With 2012 coming to a close, security expert Kevin Freij from www.mymobilesecurity.com sums up the past year and forecasts the threats that smartphone and tablet users are likely to be faced with in 2013.
2013 mobile threats: Fake app stores
The last two years have seen fake apps increase exponentially in the app stores, particularly on Google Play but even on Apple's App Store. This trend will continue in 2013 since it is the “soft” option for many scammers, but we will also see a rise in fake app stores which will imitate the typically known and trusted app stores.
The major difference being that many of the apps listed in these stores will be counterfeit or contain malware. We saw quite a few examples this year of sites, for instance the fake Android markets t2file.net and uons.net, mainly targeting Russian speakers, that were inaccessible to computer users but, when accessed via a smartphone, a downloader was installed that generated premium rate text messages.
This type of scam has only just begun and we will see much more of it worldwide just as we do with phishing sites imitating your bank. The best advice is to avoid using searched links to app stores or apps, always type in the URL or use a bookmark, be aware of the true web address (URL) of the store you are entering (Google Play and not Google Pay or Google Plays). Also make sure that the particular app has positive reviews and comments from many other users. Wherever possible, try to avoid new or non-reviewed apps or those apps with little or no history.
2013 mobile threats: Stolen or lost devices
Stolen or lost devices have been and will continue to be a serious threat in 2013 because our phones and tablets today contain so much valuable data.
It can be very uncomfortable to have your personal photos, text messages and emails stolen, but if the phone also contains business data, it can be a disaster for a company.
In 2011 BYOD (bring your own device) was predicted to be one of the main problems in 2012, which has been shown to be true only for small businesses with a limited number of employees. For that type of business it is a major threat since fully managed security systems and protocols are often very limited or completely absent.
Large corporate environments have their own security protocols which include purpose-built firewalls, handshake protocols, multi-layer security and directory services to enable user validation. BYOD within the confines of such controlled environments are never simple to deploy and very often can cause unanticipated security concerns.
2013 mobile threats: Mobile wallet
Mobile wallet (paying for goods and services with your smartphone) is brand new technology and will become very big in the coming years. In fact, we see signs everywhere of a revolution in this kind of consumer technology for smartphones.
Starbucks reached over 42 million mobile purchases in just 15 months since its iPhone and Android app was launched in January 2011. Many customers loved having the ability to pay for their coffee by simply scanning a barcode. Although Apple typically takes 30% commission with Starbucks, it has been a great business for both parties.
Mobile money is a hit, and this is also the reason why Google has listed as a top priority to get Google Wallet up and running. Convenience such as this is often welcomed by the general population but invariably leads to security concerns and additional opportunity for hackers and scammers to take advantage, especially when the technology is still in its infancy and poorly understood by the average consumer.
2013 mobile threats: Fake and hijacked wireless networks
All statistics from 2012 shows that malware on mobile phones is increasing and the fact that there are still serious security holes in operating systems and that hackers constantly find new ways to cheat users.
In 2013 we will see more examples of fake networks that look like the public Wi-Fi networks you can find on restaurants, cafes and airports. By imitating or hijacking a public hotspot, the hacker behind the fake network can get access to passwords and usernames from the services that you normally log on to and this can happen to both Android and Apple users.
On the latest Black Hat Conference in July in Las Vegas the hacker Charlie Miller showed off newly discovered vulnerabilities in "near field communications" features on Samsung and Nokia devices. NFC is a short-range wireless technology that's coming soon to all major smartphones. It's intended to let you beam content to nearby devices and use your phone as a mobile wallet, but it could also attract hackers as it's like a flashing neon sign advertising the fact that your device has this capability.
2013 mobile threats: Infected push ads
In 2013 there will be more infected push ads which can steal users' contacts or install a virus and ultimately drain their accounts. We have already seen many examples of this, one of the best known and biggest fake push ads in 2012 was the update to the Super Battery Charger app, which should extend battery life but instead infected the phones with a virus that sent costly premium text messages secretly stealing money from the users.
2013 mobile threats: Tablets
The sale of tablets this year has beaten all records. 25 million tablets were sold worldwide during just the second quarter of 2012 according to ABI Research. In total, it is expected that over 120 million will be sold by the end of the year. Many users tend to forget about protecting their tablets in the same way they protect their smartphones, a particular concern is the increasing corporate use of tablets.
Produced with better multimedia capabilities, performance, power and rich computing features, tablets will slowly replace laptops in the boardrooms, and have become the preferred tool for giving demos, presentations and displaying reports. As employees use their personal or company-owned tablets to access corporate resources, they may unknowingly open up the network for online exploits. Thus, it is mandatory to deploy an inventory tool to keep tabs on your enterprise tablet population and its activity.
2013 mobile threats: Mobile Browsing
Cyber criminals will continue in 2013 to find ways to manipulate search engine results to control how information is presented to internet users during a search. I am convinced that we will see this kind of “search history poisoning” jump from the desktop to mobile in 2013. This threat is particularly prevalent on mobile devices due to the small screens.
Kevin Freij is CEO of MyMobileSecurity, the company behind MyAndroid Protection.