Smartphones have become a mine of personal information, holding bank data, credit card information and addresses, making them the preferred target for cybercriminals, experts warn.
“Cybercriminals go where there is value, and they have understood that the smartphone has become the preferred terminal for online shopping and payment,” said Tanguy de Coatpont, head of the French branch of international anti-virus firm Kaspersky Lab at the Mobile World Congress in Barcelona.
Ransomware, which seizes control of computers and demands money to unblock users’ data, has already started to target smartphones.
Now the devices are also being sought after as a gateway to key information about its user, experts at the phone industry’s largest annual trade fair said.
Cybercriminals have progressed from smartphone ransomware attacks to using Trojan Horse malware that can steal the login credentials of mobile banking users, said Fabien Rech, the head of the French division of Intel Security.
Using the stolen credentials, thieves can then log in to the victim’s account remotely and transfer money out.
“We see more and more attacks against banking apps,” said Rech.
There was a 17 percent increase in attacks targeting banking apps last year around the world, according to Slovakian cyber-security firm ESET.
A new crop of younger cybercriminals is more at ease with smartphones, said Russian online security specialist Eugene Kaspersky, the head of Kaspersky Lab.
“I think that old generation of cybercriminals are on personal computers, the new are those who are on mobile,” he said.
While most cyber-attacks target Android, the widespread smartphone operating system developed by US Internet giant Google, Apple’s iOS system, used on iPhones and generally considered more secure, is not immune from attack either.
“Frauding iOS could be easier because you only have few devices using it,” said Avishai Shoushen, the head of Israeli mobile advertising platform ClicksMob.
Since iPhones can be connected to other Apple products, hacking into the handset can give a cybercrimnal access to the data in other connected gadgets as well, said Ciaran Bradley, chief technology officer at Irish security firm Adaptive Mobile.
“Just an email looking like its coming from Apple can give an opportunity to access personal account information from any other device,” he said.
‘Don’t think about it ‘
Some phonemakers like Australia’s Cog System are developing phones with extra security features to appeal to consumers who are concerned about hacking.
The company unveiled in Barcelona the D4 Secure SDK, which it called “the world’s most secure smartphone”.
Cog Systems, which has for years supplied super secure phones for governments, is targeting big companies with the device.
Experts say most cyber-attacks could be prevented by smartphone users, who are often not aware that their device could be targeted.
“Consumers think that it is up to manufacturers to handle security issues, they tend to believe their connected devices are secure and they don’t think about it once it is open and running,” said Rech.
De Coatpont said proper use of a smartphone was key to preventing cyber-attacks.
“Protecting your mobile phone implies not installing unofficial applications and regularly updating its operating system when asked to do so. And of course paying attention to how you manage passwords,” he said.