We constantly hear about the dangers of viruses and malware on smartphones, but are the threats real or is it just the security companies who are crying wolf? PC Advisor met Kevin Freij, security expert and founder of MYMobileSecurity to find out.
PCA: How did you get the idea to start up MYMobileSecurity?
KF: I started the company in 2009 along with two partners. All three of us had a broad experience within the security industry which we could draw on. We thought that a user friendly mobile security software for home users was missing and, since most of the programs at that time were made for businesses. We were one of the first movers which gave us a major advantage. Today we have a wide portfolio - no-one else can offer home users the range of security apps that we can.
PCA: How does a small company like yours stand out among your major competitors such as Symantec and F-Secure?
KF: Firstly, we focus exclusively on mobile security, which means that we are experts in the field. Norton, for example, is focused on security for PCs and mobile security is only a small part of their product portfolio. We do not only provide antivirus for smartphones, but have developed a whole range of apps, all of which increase security and are easy to integrate with mobile operators, handset manufacturers, etc. Once our platform is implemented, we can easily add more security apps following the customer´s demands. This makes us a very flexible partner.
But when all this is said, timing, hard work, positive attitude and perseverance are a must when you are fighting against giants. Right now we have reached a point where we are ready to take in investors. In fact, we believe that investors are necessary for us to hold on to the position we have in the market right now because the competition is getting so strong.
PCA: How would you evaluate the security level on smartphones today?
KF: Mobile security is an explosively growing area. Think about how the use of smartphones has revolutionised the way we communicate and think about how fast it has happened. Today, most people have a smartphone and use it like a small computer 24/7. This has set high demands on safety.
Most people currently have an antivirus program on their PC but this is due to the long period of time that has passed since the first computer virus appeared more than 30 years ago. The smartphone industry is still new and so is the mobile security industry, but it won´t take long before we all have some kind of antivirus on our phone. It is challenging and requires constant innovation if we are to combat the growing crime that threats smartphones today.
On Android devices alone, malware and viruses rose by over 370% in just three months last year and this trend continues. The more widespread smartphones get, the more attractive it will be for fraudsters.
PCA: What threats are the greatest?
KF: We see more and more fake apps sneaking up on the app stores, particularly on Google Play but also Apple's App Store has been hit. The fake apps imitate the typically known and trusted apps, but when you download them, they can drain your account in no time by secretly sending text messages to expensive phone numbers.
It can also be a fake link that you click on in a text message or in an email on the phone. Several studies show that we are more likely to click on a fake link from our phone because the screen is small and we may have less time to examine it compared to if we sat in front of our computer. That insight is surely candy for hackers.
The false link often leads on to a website that infects your phone with a spyware program so your passwords, account and credit card information is registered and used. We see the same method used in the popular QR-codes, which you scan with a mobile phone camera.
Mobile banking is also a security issue today, where virtually all banks have an app that allows customers to transfer money to external accounts "on the run". Finally, stolen or lost phones are a serious threat because our phones today contain so many valuable data. It can be very uncomfortable to for us as individuals to get all our personal photos, text messages and emails stolen, but if the phone also contains business data, it can be a disaster for a company.
PCA: Are you sure you are not just crying wolf?
KF: Well, I actually don´t think I am. The threats are real, they are not invented by security companies. All new statistics show that malware on mobile phones is increasing and the fact that there are still serious security holes in operating systems and that hackers constantly find new ways to cheat users.
Lately we have seen examples of fake networks that look like the public Wi-Fi networks you can find in restaurants, cafes and airports. The hacker behind the fake network can get access to passwords and user names for the services that you normally log on to and this can happen to both Android and Apple users.
On the latest Black Hat Conference in Las Vegas the hacker Charlie Miller showed off newly discovered vulnerabilities in "near-field communications" features on Samsung and Nokia devices. NFC is a short-range wireless technology that's coming soon to all major smartphones. It's intended to let you beam content to nearby devices and use your phone as a mobile wallet, but it could also be a flashing neon sign for hackers.
PCA: Is there a difference between Android and iPhone in terms of security?
KF: Not in terms of the ability to get a virus or to have money withdrawn from the bank account, credit card or app store account. Apple has had a more closed ecosystem, which has set higher requirements for app developers making it harder to be approved by their App Store. In spite of that, we have recently seen many fake apps, both on Apple and Android stores.
Apple requires users to enter a valid credit card number to have an account on App Store and iTunes. This makes it very attractive for scammers to hack into iOS, combined with the fact that there are more apps in App Store. The advantage in terms of security that Apple has had so far will be diminished over time, I think.
One of the latest examples of a security hole in the App Store was discovered last week, when two colleagues of the company Shootitlive by coincidence found out that when more people access the App Store on the same Wi-Fi network, they could access the same Apple account. The method is called “Session Fixation Attack” and basically comes down to using a previous browser session to extract private data and get access to an Apple ID. This means that iTunes and App Store accounts can be compromised, as the hacker can change both the password and the email address.
Google has recently tightened the requirements for the Play store, realising that it was too easy to put up an app, which resulted in many fake apps. So, all in all I do not think one system is more secure than the other.
PCA: What can users do to protect themselves?
KF: A security program with antivirus of some kind is of course a must, but in addition common sense and prudence will be invaluable in the end. Think before you install a new app. Does it look plausible? Has it been notified on the web? Who are the owners behind? Are other users satisfied? And to what rights do you grant permission when you agree to the Terms? A barcode scanner, for example, could track you via GPS or view all your contacts. Pay attention to links in emails before you tap them. Hold the cursor over the link and read the address. The same goes for the bar codes, they can also be fake, so be careful with them.
Continues on next page >>