The weaknesses in mobile device security are becoming more and more evident with every new app release and technological advance. A recent report estimated that 95% of all Android phones in use are vulnerable to attack. That is a staggering 950 million devices that enable cyber criminals to potentially seize your data and gain access to your networks. The latest in a long line of mobile vulnerabilities has been the flaws in Android’s Stagrefright code which grants access through multimedia messaging (MMS). This is by no means the only issue that mobile devices have faced and until security is more prominently placed, it certainly won’t be the last.
The execution is simple. Hackers simply need your mobile number to be able to remotely execute code, sending malware rich media files through MMS to gain access. Adding to the intrigue around the Stagefright code vulnerabilities is the ability hackers have to delete infected messages before the recipient even knows what’s happened. You never need to physically open the attached file for the malware to take hold, as most Android devices automatically download MMS by default.
With manufacturers slow to release the patch that Google has developed to deal with the flaw, it is important that you take your own measures:
Open your Default Messaging App. If you are unsure which this is, visit Settings, select More and then Wireless & Networks to look for your Default Messaging App.
Once the app is opened find its Settings and look for Auto-Retrieving Multimedia Messages. This may be under Advanced Settings.
Uncheck the box. This gives you the option as to whether you download pictures and images from MMS.
A simple process but certainly not impregnable. Until the relevant patch is released then Android phones will still be at risk. There seems to be a show of intent by major manufacturers such as Samsung and HTC to start releasing monthly patches, but time will tell as to whether all devices will receive the treatment or whether older models will be left to suffer.
Stagefright hasn’t been the only issue to highlight the fragility of mobile device security. The Apple Pay issue is one that was originally raised in the USA but is quickly becoming apparent on British shores too. The concept is simple. By uploading debit and credit card details to an Apple Passbook account you are able to pay for goods by simply holding your device, either a watch or phone, to a contactless reader.
Tipped as a far more secure means of payment than chip and pin thanks to fingerprint recognition. It also supplies Apple with a wealth of personal information, creating an extensive database of its users. Every interest and purchase is logged and used for targeted marketing opportunities, with your bank details included.
From a security perspective criminals have started uploading stolen cards to devices, making it easier to get around chip and pin authentication. The wealth of information stored is also seen by many as a target too good to miss, with the detail of the data more comprehensive than in any other database. Is it safe? Time will tell.
With two thirds of smart phone owners spending just under two hours on their phone every day for internet and banking access, and 33% of internet users seeing smartphones as the most important device for going online, it is obvious that security will need to become more stringent to maintain protection for users. With companies able to remotely access and record from our mobile device cameras and shops able track our movements through Bluetooth there are hackable vulnerabilities everywhere. Stagefright and Apple Pay’s struggles may have been the most high profile issues, but it is inevitable that more frailties will be unearthed in time. Hopefully we will begin to take security on mobile devices more seriously before they do.