The BBC has created a smartphone application loaded with malware in order to highlight the dangers that smartphone users face.
The BBC reporter claims that he put the application together himself, with some help, using off-the-shelf toolkits that are available online, despite having almost no previous programming experience. The app was a crude game of noughts and crosses, designed to mimic the types of applications that are frequently downloaded in smartphone app stores. However, under the hood it was stealing sensitive data and emailing it to an account that the reporter has set up.
The app used 250 lines of code of its 1,500 total to gather contacts, copy text messages, log the phones location, and send that information on. Even if this information did not contain financially sensitive data it would certainly breach a user’s privacy.
The head of the security firm that worked with the BBC on the project claimed that, in terms of security, smartphones are now at the point that PCs were in 1999.
The BBC claim that only recently, Apple and Google have removed applications from their stores due to malware fears. However, in 2009, only two apps posted to the Android store were removed due to their attempts to access user’s financial information, according to a report by Wired.
TrustedReviews did not receive a reply from Google in response to a request for more information regarding rogue apps, while Apple was unable to provide any further information.
It terms of practical advice the BBC quoted Nigel Stanley, a security analyst at Bloor Research, who warned that people should look at battery life as an indication that something amiss is going on.
"A very obvious tell-tale sign on the phone is all of a sudden your battery life is deteriorating," he said. "You wake up one morning and your battery has been drained then that might indicate that some of the data has been taken off your phone overnight." However, we imagine that most people would leave their phone plugged in at night to charge, which would negate this tell-tale sign somewhat.
More practically, smartphone owners were also advised to keep an eye on their bills for unauthorised numbers dialling out. We’d have to say, that we all should be doing that anyway.
It was recently revealed that the JailBreakMe app for iPhones takes advantage of an exploit in how the Safari Mobile browser uses PDF files, which could potentially be used to direct users to a website for nefarious purposes. However, jailbroken iPhone users can install an application that warns on any PDF access to protect against this, which ironically makes their iPhones more secure than non Jailbroken handsets.