Symantec sounds alarm on threats to mobile devices

MANILA, Philippines - Rarely do I hear people complain about their mobile phones being compromised by malware and other forms of digital intrusion. Rare is good, but the fact that it can happen is no good.

ICT security vendor Symantec acknowledges that while the number of immediate threats to mobile devices remains relatively low in comparison to threats targeting PCs, there have been new developments in the field. As more users download and install third-party applications for these devices, the chances of installing malicious applications also increases.

In addition, because most malicious code now is designed to generate revenue, there are likely to be more threats created for these devices as people increasingly use them for sensitive transactions such as online shopping and banking, Symantec experts said.

Symantec categorized the top threats targeting mobile devices into six types which are Web-based and network-based attacks, malware, social engineering attacks, resource abuse, data loss, and data integrity threats. The following is a quick 101 from Symantec on what each attack can do.

Web-based and network-based attacks are typically launched by malicious websites or compromised legitimate websites. The bad website sends malformed network content to a phone’s browser and then manipulates it to run malicious logic.

The malware that infests computers are the same breed that can also wreak havoc to smartphones, which are really like miniaturized computers given their many productivity functions.

Symantec classifies malware into three: traditional computer viruses, computer worms, and Trojan horse programs. Traditional computer viruses work by attaching themselves to legitimate host programs; computer worms spread from device to device over a network while Trojan horse programs don’t self-replicate, but instead perform malicious actions, including compromising the confidentiality, integrity or availability of the device or using its resources for malicious purposes.

Social engineering attacks sounds like gobbledygook but in Symantec’s book it is about phishing and online deception designed to entice users to install something on their mobile devices that will turn out to be malware. The process apparently uses social engineering, a fuzzy jargon in this context but can be a form of threat nevertheless.

Symantec said many attacks directed to mobile phone intend to misuse the network, computing or the identity resources of a device for unauthorized purposes.

The two most common forms of resource abuse are spam e-mails being sent from compromised devices that can also be used to launch denial of service attacks on websites or even on voice or data network.

Another type of attack that could be really painful, figuratively, results in data loss after hackers get hold of their ill-gotten data from unsuspecting mobile device users. Hackers have become very creative in securing sensitive information from a device or network so users should also become very vigilant in protecting their data.

Finally there’s data integrity attack that has the culprit modifying or corrupting data to disrupt enterprise operations or to gain access to one’s financial data, for example. Symantec warned, however, that data may also be corrupted or modified by natural forces like random data corruption.

Now, look at your phone. Could it be under threat?