With the discovery over the last year or so that a 5 year old could hack into mobile phone voicemails, not surprisingly the goblins of every shape and size who would still like to know about us without us knowing that they’re knowing are working hard on new technology to quietly sidestep the blocking system it takes ten seconds to employ. And they are succeeding.
A growing number of companies, including start-ups and big names in computer security like McAfee, Symantec, Sophos and AVG, foresee huge growth in the business of protecting phones from hacks and spyware that can already read text messages, store location information, or add charges directly to mobile phone bills.
Experts in mobile security agree that mobile hackers are not yet much of a threat. But they think things will change very quickly, especially now that increasing numbers of people are using their phones for EFTPOS. (Here in France, you can get money out of the post office with them).
“The bad guys are going to follow the money over to phones,” says Charlie Miller, a researcher at US outfit Accuvant, “smartphones people have are computers, and the same thing that can happen on your computer can happen on your phone.” Also, initial studies suggest that people are more blase and distracted about mobile phone risks than they are with laptops. But the line between the two is blurring anyway – and harmful attacks are beginning. Predictably – as my last piece about hacking and blagging suggested – these are coming from Russia and China…with all kinds of motives.
Not surprisingly, this has the ISPs worried. Google says it regularly scans apps in the Android Market for malware and can rapidly remove malicious apps from the market and from people’s phones. It prevents Android apps from accessing other apps and alerts users if an app accesses its contact list or location, for instance. T-Mobile also builds the ‘Lookout’ firewall into its Android phones.
At the moment, phone-hacking to obtain access to secret and/or monetised data is comparatively rare – maybe no more than a million cases globally. But Giovanni Vigna, a professor at the University of California, avers that it’s just a matter of time before mobile security becomes second nature to consumers. “The moment malware starts direct thieving – using text messages and expensive minutes people have to pay for – things will move a lot faster,” he says.
But for those of us who have taken a keen interest in the hacking of celebs by the media – and blagging of corporate secrets via laptop contents – there are some mid-bogglingly awful possibilities here. The day isn’t far away when the eclecticism of mobile phones/gadgets in our pockets and handbags will be such that – moving a level above the common or garden virtual mugger – a Government minister, say, could have damning or even top security texts, emails and word documents on the device. Knowledge about Lord Ashcroft’s banking arrangements is one thing: a memo ordering SAS support for US surveillance in Pakistan is a different matter entirely.
The hardware and software boys looking forward to a big payday (as one level of technology is first of all broken and then redeveloped and then broken again ad infinitum) may sound like textbook repeat-purchase capitalism. But in both the personal liberty and State security fields, it is a nightmare that must not be allowed to happen.
Anti-Murdoch campaigning MP Tom Watson is already on the record as saying that “emails will be the next big front line” when it comes to protecting all of us from spying – authorised or otherwise. The reality is that, as everyday sensitive data transfers from the laptop or dongle to the phone, there are immediately a thousand new ways for the unscrupulous to bend the law and slide under our metaphorical front door. As a nation (and especially as a political and police class) we are light years behind in this area. If we don’t start to catch up soon, that’ll be another half-million immigrants we need to do it for us.