The increased risk is attributable in part to consumer behavior. The survey found that 62 percent of smartphone owners don’t use a password on their home screen, enabling anyone to access their information if the phone is lost.
The survey also found that 32 percent save login information on their devices.
More than 1 billion people worldwide are expected to own smartphones by 2016, according to Forrester Research. In the U.S. alone, consumers will own 257 million smartphones and 126 million tablet computers.
While smartphones commonly contain people’s banking data, family photos and contact information, anyone gaining access to a person’s email has the potential to do the most damage, according to Scott Campbell, director of technology for the School of Engineering and Applied Science at Miami University.
“An email application typically caches the last 50 articles and you can get access to more,” he said. “(That includes) any documents that were mailed to you, things that you purchased from Amazon, receipts, sell orders, confirmation of any transactions, all of that stuff is in your email.”
Having access to a person’s email can provide hackers with “a wealth of information,” which may help them deduce the answer to secret questions and allow them to impersonate a smartphone user.
Sometimes there’s no need for tracking down information, Campbell said. A hacker with access to someone else’s email often can visit another website, click a “forget your password?” link and reset the person’s password via a link sent to the person’s email.
It’s not necessarily the case that people believe smartphones are safer from break-ins than desktop computers, Campbell said.
“I just don’t think they think about it,” he said.
More than $1 million was stolen from users of Android-based smartphones in 2011 through malicious software, or “malware,” that made fraudulent charges to users’ phone bills, according to Lookout Mobile Security, a San Francisco company that develops anti-malware applications for the Android and iPhone markets.
Unlike PC-based malware, where a hacker must steal bank or credit card credentials and then find a way to access the accounts, the “GGTracker” mobile threat discovered in June exploited smartphones’ ability to charge user accounts through premium-rate text messages, like those used to purchase mobile ring tones or game tokens.
“Because it is a direct line to your billing, hackers are actually using that as a mechanism to charge people unknowingly,” said Alicia diVittorio, a Lookout mobile safety advocate.
Malware and viruses are being repackaged in apps that appear legitimate, as well as in malicious in-app and Web advertisements.
Malware aimed at the Android operating system surged to 13,000 samples at the end of 2011 from only 400 in June, according to a Juniper Networks study released in February. Malicious apps on the iPhone platform are limited because of Apple’s closed applications market and stringent screening model, but iPhone users also should use security precautions.
“The threats are different to the two platforms, but they are both software systems and every software system has inherent vulnerabilities,” diVittorio said. Operating system updates are important because they often fix security flaws, she said.
Like PCs, smartphones are vulnerable to Web-based threats such as “phishing” scams, which attempt to trick users into entering personal details into a fake website that looks legitimate. Such threats can be difficult to spot on a smartphone because of the smaller screen size.
“People are three times more likely to succumb to a phishing threat on their phone than their PC,” diVittorio said.
Using a free, public wireless network when conducting private transactions such as credit card purchases or mobile banking should only be done if the site shifts to Hypertext Transfer Protocol Secure or “HTTPS” before a website’s address when completing the transaction, Campbell said.
Nationally, overall identity fraud incidents rose 13 percent to 11.6 million people in 2011, but the dollar amount stolen remained steady, according to the Javelin study. The company in October 2011 conducted an address-based survey of 5,022 U.S. consumers to identify the impact of fraud.
About the Author