People may think their shiny new smartphones and tablets are safe from hackers and malicious software, but that isn't the case, Internet security experts say. Not only are new mobile devices vulnerable, most do not even come with basic virus protection software.
It gets worse. People can have malware on their phones and see no signs of trouble until it is too late. And experts say the problem is getting worse.
"Mobile phones and tablets are not on the consumers' radar when it comes to digital security," says Robert Siciliano, McAfee's Internet security expert. McAfee is a provider of computer security software and solutions.
The reasons why people don't think much about the dangers to mobile devices has a lot to do with the history of viruses and hacking.
Siciliano says the bad guys in the past mostly targeted PCs.
"Microsoft's operating system was the most hacked on the planet," he says. "They were the big player."
There were millions and millions of viruses targeting Windows.
On the other hand, Apple's Macintosh computers were harder to hack — and because there were fewer of them, they were not as appealing targets. Siciliano says that has changed as Apple adopted some practices similar to Microsoft such as a more open operating system.
But the memories of PC viruses linger. People may not even think about the vulnerabilities of their smartphone. Hackers, however, think about smartphones all the time.
A man called Space Rogue knows all about this. Space Rogue is a hacker, the good guy kind who helps companies look for security vulnerabilities in systems so they can fix them. He is the threat intelligence manager for Trustwave SpiderLabs, an information security company based in Chicago, but keeps his real identity secret to avoid retaliation from the not-so-good type of hackers.
"I don't think people realize that what they have in their hand is a computer," he says, "a computer that is more powerful than the common desktop people were using just a few years ago."
In the good old days, viruses and malware were created by people who just wanted to see what problems they could cause. The malicious programs were obvious because they did things like erase files and reformat hard drives. The creators of the viruses were doing it for fun.
Now the creators of viruses and malware use different tactics.
"Malware tries to prevent detection," Space Rogue says. "It tries to hide itself."
The goal isn't to destroy, but to steal. The people who create malware and viruses aren't in it for the laughs — unless you count laughing all the way to the bank.
"The bad guys changed their motivation," McAfee's Siciliano says. "Your mobile device is with you no matter where you are, no matter what you are doing. Whereas your PC isn't, unless it is on your lap or you are sitting in front of it at a desk, maybe 8 to 10 hours a day. Your mobile is with you in the doctor's office, it is with you standing in line at the concert, at the park, it is with you all the time. Bad guys know this and they are focusing on it because it is an excellent opportunity for them."
People are using their devices for banking online, credit card purchases and storing other personal information, Siciliano says.
Space Rogue says the criminals want to get control of victims' bank accounts, credit card numbers or to steal victims' identities. Often the criminals are doing this by repurposing older malware and viruses that were originally designed for PCs.
Another way criminals make money has nothing to do with people's checking accounts. Some malware sends SMS messages to premium services — short messages and digital content that charge fees to the phone. It is similar to the way scammers trick people to call expensive 900 toll numbers, except the malware sends the messages automatically and secretly. People learn about this problem when they see the huge extra charges on their phone bill.
Reducing the risks
Siciliano, naturally, encourages people to install security software like the kind his company, McAfee, offers. But he also says people can take other steps to help stop the bad guys.
Many people do not use passwords to protect their mobile devices. Siciliano suggests using different passwords for email accounts, a Facebook page and a banking account, rather than using the same password for all of them. He says it's also not good idea to keep passwords and other sensitive material on mobile devices.
Another way to reduce access, Siciliano says, is to turn off unnecessary connections. If people are not using WiFi, GPS or Bluetooth, they should turn them off.
Space Rogue says criminals are mainly targeting Android devices because the operating system is so similar to the PC. Hackers also have another problem: patches.
Whenever a new threat shows up, manufacturers scramble to create software fixes or patches to shore up security. With the iPhone, Apple automatically sends patches and installs them (Apple did not respond to a request for comment). Android devices, however, are less certain because once the patch is made available it is up to the various carriers to implement them. Sometimes they do not, leaving their customers vulnerable.
One of the most common ways smartphones are compromised is through malware — software that has malicious purposes and is loaded without the user's knowledge. With mobile devices this means apps. It could be an app specifically designed to get personal information or to allow criminals to remotely control a person's phone. It could also be a popular app to which somebody has secretely added malware.
Third-party app stores are rife with malware and should be avoided, Siciliano and Space Rogue say.
Siciliano recommends that if people have Android phones they stick to the Google Play app store. For Apple devices, the iTunes store is the best choice. Both stores vigorously investigate each app for malware.
Children are especially vulnerable to download whatever app they find. Space Rogue says it isn't a bad idea to restrict downloads so children have to get permission to download something.
But even with precautions and shopping at the right app stores then something new could slip through. Space Rogue says there was a dramatic increase in mobile malware and viruses in the last quarter of 2012.
"The most important thing to do is to be aware," Space Rogue says.