Criminal hackers never sleep, it seems. Just when you think you've battened down the hatches and fully safeguarded yourself or your business from electronic security risks, along comes a new exploit to keep you up at night. It might be an SMS text message with a malevolent payload or an errant signal designed to jam GPS receivers.
Whether you're protecting corporate data or simply trying to keep your personal files safe, these threats -- some rapidly growing, others still emerging -- put your systems at risk. Fortunately, security procedures and tools are available to help you win the fight.
1. Text-message malware
While smartphone viruses are still fairly rare, text-message attacks are becoming more common, according to Rodney Joffe, senior vice president and senior technologist at mobile messaging company Neustar and director of the Conficker Working Group, a coalition of security researchers that came together to fight the malware known as Conficker. PCs are fairly well protected today, he says, so some black-hat hackers are now targeting mobile devices. Their incentive is mostly financial: Text messaging provides a way to break into devices and make money.
Khoi Nguyen, group product manager for mobile security at Symantec, confirmed that text-message attacks aimed at smartphone operating systems are commonplace now that people are increasingly reliant on mobile devices. It's not just consumers who are at risk, he adds. Any employee who falls for a text-message ruse using a company smartphone can jeopardize the business's network and data and possibly cause a compliance violation.
"This is a similar type of attack as [is used on] a computer -- an SMS or MMS message that includes an attachment, disguised as a funny or sexy picture, which asks the user to open it," Nguyen explains. "Once they download the picture, it will install malware on the device. Once loaded, it would acquire access privileges, and it spreads through contacts on the phone, [who] would then get a message from that user."
In this way, says Joffe, hackers create botnets for sending text-message spam with links to a product the hacker is selling, usually charging you per message. In some cases, he adds, the malware even starts buying ring tones that are charged on your wireless bill, lining the pockets of the hacker selling the ring tones.
Wireless carriers say they do try to stave off the attacks. For instance, Verizon spokeswoman Brenda Raney says the company scans for known malware attacks, isolates them on the cellular network, and even works with federal crime units to block them.
To keep such malware off users' phones, Joffe recommends that businesses institute strict corporate policies limiting whom employees can text using company networks and phones, and what kind of work can be done via text messaging. Another option is a policy that prohibits text messaging entirely, at least until the industry figures out how to deal with the threats.