Smartphones: Protect your phone from these hackers' traps

Financially motivated hackers have traditionally targeted PCs. However, their attention will increasingly turn to smartphones over the next 12 to 24 months, warns Paul Kocher, president and chief scientist at Cryptography Research, a semiconductor security company based in San Francisco. The reason is twofold.

PC security is getting better, while smartphone security is getting worse due to increasing complexity. Soon, many of us may even be using our smartphones as credit cards, potentially opening a whole new can of worms.

Not all experts are so pessimistic, at least when it comes to mobile banking. The threat is more perception than reality, says David Eads of Kony Solutions, a mobile software platform company in San Mateo, Calif. All of the major banks he works with follow best practices of making consumers whole on losses due to mobile-banking fraud.

All three major smartphone platforms have their pros and cons, according to Mr. Kocher. No phone platform is necessarily safer than the others. Android does a great job of preventing applications from accessing parts of your phone without your knowledge, Apple does a better job than the rest monitoring the App Store, and Blackberry is highly proficient in terms of enterprise level security and encryption.

There are three primary ways in which cyber hackers can easily gain access to your phone’s private information, according to Kocher. These include Wi-Fi hotspots, malicious free apps, and websites that exploit security loopholes. We’ll discuss each risk below, and discuss how you can minimize the risks.

1. Public Wi-Fi

“For less than $100 worth of equipment, a hacker can eavesdrop or spoof a Wi-Fi hotspot,” says Kocher. When this happens, thieves can easily see the login and password information floating between your browser and a website without SSL encryption.

You can tell if a website is encrypted, if there is a lock logo in the URL field, or if the website has an “https” address instead of an “http” address. Fortunately, most major banks have encrypted login fields. But hackers know that many people use the same password across many websites, such as e-mail, banking, Facebook, and shopping sites, so it pays to be extra careful if you do extensive surfing at Starbucks over the free Wi-Fi.

What you can do:

If you have a choice between connecting via your phone’s 3G or 4G network or over free public Wi-Fi, definitely go with the 3G or 4G network. According to Kocher, it’s much more difficult and expensive to spoof a cellphone network signal than a Wi-Fi hotspot. Also, don’t use the same usernames and passwords for your financial data that you do for e-mail and social networking sites, and think twice before submitting your credit card number or other data over the network.

2. Be careful with free apps

Every app written for your smartphone has an “angle.” It is intended to make money directly or indirectly in some manner, for some programmer out there. Therefore, you should inherently be cautious of free apps.

1 | 2

Next