Not too long ago, nobody really worried too much about mobile security. The worst thing that could really happen to your data on your phone, most people thought, was that you would lose the physical device and somebody could make calls or browse your address book. Today, however, with the proliferation of mobile malware that can do anything from downloading your contacts list to a remote server to sending you pricey premium SMS messages, as well as a general trend toward letting employees use a mobile phone of their own choosing, the issue of mobile security have become far more pressing. This trend was clearly on display at the Mobile World Congress in Barcelona this week, where numerous well-known security firms and even more startups showed off their latest products.
Security and Android
Most of these security products today focus on Android. To some degree, Google's mobile operating system provides the perfect breeding ground for malware, as its open nature allows users to install apps from numerous sources and stores besides Google's official app store. It's far easier then for a malware developer to create an app that exploits flaws in Android's security and get it into circulation than it would be for somebody who wants to create iPhone or iPad malware. Apple, after all, only lets users download from one store and exercises complete control over it.
Earlier this week, I had a chance to talk to Brendan Ziolo, the VP of marketing at Kindsight. The Alcatel-Lucent spin-off provides desktop and mobile security products, but here in Barcelona, the company focused on its newly released mobile security tools for Android.
While there are now numerous Android security tools available, Kindsight takes a somewhat different approach than most of its competitors, as it also works directly with mobile carriers to provide both software to end-users that can scan a phone for known malware as well as detection software that runs on the carrier's servers. The company is working with a number of mobile operators to bring its tools to their users and there is a good chance that you will find its software on your phone at some point in the future. Given the nature of these deals, though, you may never know that it's Kindsight that is running in the background (the carriers are more likely to give it their own name).
What Hackers Can do With Your Compromised Phone
Ziolo showed me a demo of a malware app the company developed for Android. Just by installing a malware-infested clone of Angry Birds, a hacker could – within seconds of starting the app – start spamming your friends with SMS messages, download your address book, locate you and even get access to your phone's camera and see a live stream from it without you ever noticing it.
With the company's software running, of course, users quickly get an alert about what is happening and can then uninstall the application. The scan on the phone itself is similar to a standard anti-virus or malware scan you would run on your desktop. At the same time, the company's software on your carrier's servers also keeps an eye out for suspicious traffic and can even detect some malware it has never seen before.
While there has been some discussion over how widespread the Android malware problem really is today, most reports indicate that it's growing quite rapidly. As Kindsight's Ziolo also rightly pointed out, unlike the early days of desktop malware, hackers can now rely on an established infrastructure for selling personal information and other data, making the whole business even more attractive and lucrative for these criminals.