which case not all of them could be checked, or at least checked in time, before being removed.

How it works:

– on the devices powered by the Android system from Google, you have a disclaimer where it says: this application has access to your contacts, messages, emails, etc, please be careful when installing or using it. You have the choice of uninstalling it, but most users will not reject the latest application from the “Market” which make facebook, twitter or skype available on their phone.

Please see here some examples (from a HTC Desire handset running on Android version 2.2) on how third-party applications access your most sensitive data, contacts full details, can make automatic changes on your device or even worst, can access your login, passwords information as shown in the first pictures:

Fig. 1 (retrive full contact data and use authentication credentials):

Fig. 2 (how those applications intercept phone calls and phone identities):

Fig. 3 (read phone identity, change network connectivity and modify the phone’s global settings):

Fig. 4 (read, access, modify personal data, allows cloud computing for and from the device, read full network-based location):

These applications may make your life easier by providing voice-to-text, reading an email, writing an email or identifying the phone’s location (for providing weather forecast or the closest points of interests), but in reality some third-party applications get full access to your portable device and to your data whether it is: personal contacts, emails, user names, passwords, or credit card numbers. Furthermore, the application could be delivered under a friendly name and shinny interface, but inside it could run a malware or a virus or anything else capable to read, record and transmit your data or your location which is available through your active Location Based services or through your Network Based Services (provided by your phone carrier). For example, your position reads that you are on the French Riviera and your house in Brussels is unattended, this would be a great opportunity for someone (who knows where you live) to brake into and “clean” your house from goods. even more, one can access your financial information and clone a credit card, make online transaction on your expense, use your login/password information to access private accounts (email, work, home accounts) and have access to your full contact list (with identification details, email addresses, phone numbers and any other sensitive information).

With Apple’s OS, they don’t have these disclaimers to warn you that a third party application has access to your all confidential data, which is wrong as a user has the right to know if any potential dangers could arise from getting a new application and make the decision as to whether to use it or not.

According to SMobile, 20 percent of applications that let third parties access private or sensitive information, 5 percent of applications have the ability to place a call to any number, and 2 percent of applications can send an SMS to an unknown premium number (that has higher charges for contacting), in both cases without user involvement.

With Android’s security model, it requires that applications declare the permissions they will be using prior to installation by the user. An informed user can use these declarations to decide if they want to install an application or not, according to SMobile. However, the fact remains that there is no means available for a user to know for sure that the application they just downloaded is doing only what the user sees it doing, and especially for the average user who doesn’t have knowledge about thess new technological developments, could bring both, positive or negative experiences. The most important is that nowadays it is an increasing number of  children and teenagers that use these devices. In my opinion, the risks applying to them are even higher as those children have a bigger friends’ circle where they exchange information, applications and also because they may not fully understand and perceive those risks. In this case, they can easily become a target for identity theft, child pornography, grooming and financial frauds.

How to prevent this vulnerability?

• The best prevention is to not blindly use them, check reviews first and learn how to use it.
• Watch a particular application on the provider’s platform for a while to see if that is legitimated and how user rate it.
• Download and use an Antivirus for you mobile device, available on the Android “Market“.
• Also there are available antivirus solutions for Apple OS using Trend Micro.
• If you are a parent, make your decision wisely whether you child need or not a smart phone when he/she is in grade four for example.
• If you decide that your child needs a smart phone, then try help him/her adjust the security/privacy settings and check what applications they would download on their devices.
• Check E-Crime Expert blog and website, to see the latest privacy vulnerabilities and internet crimes trends.

The big players on the smart phone and media providing market have the responsibility to educate users how to use these new services, smart devices, and interactive applications because they run their businesses because of these users who use and buy their products and services. So ask your provider.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Do you use these applications? What kind of platform are you curentely using? Are you blindly downloading and installing application on your device?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.