Hackers target smart phones

Steve Henn Mar 4, 2011

Hackers target smart phones

Steve Henn Mar 4, 2011


Tess Vigeland: Apple hogged the technology headlines this week with the splashy introduction of Le iPad deux. But for Google Android users the news wasn’t so pleasant. Turns out more than 50 apps had been infected with viruses designed to steal personal information, like passwords and account numbers. Before the malicious code was spotted, tens of thousands — possibly hundreds of thousands of users — had downloaded it onto their phones.

Marketplace’s Steve Henn reports.

Steve Henn: I’ll admit it. I’m in a co-dependent relationship… with my phone. I go anywhere with it.

Sound of door closing

I rely on it for directions.

Sound of car starting

And to send me texts if my bank balance runs low.

Phone rings

I use it for recipes and research.

Sound of eggs cracking

And when my kids ask a question I can’t answer, I pick up…

Ella, Faye and Lila: Your phone, your phone, your phone.

Henn: So is my phone smarter than I am?

Ella, Faye and Lila: Yeah.

OK fine. But it’s still not quite smart enough to protect all the valuable information passing through it. Hackers, turns out, are going after mobile phone, because these days, that’s where the money is.

Nick DePetrillo at is Crucial Security.

Nick DePetrillo: Mobile attacks are definitely expanding because consumers are buying more and more smart phones.

And using them like computers to pay bills and balance check books. But Don Bailey a security researcher at ISEC partners says smart phones aren’t that secure.

Don Bailey: I would really say they are inherently vulnerable.

All your cool apps, even the one from your bank are perched on top of a giant stack of technology == from the your phone’s operating system, all the way down to the cell phone towers and the telephone companies’ switching system. And Bailey says every layer in that stack can be hacked.

Bailey: All up and down the spectrum you have vulnerabilities at every level.

Last year, Bailey and DePetrillo figured out you could reverse engineer the national caller ID database.

DePetrillo: You could essentially build a list of a names and cellular phone numbers and that could include anybody, anybody in the United States — from celebrities to…

…defense contractors, even aides to the president. Bailey realized they could use that list, sort of a homemade phone book, to track anyone who was carrying a mobile phone in their pocket as they moved around the country.

Bailey: We really only spent a couple hundred dollars. And when you think about that and think about the kind of power you have with this material, a couple hundred dollars is really an extremely dangerous thing.

For many consumers a $1.99 can be a really dangerous thing too. Bailey says lots of mobile security threats are likely to show up in app stores.

Bailey: This is where the big players are going to be, right. This is where crimeware is going to start spawning. And it is spawning.

The folks that write crimeware are hoping you’ll download an infected app and then it will capture your credit card numbers or passwords.

Tyler Shields is a security researcher at Veracode. He hacked a Blackberry that way, purely in the interest of science, of course. But Shields says there are some things consumers can do to protect themselves.

Tyler Shields: The first thing you can do is only download your applications from a more trusted source, such as the iPhone app store or the Android Marketplace.

Apple reviews all the apps in it store before they are sold. Android developers police their marketplace themselves. But there are millions of apps.

Kevin Mafferty: In security, there’s no silver bullet.

Kevin Mafferty is the co-founder of the mobile security firm Lookout. He says malicious apps are getting stealthier and smarter.

Mafferty: What we’re seeing right now is this experimental stage of mobile malware, where you have a very well developed industry of malware writers on the PC and they see mobile as a big opportunity..

LookOut and other firms offer free malware detection apps for most mobile platforms. But Mafferty says the best protection may be common sense: Pay attention to what you do when you are on a public wi-fi network. Keep an eye out for suspicious charges. And if your phone starts acting funny — sending texts or e-mails on its own or even if its battery life drops dramatically — take it in and have an expert check it out.

In Silicon Valley, I’m Steve Henn for Marketplace Money.

There’s a lot happening in the world.  Through it all, Marketplace is here for you. 

You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible. 

Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.