We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Smartphone risks on the up, EU agency warns

ENISA report serves up security warning

Smartphone security needs to shape up pretty fast if it is to avoid the mistakes that turned the PC into a global crime platform, a new report from EU security agency ENISA (European Network and Information Security Agency) has said.

According to the report, based on detailed interviews with 30 top European developers, security experts and police professionals, smartphones and tablets face a number of attack risks, some pretty obvious, some less so.

Better-documented threats outlined include the risk of rogue software being sold through online app stores, including ones which carry out subtle surveillance to capture data such as a user's location or usage habits.

The report also worries about 'diallerware' attacks, which work either by installing a rogue app that dials premium rate numbers to defraud users, or a simple SMS social engineering con which tricks users into replying to a similarly expensive service number. This type of attack is already becoming a problem in the UK even as the networks look on, apparently unconcerned.

One of the simplest security problems is the problem of decommissioning and recycling smartphones, vast numbers of which are passed on to third parties without data having been properly wiped.

The authors note that smartphones come with unusual features such as the ability to remotely de-activate a rogue app, as well as the ability to remotely delete data in some situations. The problem is that there is no standard way of implementing any of this.

Recommendations include that developers include encryption and device access security as standard - many don't at present. Patching and privacy management should also be improved and standardised, and the industry should develop a way to make remote security possible without users feeling controlled.

The oddity of the report - indeed all reports on smartphone security - is putting the threat into some context without examples to call upon. Real attacks on smartphones are still rare in an age when PCs remain the number one target.

What is clear is that the potential for attacks on consumers and especially business smartphone users is very real. Unlike the PC industry, which sleepwalked into a bad situation without properly assessing the potential for harm, the smartphone industry has at least been amply warned.

See also: Group test: what's the best smartphone?

IDG UK Sites

6 best gaming PCs 2015: What's the best gaming PC you can buy in the UK?

IDG UK Sites

Three of the most expensive Limited Edition games ever made: Who's buying a $1,000,000 game?

IDG UK Sites

The future of Microsoft Surface: What to expect from the Surface Pro 4

IDG UK Sites

Best Mac: Apple Mac buyers guide for 2015: iMac, MacBook, MacBook Air, MacBook Pro, Mac mini and...