Not so smart phones?
Smartphone users are increasingly at risk from a cocktail of spyware and phishing scams, although data leakage and disclosure of sensitive information are the most common risks, according to a new report.
The European Network and Information Security Agency (ENISA) has identified the top security risks and opportunities of using a smartphone as well as dishing out advice to consumers and businesses.
It found the main risks to users are: spyware, poor data cleansing when recycling phones, accidental data leakage, and unauthorised premium-rate phonecalls and SMSs.
It is perhaps no surprise that criminals are increasingly targeting smartphones as they soar in popularity with Gartner figures revealing that some 80 million smart handsets were sold in Q3 2010 alone.
Apparently the biggest risk to smartphone users is relatively low-tech: having their phone nicked. An unprotected memory lets an attacker access the data on it, according to the report.
The second largest threat is a smartphone owner giving their phone to someone else or disposing of it without wiping the data correctly...again, similarly low tech and gift for cyber criminals.
More worrying though is the report's discovery that unintentional data disclosure is the third biggest risk. It reckons that while most apps have privacy settings, many users are unaware of forget that data is being transmitted and have no clue about how to tweak security settings.
Phishing attacks reportedly pose a ‘serious' risk to smartphone users via fake apps or seemingly genuine text messages, while spyware, defined as 'any software requesting and abusing excessive privilege requests' is also a big problem.
Completing the top 10 of smartphone risks are: network spoofing attacks, surveillance, diallerware, financial malware designed to steal credit card numbers and network congestion.
"Given the growing importance of smartphones for EU businesses, governments and citizens, we consider it essential to assess their security and privacy implications." says Prof. Dr.Udo Helmbrecht, executive director of ENISA.
However the report was not all doom and gloom as it recognised back-up data opportunities on smartphones and the benefits of app stores.
It listed the opportunities as: sandboxing apps, controlling software distribution, remote app removal to aid the removal of malware, backup and recovery functions ‘to address risks to data availability,' extra authentication and encryption options plus the very diversity of smartphones, which makes it tricky for criminals to attack a very large number of users with a single virus.
In order to make the best of opportunities and minimise threats, the report details a whole host of recommendations for smartphone users, including advising that consumers take advantage of automatic locking, checking the reputation and source of before downloading apps, closely reading permission requests and resting and wiping any handset they plan on disposing of.
