Smartphone security threats to double this year

With a number of high profile security breaches recently the landscape of threat is one that is increasing and constantly evolving according to analysts, as Sony customers and their bank managers will certainly agree.

TechEye spoke to Magnus Kalkuhl, Director of European division of Kaspersky Lab’s global Research & Analysis Team here in Prague about some of the dangers facing everyone from large organisations to smartphone users.

And while hacking of datacentres is not something new, both the Sony case and, on a governmental level, Stuxnet and Stars have both shown recent lapses of security that are on a scale that has not previously been seen.

Furthermore with the increase in constant internet connectivity as well as new devices such as smartphones and tablets offering new areas for malware to attack, protecting people on many different levels from such threats is a constant struggle.

According to Kalkuhl one of the main threats evolving is one that has followed the explosion of smartphone uptake with Android highlighted as a prime target for malware.

“There was lots of talk about mobile viruses maybe years ago but with journalist writing about it excessively but then there but as not much has happenedso it was decided it was big hype,” says Kalkuhl, “however now things are changing.”

“In the old days when mobile viruses came out where they were able to dial premium numbers and this type of stuff, this is how they could earn money, but now with internet availability 24/7 on a mobile it becomes attractive for bad guys who want to make it part of a botnet as it is essentially a small computer.”

And this is the area where Kalkuhl believes we will see biggest increase in the coming years, with the problem being that not many people have protection, and have no idea that their mobile phones have been infected.

But while Kaspersky Lab  expects that the mobile threat will double during 2011, Kalkuhl admits that the problem is “not mainstream”.

“For example a computer antivirus is already installed, but for smartphones this is not the case.”

“Even if we are not speaking about rootkits and the like, there are of course threats on the internet that don’t need to have software installed on your machine, for example walls on Facebook, and it is all happening in your browser.”

“This can happen on your computer on an Android phone or on an iPhone or a tablet.”

Tablets are of course another area of concern for security firms with Kalkuhl noting that currently “there is no protection on tablets, possibly the browser has a defence such as with Firefox, but this is not as efficient as commercial anti-virus or security software.”

When asked whether the asked whether the risk of mobile threat can be overstated at the moment Kalkuhl is adamant that we are coming to a stage where the risk is becoming more real.

“We are honest about it, we are not running around saying that Android phones are infected like hell and do whatever you can to protect yourself with antivirus, we are saying what that you need is security software as it is more likely that you can lose your phone or it can be stolen than it getting a rootkit on it for example.”

“But of course this can still happen and this situation will change simply because Android phones are becoming so popular and mainstream, so there is no question that when we speak again in two or three years the situation will be different and no one will need to ask if there is a problem on phones.”

So is it a case of pre-empting rather than reacting to the threat restrospectively?

“We are there to protect against the things that are out, but it’s nothing compared to what we will see in the future.”

The security of the cloud is also something that is of concern to Kaspersky Lab, with the firm recently releasing statistics showing that over three fifths of IT managers asked saw security as a major stumbling block to uptake.

However Kalkuhl beleives that despite its flaws issues of cloud security are outweighed by the advantages offered.

“Let’s say for a small company, say ten people, what is more secure, that they host their information in a server that is standing next to the kitchen where people can break in and where they have to deal with all the problems and maybe deal with hardware failure? Or host it with somewhere you have professionals where you have professionals with storage in earthquake proof buildings with lots of security.”

“Of course Amazon’s storage recently system crashed and they were unable to recreate all the data, and we will continue to see big problems and painfully learn our lesson until we are at the stage where the cloud is really relied on.”

However Kalkuhl highlights the worst case scenario is of a cloud provider which is hacked so that attackers can “get their hands on the virtual systems that are hosted on the server. There is nothing people could do against that once that has happened.”

“Unexpected things can happen as we have seen with Sony, it’s not cloud but most people would have said that they can’t imagine this would happen as it is so secure.”

According to Kalkuhl the Sony situation is another that is unfortunately likely to happen again in the future.

“It can happen and will always happen, the main problem is of course that people are storing more and more online – they have to because their life is happening more and more online – the only solution is thinking of ways to prevent the worst.”

Of course Kalkuhl  admits that this is difficult.

“If you are the one who is hacked then of course you should do everything to prevent this, but you would have presume that Sony have thought about the possibility and did something,” he says,

It is best to assume that such as situation will happen and try to minimise the risk by for example having different passwords on social media sites so if one password is leaked then bad guys can easily get into other services.” 

“This is one area which people need to be aware of, so it is a lot education for the user firstly, because for businesses that are hacked we at Kapersky cannot do anything about this,so maybe we will need some smarter ways of knowing what is happening with your credit card data.”