Delivering Best Practice Communication and Information Solutions

Middle East

How secure is your smartphone?

by April Deibert In Category: Middle East, Security

Here's an article about the most common current smartphone vulnerabilities.  So much that most people don't think about.  Read this with the Arab Spring in mind.  Great insights.


(Repost.  Originally by Shalaka Paradkar, Alpha Magazine/, 1 Apr 2012.)

In December 2010 Tunisian fruit vendor Mohamed Bouazizi set himself ablaze in an ultimate act of protest against harassment by government officials. No one could have predicted the cataclysmic changes that followed. Regimes toppled and dictators were overthrown as Bouazizi's death sparked the Arab Spring across North Africa and the Middle East. Mobile phones and social media were among the most influential media tools used to coordinate the protests.

On the first-year anniversary of the Arab Spring, security vendor Symantec discovered something else that followed Bouazizi's death - something that involved mobile phones and social media. In what appeared to be the first hacktivist (politically motivated hacking) attack targeted only in the Middle East, new Android malware was distributed through regional forums.

The malware - dubbed Android.Arspam by Symantec - was embedded into the pirated version of a popular Islamic compass app. Once downloaded, it went to work as a service called al Arabiyyah.

Every contact in the address book of the infected phone got a text message with a link to an online tribute to Mohamed Bouazizi. Whether the phone user sympathised or not with the hacktivists' cause, they had to pay for the text messages that spread the political propaganda. Bulent Teksoz, chief security strategist, Emerging Markets, Symantec says attacks like Android.Arspam represent test runs by hacktivists and cybercriminals targeting the Middle East, giving them an opportunity to test and develop their methods. "Cybercriminals are looking for easy money and the Middle East - because of the economy, mobile phone penetration and the number of people getting online every day - is a sweet spot right now. Coupled with the lack of protection and the number of mobile applications that exist, it creates the perfect condition for cybercriminals to come and play."

Symantec's 2012 State of Mobility Survey that polled over 6,000 organisations across 43 countries, discovered that mobile computing is the biggest IT security concern. And getting your phone hacked is no longer a headache just for British celebrities. Teksoz says a staggering one-tenth of mobile users in the Middle East who were surveyed by Symantec have had their phones compromised. "In 2011-2012, we discovered around 162 vulnerabilities on mobile platforms. It all points to an indisputable fact: we know the bad guys out there are looking for more ways to get into the mobile applications, mobile devices and mobile security."

The rise in popularity in mobile and cloud computing means that mobile devices are now a prime target for hackers. People generally have a false sense of security when using their phones, which can be foolish considering mobile phones are being used to do online shopping, access corporate emails and for banking. James Lyne, director of technology strategy at software developer Sophos, has a name for the haphazard attitude towards mobile phone use: ‘smartphone invulnerability syndrome'.

"In effect people are forgetting about practice and threats they've understood on their PC for years. Attacks can take a wide variety of forms, but the most common at the moment are basic, but effective, phishing scams like fake websites or emails. Users tend to be more likely to be duped on their phones, even by attacks they would delete immediately on their computer. Malicious applications are also growing in number, such as those that steal your banking details or credit card information."

Smartphones on the Android operating system appear most vulnerable to being hacked because any developer can upload an app for free distribution. Unlike Apple, you can download applications from any app store on the internet, making it easier for the bad guys to distribute bad code. However, Lyne adds that the Apple model isn't perfect either. Security researchers have recently found that it's possible to get malicious apps published by Apple.

The increasing bring-your-own-device trend (BYOD) in business means it's not just individuals, but companies that stand to lose millions in the years to come if this carelessness continues. As employees use their personal phone for business transactions, it makes companies even more vulnerable to their entire networks being brought down by one employee who may lose their phone or download malware. "In a corporate setup where executives are using their own device, it can be a security nightmare. Companies are turning to Mobile Device Management (MDM) software to manage these risks," says Teksoz. This has lead to the popularity of mobile security software that can remotely wipe data on a phone that has been lost or hacked.

Lyne agrees that mobile operating system vendors are starting to develop more capabilities to prevent such attacks, essentially re-learning the lessons of the PC, but there is a great deal more work to be done. "Today's mobile threat is quite basic, but if the bad guys escalate their tactics, mobile vendors at present aren't in a good position to respond."

So how can you tell if your phone has been hacked? Typical symptoms include unusual behaviour from the phone, inexplicable battery drains, device running more slowly than before and inflated bills. "Generally prevention is the best strategy as malware is not often obvious and visible - it does most of its work in silence in the background," advises Lyne.

Prevention, coupled with awareness - yes, your phone can be hacked, and quite easily at that - is the key to being smart about your smartphone.

In 2010 over one million mobile phone users in China were affected by the ‘Zombie virus' in which phones sent hundreds of text messages without the owners' knowledge.

Dumb things to avoid on your smartphone

1. The ‘smartphone invulnerability syndrome'.
"People need to be aware that these devices can be attacked and that they need to keep up to date with the latest security developments - mobile devices are changing at a very fast pace. We can expect significant development in this market over the next 24 months," says Lyne.

2. Not checking that the website and application you are dealing with is the correct one. Malware often looks very similar but is spelt slightly differently. "Ensure that encryption (SSL transport represented often by a padlock symbol in your browser) is enabled," advises Lyne. "Do not download any apps from unauthorised resources, be it someone sending you a file, a text message, a suspicious web page or unauthorised websites. Check that the permission being requested by the app match its features," says Teksoz.

3. Not treating your phone as you would your computer.
Follow the same best-practice protocol used to protect data on the computer. Don't put phone pin codes and banking passwords where they can be discovered by someone else if the phone is lost. "Use strong passwords and always make use of whatever security measures - like pin code or pass codes - are provided by the mobile phone," says Teksoz.

4. Not running security software on your mobile device or remembering to update it. 
Download the free mobile security awareness toolkit from Sophos.

5. Keeping connectivity enabled when it is not required and not being used.
"Keeping your Bluetooth on makes you vulnerable to attacks. Don't put your Bluetooth in a discoverable mode, use it when you need it but let it stay hidden," Teksoz says.

Leave a comment Read more

Newly released IREX audience research shows that while Iraqis continue to rely on television as their primary source for news and information, social media and mobile devices play an important role in the consumption and distribution of news and information in Iraq. The Iraq Audience Measurement Survey, a periodic study of media usage in Iraq, was commissioned by IREX as part of the Media and Technology for Community Development program.  D3 Systems of Vienna, Virginia conducted the survey.

The 2011 edition of the study builds on the 2010 wave of audience research released by IREX but now includes a new section focusing specifically on how Iraqi youth consume and share information. Interestingly, nearly half of Iraqis surveyed cited “Friends and Family” as a source of news. Reliance on social sources of information and overall low levels of trust in media outlets indicate that Iraqi media consumers, while extremely interested in news, remain skeptical of national and local media.

The study found that Internet usage in Iraq is overwhelming social, especially among younger users. Of the top five reported online activities, four involve social networking or personal communication while work related tasks, commerce, and research rank significantly lower. Iraqi youth who use new media to access news are just as likely as the rest of the population to use traditional media. Youth are actually more likely than the general population read newspapers and magazines for news.  

D3 and IREX presented the survey results to over 100 representatives from news outlets from across the country at a recent conference in Erbil, Iraq. Roundtables and discussions with media managers, led by D3 Systems’ Robert Johnston, followed to assist media outlets in interpreting the data and using the results to better serve their audiences.

The study is part of IREX’s ongoing efforts to support the development of a sustainable and professional media sector in Iraq and is funded by a grant to IREX from the United States Department of State’s Bureau of Democracy, Human Rights, and Labor (DRL).

Leave a comment Read more