Malware targeting smartphones has been in the news a bit recently, thanks to some Windows snafus. But did you ever stop to think that the really scary thing about smartphones, according to security folk, is all your lovely data aboard ’em?
Over at Australia’s The Age they’ve been talking about the problem of smartphone security with experts in the antivirus and data protection worlds. Professionals involved in defending the more typical desktop computing environment against viral and malware attacks actually aren’t as worried about the mini computers we’re all hauling around in our cramped jeans pockets. This is despite recent concerns about a Trojan app for Windows Mobile devices called 3D Anti Terrorist and a worm that infected jailbroken iPhones a little while ago. The smartphone platform is typically closed, and in Apple‘s case only approved apps are allowed onto the device (unless you jailbreak the phone) so there’s pretty much zero chance you’ll “catch” a virus that may spirit away your passwords or bank account details to a malicious Chinese or Zimbabwean criminal in the same way as happens for desktop PCs.
Nevertheless, think about what your smartphone–particularly iPhones and Android devices with their bounty of apps, and BlackBerrys with their automated ties back to your workplace and your email–has aboard it. Forget about worrying about Facebook privacy: With just a push of a button or a poke at the touchscreen, pretty much anyone who got hold of your phone could read your email, read or make postings to your social networking app of preference, see pictures of you, your family, your girlfriend (think of the compromising celebrity “naughty snap” photos that keep popping up) and so on. The devices, existing as they do as an extension to the old notion of personal digital assistant, contain far more personal data than would ever have been accessible on older dumbphones. And, for the sake of convenience many of us have our apps auto logging-in and keep the phone unsecured, so that quickly accessing it to send a text or tweet, or snap a photo is easy.
The best demo of weakness in this model this is the poor Apple engineer who “misplaced” his iPhone 4 prototype in a bar earlier this year, resulting in the ongoing Gizmodo iPhone 4 saga. The guy who subsequently found the phone was able to easily find out who the prototype belonged to simply by opening up the Facebook app–which doesn’t require a secure user login for each new session. Apple later used its remote-wipe and lockdown facility to erase the phone, but not before personal data had slipped out–a risk anyone losing an iDevice faces, particularly if you’re talking about an iPad with only Wi-Fi, which wouldn’t erase until it was next connected to the Net.
This probably isn’t something you should be terrified about. Remedies exist such as quickly resetting your passwords for your private data services if you lose your phone. And there’s one simple thing everyone can do which instantly safeguards your data from all but the most data-savvy criminal: Enable passcode locking of your phone (and even SIM card PIN access) so that anyone who steals it or finds it once you’ve mislaid it can’t gain access.