European agency names 10 biggest mobile security risks

The European Union’s IT security agency has put together a list of what it considers the 10 biggest risks to smartphone users. But it notes that such handsets also have features that can enhance security.

According to the European Network and Information Security Agency, the 10 risks are as follows:

  1. A phone being lost or stolen without the data being protected.
  2. A phone being thrown away or sold to a new user without all sensitive data being properly removed.
  3. Users not being aware of privacy settings on apps and unintentionally sharing data.
  4. Phishing scams being carried out through text messaging as well as e-mail. (The small screen can makes it harder to distinguish legitimate pages or messages.)
  5. Spyware getting onto the phone, for example through a rogue app.
  6. Attackers setting up a bogus network access point then relaying the call or data session to the intended target while intercepting the communications.
  7. Hackers or spies getting unauthorized access to a GPS tool or even a microphone or camera, effectively turning a phone into a spying tool against the user. (This can be done through rogue apps rather than requiring a physical bug.)
  8. Malware that forces the phone to dial or text premium-rate numbers.
  9. Malware specifically aimed at mobile banking.
  10. Always-on apps causing an overload to a data network. (This appears more of a usability problem than a security risk.)
The report did note that the way smartphones work also bring opportunities to improve security, most notably manufacturers using “sandboxing” to restrict apps’ access to a phone, restricting users to installing vetted apps from a central source, using remote killswitches to remove apps that prove to be malicious, and installing features that allow users to remotely track a lost or stolen phone, thus cutting the time during which data can fall into the wrong hands.

Frankly there’s little in the report that will be a surprise to anyone with a basic understanding of smartphones and a pinch of common sense. Still, bureaucracy is bureaucracy, and if gets the message through to people, businesses and governments who only pay attention to official reports, the exercise will have been worthwhile.[source]


Post a Comment