We constantly hear about the dangers of viruses and malware on smartphones, but are the threats real or is it just the security companies who are crying wolf? PC Advisor met Kevin Freij, security expert and founder of MYMobileSecurity to find out.
PCA: How did you get the idea to start up MYMobileSecurity?
KF: I started the company in 2009 along with two partners. All three of us had a broad experience within the security industry which we could draw on. We thought that a user friendly mobile security software for home users was missing and, since most of the programs at that time were made for businesses. We were one of the first movers which gave us a major advantage. Today we have a wide portfolio - no-one else can offer home users the range of security apps that we can.
PCA: How does a small company like yours stand out among your major competitors such as Symantec and F-Secure?
KF: Firstly, we focus exclusively on mobile security, which means that we are experts in the field. Norton, for example, is focused on security for PCs and mobile security is only a small part of their product portfolio. We do not only provide antivirus for smartphones, but have developed a whole range of apps, all of which increase security and are easy to integrate with mobile operators, handset manufacturers, etc. Once our platform is implemented, we can easily add more security apps following the customer´s demands. This makes us a very flexible partner.
But when all this is said, timing, hard work, positive attitude and perseverance are a must when you are fighting against giants. Right now we have reached a point where we are ready to take in investors. In fact, we believe that investors are necessary for us to hold on to the position we have in the market right now because the competition is getting so strong.
PCA: How would you evaluate the security level on smartphones today?
KF: Mobile security is an explosively growing area. Think about how the use of smartphones has revolutionised the way we communicate and think about how fast it has happened. Today, most people have a smartphone and use it like a small computer 24/7. This has set high demands on safety.
Most people currently have an antivirus program on their PC but this is due to the long period of time that has passed since the first computer virus appeared more than 30 years ago. The smartphone industry is still new and so is the mobile security industry, but it won´t take long before we all have some kind of antivirus on our phone. It is challenging and requires constant innovation if we are to combat the growing crime that threats smartphones today.
On Android devices alone, malware and viruses rose by over 370% in just three months last year and this trend continues. The more widespread smartphones get, the more attractive it will be for fraudsters.
PCA: What threats are the greatest?
KF: We see more and more fake apps sneaking up on the app stores, particularly on Google Play but also Apple's App Store has been hit. The fake apps imitate the typically known and trusted apps, but when you download them, they can drain your account in no time by secretly sending text messages to expensive phone numbers.
It can also be a fake link that you click on in a text message or in an email on the phone. Several studies show that we are more likely to click on a fake link from our phone because the screen is small and we may have less time to examine it compared to if we sat in front of our computer. That insight is surely candy for hackers.
The false link often leads on to a website that infects your phone with a spyware program so your passwords, account and credit card information is registered and used. We see the same method used in the popular QR-codes, which you scan with a mobile phone camera.
Mobile banking is also a security issue today, where virtually all banks have an app that allows customers to transfer money to external accounts "on the run". Finally, stolen or lost phones are a serious threat because our phones today contain so many valuable data. It can be very uncomfortable to for us as individuals to get all our personal photos, text messages and emails stolen, but if the phone also contains business data, it can be a disaster for a company.
PCA: Are you sure you are not just crying wolf?
KF: Well, I actually don´t think I am. The threats are real, they are not invented by security companies. All new statistics show that malware on mobile phones is increasing and the fact that there are still serious security holes in operating systems and that hackers constantly find new ways to cheat users.
Lately we have seen examples of fake networks that look like the public Wi-Fi networks you can find in restaurants, cafes and airports. The hacker behind the fake network can get access to passwords and user names for the services that you normally log on to and this can happen to both Android and Apple users.
On the latest Black Hat Conference in Las Vegas the hacker Charlie Miller showed off newly discovered vulnerabilities in "near-field communications" features on Samsung and Nokia devices. NFC is a short-range wireless technology that's coming soon to all major smartphones. It's intended to let you beam content to nearby devices and use your phone as a mobile wallet, but it could also be a flashing neon sign for hackers.
PCA: Is there a difference between Android and iPhone in terms of security?
KF: Not in terms of the ability to get a virus or to have money withdrawn from the bank account, credit card or app store account. Apple has had a more closed ecosystem, which has set higher requirements for app developers making it harder to be approved by their App Store. In spite of that, we have recently seen many fake apps, both on Apple and Android stores.
Apple requires users to enter a valid credit card number to have an account on App Store and iTunes. This makes it very attractive for scammers to hack into iOS, combined with the fact that there are more apps in App Store. The advantage in terms of security that Apple has had so far will be diminished over time, I think.
One of the latest examples of a security hole in the App Store was discovered last week, when two colleagues of the company Shootitlive by coincidence found out that when more people access the App Store on the same Wi-Fi network, they could access the same Apple account. The method is called “Session Fixation Attack” and basically comes down to using a previous browser session to extract private data and get access to an Apple ID. This means that iTunes and App Store accounts can be compromised, as the hacker can change both the password and the email address.
Google has recently tightened the requirements for the Play store, realising that it was too easy to put up an app, which resulted in many fake apps. So, all in all I do not think one system is more secure than the other.
PCA: What can users do to protect themselves?
KF: A security program with antivirus of some kind is of course a must, but in addition common sense and prudence will be invaluable in the end. Think before you install a new app. Does it look plausible? Has it been notified on the web? Who are the owners behind? Are other users satisfied? And to what rights do you grant permission when you agree to the Terms? A barcode scanner, for example, could track you via GPS or view all your contacts. Pay attention to links in emails before you tap them. Hold the cursor over the link and read the address. The same goes for the bar codes, they can also be fake, so be careful with them.
Continues on next page >>
PCA: What's the future for mobile banking?
KF: This is a very interesting area. We see signs everywhere of a revolution in consumer technology, driven by smartphones. Starbucks reached over 42 million mobile purchases in just 15 months since their app for iPhone and Android was launched in January 2011. Customers loved being able to pay for their coffee by scanning a barcode.
Although Apple typically takes 30% commission with Starbucks, it has been a great business for both parties. Mobile money is a hit, and this is also the reason why Google has made it a top priority to get Google Wallet up and running. This whole technological revolution calls for more security and I am looking forward to being part of that evolution.
PCA: How do you explain that - despite the expansion of the problem – there is still no uniform technology when it comes to security on mobile phones?
KF: Security threats are changing and are becoming more sophisticated as the criminals find new methods. It is very costly to invest in research, development and testing of new security systems, which means that it is only a few giant companies that have resources for it. However, there exists an organisation that collects data about mobile viruses and malware, so in that way we can share knowledge on this area, but I think the explanation of the lack of a common security approach must be found in the fact that we are all competing against each other. Everyone wants to be the best.
PCA: Are the threats the same on smartphones as on PCs?
KF: Yes and no. The biggest difference is probably that, on the PC side, hackers are trying to find a hole in the operating system, so they can exploit it and sneak a virus into it, for instance a spy program that can access all your personal data. On the mobile side however, it's very common to trick people into downloading a virus via fake apps or bad links without having to find a security hole in the system.
PCA: How does your app MYAndroid Protection work?
KF: MYAndroid Protection is a complete security application that scans for viruses and malware, warns of fake apps and links, backs up contacts and can be controlled remotely from another mobile phone in case of theft or loss. If you lose your phone, it can be blocked and the contents deleted by sending an SMS to the phone. You can also track it via GPS and initiate an alarm so you can hear where it is.
MYAndroid Protection was named one of the best antivirus apps for Android in April 2012 by AV-Test.org, which tested and compared 41 apps. As well as a high virus-detection rate, we focus on ease of use.
PCA: What new security apps do you have in pipeline?
KF: I'm excited about our parental control app MYMobile FamilyProtection. We launched a beta version in spring 2012, and it received considerable success and media coverage. After a couple of months we removed it from the market to improve the features based on the feedback we got.
We also needed to implement some adjustments on our platforms to be able to respond to the high demands that we registered. We have now improved it and think it's the best parental control app on the market.
Parent can install it on child's smartphone, and can keep better track of how the child uses her or his smartphone from their PC or own smartphone. In this way we can reduce the risk of e-bullying, contact with strangers, sky-high phone bills and it gives you peace of mind knowing where your child is located via a GPS feature.
In addition, we have a backup app, MYMobileBackup, that makes it possible to move all data from an iPhone to an Android device. And finally, we will launch an app, we call MYMobileBodyGuard. It's aimed particularly at women that might be afraid to walk home alone at night and feel more secure having another person follow them home safely over the phone.
PCA: One final question: what new threats are we going to see over the coming months?
KF: In addition to the increasing number of fake apps, there will be more and more infected push ads which can steal users' contacts or install virus and ultimately drain their accounts. We have already seen many examples of this, one of the most known and biggest fake push ad this spring was the update to the Super Battery Charger app, which should extend battery life but instead infected the phones with a virus that sent costly premium text messages, secretly stealing money from users.
Kevin Freij, 37, is CEO and co-founder of MYMobileSecurity. He is Swedish and lives in Stockholm, Sweden. Kevin started www.mymobilesecurity.com in 2009 with two partners.
They make security apps for smartphones, have more than 5 million users and collaborate with more than 60 mobile operators worldwide. At the moment the company is one of the fastest growing security companies in the mobile phone industry.