We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Smartphone risks on the up, EU agency warns

ENISA report serves up security warning

Smartphone security needs to shape up pretty fast if it is to avoid the mistakes that turned the PC into a global crime platform, a new report from EU security agency ENISA (European Network and Information Security Agency) has said.

According to the report, based on detailed interviews with 30 top European developers, security experts and police professionals, smartphones and tablets face a number of attack risks, some pretty obvious, some less so.

Better-documented threats outlined include the risk of rogue software being sold through online app stores, including ones which carry out subtle surveillance to capture data such as a user's location or usage habits.

The report also worries about 'diallerware' attacks, which work either by installing a rogue app that dials premium rate numbers to defraud users, or a simple SMS social engineering con which tricks users into replying to a similarly expensive service number. This type of attack is already becoming a problem in the UK even as the networks look on, apparently unconcerned.

One of the simplest security problems is the problem of decommissioning and recycling smartphones, vast numbers of which are passed on to third parties without data having been properly wiped.

The authors note that smartphones come with unusual features such as the ability to remotely de-activate a rogue app, as well as the ability to remotely delete data in some situations. The problem is that there is no standard way of implementing any of this.

Recommendations include that developers include encryption and device access security as standard - many don't at present. Patching and privacy management should also be improved and standardised, and the industry should develop a way to make remote security possible without users feeling controlled.

The oddity of the report - indeed all reports on smartphone security - is putting the threat into some context without examples to call upon. Real attacks on smartphones are still rare in an age when PCs remain the number one target.

What is clear is that the potential for attacks on consumers and especially business smartphone users is very real. Unlike the PC industry, which sleepwalked into a bad situation without properly assessing the potential for harm, the smartphone industry has at least been amply warned.

See also: Group test: what's the best smartphone?

IDG UK Sites

Samsung Galaxy S6 launch as it happened: Galaxy S6 launch video and live blog - watch again as...

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Interview: Lauren Currie aims to help design students bridge skills gap

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...