[Pete6#WP]

Smartphone scams: Owners warned over malware apps

07 November 11 02:29


A national computer security campaign is urging smartphone users to do more to protect themselves from unwittingly downloading malware applications.
Get Safe Online says that there has been an increase in smartphone malware as the market has grown.

Criminals are typically creating Trojan copies of reputable apps and tricking users into installing them.

Once on the phone, the app can secretly generate cash for criminals through premium rate text messages.

Get Safe Online, a joint initiative between the government, police and industry, said it was concerned that users of smartphones, such as Android devices, were not taking steps to protect their devices.

Get Safe Online said fraudsters are designing apps which generate cash secretly in the background without the owner realising until their monthly bill.

A typical scam involves an app designed to send texts to premium rate services without the user knowing.

Apps can appear to be bona fide software or sometimes masquerade as stripped down free versions of well-known games.

Rik Ferguson, a hacking researcher with internet security firm Trend Micro, said: "This type of malware is capable of sending a steady stream of text messages to premium rate numbers - in some instances we've seen one being sent every minute.
"With costs of up to �6 per message, this can be extremely lucrative. The user won't know this is taking place, even if they happen to be using the device at the same time, as the activity takes place within the device's back-end infrastructure."

Online banking
Another major security firm, Symantec, recently warned in its annual threat assessment that Android phones were at risk and that it had found at least six varieties of malicious software.

Minister for Cyber Security Francis Maude said: "More and more people are using their smartphone to transmit personal and financial information over the internet, whether it's for online banking, shopping or social networking.

"Research from Get Safe Online shows that 17% of smartphone users now use their phone for money matters and this doesn't escape the notice of criminals."

Tony Neate, head of Get Safe Online, urged people to check their phone's security.
"Mobile phones are very personal. I have talked to people who are never more than a yard away from their mobile phone. Because of that attachment, they start to think that they are in a way invincible.

"It's the end user that picks up the tab - it's your phone that incurs the costs. Whether you have pay-as-you-go or a monthly account, that money is going to come from the account and go to the criminal."

[Pete6#WP]

I found the above article during my morning news scan on my BlackBerry.

The approach shown affects all smartphones, including BlackBerrys. The article points out what we here have known for years. When you instalkl an app, you hand control of your phone over to this app when you run it. If it secretly sends SMS messages or, your complete contact list via email to somewhere, you have no control over this.

The answer is failry simple:

- Do not install just any old app, be careful.
- Watch what others are saying about this app here on CrackBerry.

[Chrisy]

I see Online Banking listed in bold, but not details on the scam. Is it fake banking apps?

[Pete6#WP]

I see Online Banking listed in bold, but not details on the scam. Is it fake banking apps?

Online Banking scams would have to be included since it will a). scae people into taking care and b). because it is one of the ways that a smartphone could be used to leach money from the owner.

Banking fraud is, of course, far more serious than having an app send a SMS texts to premium rate numbers or making hidden phone calls to high priced numbers. I have not seen any incidence of a banking fraud app reported. Anyone attempting smartphone online banking fraud would be up for a long jail term if caught and this will deter many groups from doing this. US bank need to increase their security for online users. I hold bank accounts in the US, UK and Switzerland and the US method of USrname + Password is a joke. For my Swiss and UK accounts I have a small calculator like device that generate a one time code after I enter my password into the calculator. The password is never transmitted over the line. Only the one time code goes that way. The Swiss are even more secure and require that I insert my debit card into the calculator before the calulator will power up. This is very secure for online use.

I have seen an app that sent SMS texts to high rate nubers. These benefit the destination number which is obviously set up and owned by the app writer(s).

Observe though that all the above methods require the USER to install an app and then run it before it can cause mischief. The fix is simple for savvy users like us - don't install the app.

For neophyte users the answer remains the same but often these people may not recognise a rogue app.

Apps coming from the Apple App store a reportedly vetted by Apple before being released so a non jailbroken iPhone is probably as safe as you can get.

I do not believe that RIM is so vigilant with AppWorld. They may be laying themselevs open to liability by possibly supplying rogue apps. They should definitely tighten up their release procedures.

I do not know what Google are doing to protect its users. I know that Google can delete apps from users phones remotely and should a rogue app apear on Android, Google should be able to go someway towards removing it.

That's really all I know right now.

I forgot to put the source link up so here it is
http://www.bbc.co.uk/news/mobile/uk-15600697?SThisEM

[Chrisy]

Gotcha, thanks for the info. I do online banking on my phone (BlackBerry and Android) and I do wonder if it's at least as safe as doing it online on a PC.

I'm wary of downloading applications. I only dl ones from big companies, that have a lot of downloads and ratings.

I especially don't trust password apps at all that sync to a cloud service. Android does not have a native PW app like Blackberry does in password Keeper.

[Fat Bastage]

I am not doubting that there is risk. But I have always found it amusing that the company that usually releases ( or quoted) these reports about coming virus, malware or identity theft through the mobile computing platform is Symantec which makes their living selling virus protection to pc users.

This is the same outfit that every 6 months predicts an impending Mac virus doomsday scenario that never surfaces.

[Pete6#WP]

I am not doubting that there is risk. But I have always found it amusing that the company that usually releases ( or quoted) these reports about coming virus, malware or identity theft through the mobile computing platform is Symantec which makes their living selling virus protection to pc users.

This is the same outfit that every 6 months predicts an impending Mac virus doomsday scenario that never surfaces.

You are bang on right here. No doubt.

Yes, there is a risk but how much of a risk? Anti-virus and security companies make a lot of money by spreading FUD (Fear, Uncertainty and Doubt) about malware scares. Most users do not have a clue about what there phone is doing or how it works.

A user can do quite a bit to not get caught (don't install free, demo or unknown apps, especially from unknown websites). They can also keep an eye on battery levels regularly. A phone that is banging the network heavily whilst it happily send out illicit SMS texts and phone calls to the afore mentioned premium destinations will deplete the battery faster than usual. As ever, common sense precautions and user behavior are your best defenses.

Obviously if you do get caught out, then you need to report it to your carrier immediately. They might care, probably not though.

[Pete6#WP]

Gotcha, thanks for the info. I do online banking on my phone (BlackBerry and Android) and I do wonder if it's at least as safe as doing it online on a PC.

I'm wary of downloading applications. I only dl ones from big companies, that have a lot of downloads and ratings.

I especially don't trust password apps at all that sync to a cloud service. Android does not have a native PW app like Blackberry does in password Keeper.

I use Acsendo for my password storage. It runs on my BlackBerry and on my PC. It syncs to the PC (both ways) too. I just checked and there is a version for Android.

[Fat Bastage]

Microsoft, Symantec et al and virus/malware writers have a symbiotic relationship together.

[DannyAves]

I found the above article during my morning news scan on my BlackBerry.

The approach shown affects all smartphones, including BlackBerrys. The article points out what we here have known for years. When you instalkl an app, you hand control of your phone over to this app when you run it. If it secretly sends SMS messages or, your complete contact list via email to somewhere, you have no control over this.

The answer is failry simple:

- Do not install just any old app, be careful.
- Watch what others are saying about this app here on CrackBerry.

That is not quite true. Both Apple and BlackBerry inspect and approve apps before they are released online but Android apps are not inspected for either quality or content and you can even sideload the .APK files without even going through the Android market.

[Chrisy]

You can download apps outside of BlackBerry App World too though. Bebuzz for example and Google Maps. Is that different?

[DannyAves]

You can download apps outside of BlackBerry App World too though. Bebuzz for example and Google Maps. Is that different?

Yes, those are approved apps.

[OniBerry]

Yes, those are approved apps.

Yeah, and for those two there are hundreds of apps available from everywhere. BeBuzz and GMaps are well known and trusted, I mean the small apps that are offered directly from websites or torrents. You have to be careful no matter what smartphone you are using. That article cited 3 out of 4 smartphones are infected with malware. I find that a little difficult to believe.

[Tre Lawrence]

4Q2... good advice.

Yep, Norton and co usually publish these so often. You must watch what you download. Peer review is a powerful tool, too.

I used Ascendo and Splash on on BB, and use Ascendo primarily on Android.