|
How Safe is Your Mobile?
Continued from page: 1
Anindya Roy
Saturday, July 05, 2008
Spyware
This is the biggest risk being faced by mobile networks today. The mobile
spyware industry has evolved tremendously in the last one year and both security
agencies and hackers are trying to use it for spying!
Recently we interviewed the CEO of Appin Knowledge Solutions, who talked
about possible Spyware threats in mobile communication. When asked why mobiles
are so susceptible to spyware attacks he said:
“Spywares are usually based on J2ME, and can be transmitted to a phone
through the following ways:
Downloading unauthorized software like games and videos which might have a
spyware attached, using GPRS.
Clicking on links received via messages. Through an MMS attachment. Through SMS.
| ”When a computer is hacked the only way
to access it is through Internet; but a phone can be reached by various
modes like SMS, call, internet, etc." Rajat Khare - CEO,
Appin Knowledge Solutions” |
He further added that “A phone that is infected with a Spyware can be
completely controlled and made to perform various functions. These include:
As soon as a call is made from the controller phone to the target phone one can
hear all conversations, happening at the place where the mobile is located.
Several functions of the phone can be controlled via just an SMS, such as
switching the phone off or on, retrieving data from the phone, ordering the
phone to upload data on a web interface, via GPRS, etc.
 |
|
SIM cracking software such as this are easily
available on the Internet, and can be used to break encryptions in SIM cards to
create their copies |
All the call logs can be checked through a web interface.
The SMS content can also be monitored using a web interface.All the data
stored in the phone can be viewed through a web interface.If the mobile has a
GPS, the location of the phone can also be tracked with this spyware.Even
audio/video recording can be done, just by sending the command through an SMS.
 |
|
While a mobile operator would use software such as
this to replace your SIM with a fresh one, somebody else could use it to clone
your SIM for malicious intent. |
As they say, that there's a good and bad side to everything. So Appin has
developed one such spyware and plans to provide it to government intelligence
and security agencies so that they can use it to track and spy on suspected
terrorists and criminals.
|
Mobile Security Solutions for Tata Users |
|
F-Secure Corporation has partnered with Tata Communications
recently. With this partnership Tata Communications will be the first in
India to offer its customers an all-in-one mobile security package. The
Mobile Security solution enabled by F-Secure includes realtime virus
protection, malware protection and an integrated firewall, and enables
smartphone users to enjoy the full potential of their devices without the
fear of mobile threats. This solution supports all the main mobile platforms
running an open operating system, Windows Mobile, Symbian S60 and UIQ. A
firewall provides additional security for all mobile devices that access
public WiFi networks. |
The
bad side is of course that there would be many such spyware programs available
on the Net, which can perform similar functions. The irony is that there
are websites selling such software openly and claiming to help the society
by providing means to track their flirtatious spouse, spoilt kids, etc.
SIM cloning
It might sound very Hollywood like, but yes it is possible. If you have seen the
movies Bourne Supremacy and National Treasure Part 2, then you would be aware of
SIM cloning. But there a few differences in reality. While in the movie, the
protagonist creates a copy of the phone in less than five minutes, and once
done, is able to listen to all calls that are dialed and received through the
original phone.
In reality, however, you can't clone all SIM cards. Second, if the card has
been clonedss, it still takes a huge amount of time. No one can clone a SIM card
in five minutes. It takes a couple of hours on a standard dual core machine to
clone a SIM card.
sMoreover, after cloning the SIM card it is impossible to hear the
conversation of the original phone from the cloned phone. However, what can
easily be done is to make calls and send SMSes using the number of the original
phone, and it would be billed to the original SIM. Second, if let's say a call
or SMS is made to the original number, it could be received either by the cloned
or the original phone, depending on which one responds to the operator's signal
first.
So, let's say, the original phone is off or it is out of reach, all calls
will go to the cloned phone. Even if both phones are on, the one that responds
first to the tower signal will receive the call.
SIM cloning is also not too difficult to do. Anybody even remotely familiar
with a little bit of programming can easily do it. Of course, we're not about to
get
into a tutorial of SIM cloning here. But we'd just like to add that SIM
cloning means copying the SIM's identification number to another SIM card so
that the operator treats both as one. Every SIM has an encryption key that needs
to be cracked. Thankfully, the newer SIMs have strong encryption keys, making
them more difficult to crack. It's the older 16k and some 32k SIMs that have
weaker encryptions which can easily be cracked. So if your mobile phone has a
SIM card that is older than June 2005, then chances are it can be cloned very
easily.s
Our advice is to get it replaced immediately. Most service providers do it
free of cost.
Other hot trends
Besides threats to mobile security, there are some very good trends taking shape
in mobility and mobile communication as well. The number of mobile phones
has exceeded 250 million this year. The cost of mobile phones has
dropped significantly, from the 3-4K range to 1.5-2K range.
|
Protection against Mobile Fraud |
|
We talked about so many threats that mobile phones face
today. Now let's talk about protection. Following is a list of some Dos and
Don'ts: Dos:
1. If you are using a SIM card which is more than one and a
half years old, then get it replaced immediately. This service is generally
free of cost and all you have to do is to contact your service provider.
2.
If your mobile phone was left unattended for some time (at least 4 hours or
more) at a location where someone else could have accessed it, then keep an
eye on your mobile bill. If you observe a discrepancy, then get the SIM
blocked and have a new one issued from your operator.
3. Install a good
antivirus on your mobile phone.
4. SMS is not a clean medium to communicate
confidential data. But if you still want to, then use encryption software
such as SMSProtector, Fortress SMS, etc.
5. Keep a close eye on your bill.
If you see some discrepancy, immediately get your mobile phone and SIM card
checked by an expert. Your phone could have a spyware.
6. If you are feeling
your phone's response time is very high, again take it to an expert. Your
phone might have a spyware.
Don'ts
1. If your phone doesn't have an
encrypted password valet, then don't save PIN numbers and passwords on it.
2. Don't leave your phone unattended for long.
3. Don't connect your phone
or its memory card to a PC which doesn't have an updated antivirus
installed.
4. Don't click on MMS or SMS links if you don't know or trust the
sender. Even if you trust the sender, it's always good to call him back and
check if he has actually sent the link or not.
5. Don't accept any SMS with
an attachment unless it is from your service provider and you have requested
for the same.
6. Never pass on sensitive information, such as bank account
or credit card details over the phone, if you get a call from a bank or
credit card agency. They're not supposed to ask you for this information
over the phone.
Note: We're not legal experts, so the points above should
not be treated as legal advice. You would need to contact a legal pracitioner if you need legal advice on protection against mobile fraud. |
Another hot emerging trend is that of SMSes. They're being used for some
really fancy applications.
Besides being used for generating business in TV shows, one application is
multi-lingual SMSes, and there are companies like Geneva Software offering thes
same. Geneva allows you to send SMSes to anybody in multiple Indian
languages. What's more, these SMSes can be sent to even ordinary cellphones
because the application converts them into a graphics image. This simple
solution can have as powerful impact, as it can be sent to people who're not
English literate. The govt. for instance can use this functionality to convey a
message to the common public, most of which is non-english speaking and carries
ordinary cellphones.
It could also be used to make public announcements, such as an early warning
system about a disaster. So for instance, if (God forbid), a Tsunami is about to
hit the Indian shores, then multi-lingual SMSes can be sent to the people who're
likely to be affected by it. It would be the fastest means of reaching out to
masses.
Likewise, GPS is another hot trend in mobile communication. Today it comes
in-built with many high-end mobile phones. A lot of companies have started
offering GPS maps. Nokia for instance, offers maps of over 100 countries, and
for eight Indian cities. These maps contain details of 75k+ Kms of road, 10k+
restaurants and hotels, 10k+ bank ATMs, 5k+ schools and colleges, 3k+ petrol
pumps, 3k+ places of worship, 2k+ hospitals and medical shops, etc.
Plus, even ordinary phones today with a GPRS connection can have location
information thanks to Google Maps, which uses GSM towers to identify your
location on a map.
Page(s) 1 2
|
