US governmental agency FBI is alerting smartphone users to the growing threat of malware. Its Internet Crime Complaint Center has issued a warning to people whose handsets run the Android operating system about two newly identified threats Loozfon and FinFisher, as well as offering advice and guidance about keeping their smartphones and their contents safe from potential attacks.
Loozfon can steal contact details from a user's address book if they click on a link contained in an email that promises a work-from-home opportunity.
FinFisher can give hackers remote control of one's smartphone if they visit a web link or open a text message that is disguised as a system update.
Malware threats to the Android operating system are not new. Back in August 2010, Kaspersky Lab identified the first Trojan virus aimed at Android devices but the threat of viruses and malware is increasing because an increasing number of consumers own smartphones and use them to surf the net and manage aspects of their lives like agendas and email.
As Android is the leading operating system, it is also the most likely to be targeted. Since Apple doesn't license its operating system to third parties, iPhone users are less vulnerable to attacks, but that doesn't mean that they are immune. On October 12, the FBI has provided the following tips that should help keep all smartphone users, Android and Apple alike, safe from harm.
* When purchasing a Smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.
* Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user's personal data in the case of loss or theft.
With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application first.
* Review and understand the permissions you are giving when you download applications.
* Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.
* Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.
* Be aware of applications that enable Geo-location. The application will track the user's location anywhere. This application can be used for marketing, but can be used by malicious actors raising concerns of assisting a possible stalker and/or burglaries.
* Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. This allows the user nearly unregulated control over what programs can be installed and how the device can be used. However, this procedure often involves exploiting significant security vulnerabilities and increases the attack surface of the device. Anytime a user, application or service runs in "unrestricted" or "system" level within an operation system, it allows any compromise to take full control of the device.
* Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.
* If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.
* Smartphones require updates to run applications and firmware. If users neglect this it increases the risk of having their device hacked or compromised.
* Avoid clicking on or otherwise downloading software or links from unknown sources.
* Use the same precautions on your mobile phone as you would on your computer when using the Internet.