Is your phone data secure enough? Pic: thetechjournalcomUS President Barack Obama once used a BlackBerry as his trusty smartphone of choice instead of other smartphone brands. This is because of BlackBerry’s superior security protocol which is said to be impenetrable.

The US Government, even generals at The Pentagon seems to be of the opinion that using a BlackBerry is a more secure option for everyday communication because its encryption deters attacks from spies and hackers.

But one wonders: just how protected and secure is your personal information in your smartphones?

Just how important is phone security?

According to a report published by emarketeer.com, an internet marketing services company, there are about 1.74billion smartphone users in the world this year.

Smartphones are getting more advanced day by day. Pic: www.foxnewscomWith smartphones getting more advanced and software companies introducing more and more apps that take the work out of the physical world for us and into the virtual world, more people are dependent on their smartphones to handle their banking services, social interactions, written correspondence and personal messages, of which all contain very personal and sensitive information.

To understand the level of security of your smartphone, one has to know the operating system (OS) that the smartphone is running on. Apple’s iPhone, Android and Blackberry all has its own proprietary OS and although in general they aren’t one and the same, they however share quite similar risks and threats.

A smartphone can be quite vulnerable because once it is lost or stolen, the data stored could be accessed by some cunning and irresponsible individuals.

Such an ‘attack’ exploits the weaknesses of how information between smartphones travel through the air, which commonly includes the medium of SMS, MMS, Wi-Fi network or Global System for Mobile Communications (GSM).

What’s worrying is that according to Sophos Security Threat Report 2013, Malaysia is the sixth most vulnerable country in the world to cybercrime. Last year, there was an increase of 5,592 cyber security incidents according to the CyberSecurity Malaysia, with over 1,403 incidents involving short malicious software or malware.

Types of cyberthreats

In another report, Mobile Threat Report January-March 2013 by F-Secure, published by a Finland-based computer security company, malware is high security software risk that enables unapproved access to data in the form of code, scripts, or active content, such as credit card information and passwords.

It can be identified as a “Backdoor” (which allows unauthorised remote access), “Trojan Horse” (for the purpose of hijacking data/resources) and “Worm” (which does replications of itself to spread other computers) programs.

Although Potentially Unwanted Application (PUA) is a term used for PC-based threats, it is also considered to be unfavourable or intrusive for mobile applications. Among the PUAs are Spyware (which collects data through web browsing history), Trackware (tracking the user to a third party, like device location services) and Adware (tracking through advertisement display).

A report by BBC cited a research by security company Blue Coat Security Labs which found that pornography is the third largest security threat behind other malicious material that common users encounter on the internet. Despite less than 1 percent of the content is actual pornography, it is responsible for 6 percent of malware attacks.

Why is your phone under threat?

“Lesser PC sales made hackers shifted to targeting mobile users,” said Goh Su Gim, Security Advisor of F-Secure Corporation (M) Sdn. Bhd.

“Users fail to know that smartphones are in fact tiny PCs in the palm of their hands. Thus, they are not aware for the danger associated with their phone, which is powerful as it is able to hold a lot of information,” said Su Gim.

Goh Su Gim, F-Secure Security Advisor. Pic: www.liveatpccomHe said most people are at risk because of money. About 80 percent of the malware hackers would steal information such as banking accounts and personal username to access their victim’s account. Data is also collected via the International Mobile Equipment Identity (IMEI), GPS coordinates, contacts and images.

Malware like Trojans and viruses are mainly repackaged into applications for user to download from the third party app stores, not from reputable store like Google Play that is popular in the Android market.

A web security company report, F-Secure Threat Report H2 2013, said that Google’s Android platform has become the most exclusive target for hackers.

More than 75 percent of the problems originated from Saudi Arabia and India and the common malware programs reported includes Android app names like GinMaster, Fakeinst and SmsSend, which harvest data from the device or send premium-rate SMS messages.

“Phishing links sent via instant messaging app like WhatsApp, WeChat and even with SMS are common in luring victims into clicking these links that leads to websites that may host malicious content,” he explained.

Today, the increasing number of phone data hacking can easily be done by anyone through certain software, YouTube tutorial and gaining information through underground forums.

Su Gim said that the most effective measure for the increasing attack of hacking is to educate and raise awareness on the security risks and threats.

New age of file storage

Aside from our phone, the newly “cloud storage” system like DropBox and iCloud has replaced the way smartphone users store their files. However, these systems are lacking of security safeguards against malware or malicious content being uploaded to the servers.

“Users have to trust the provider when keeping their data safe and secure online. We should choose the one that has a strict government laws such in Europe,” adds Su Gim.

Safety measures for Personal Data

“We have undertaken a number of initiatives in order to implement best-in-class security technologies and ensure it complies to the regulatory and best practices,” said Dato’ Sri Shazalli Ramly, the Chief Executive Officer of Celcom Axiata Berhad.

In 2013, Celcom clinched the Cyber Security Award of the CyberSecurity Malaysia Awards and the first and only telco company provider to be recognized by them.

Dato Sri Shazalli Ramly, Chief Executive Officer of Celcom Axiata Berhad. Pic: Celcom“From the CyberSecurity perspective, Celcom has established policies and controls by investing into latest technologies to automate governance and advance threat analysis,” he said.

Maxis and Digi meanwhile has teamed up with Norton Mobile Security to protect the personal phone data, particularly to Android phones, with features such as web-based anti-theft, threat protection, call and SMS blocker, phone locator and anti-phishing protection.

According to a Digi spokesperson, all mobile networks are protected by advanced safety measures including firewall and encryption to ensure that any information that goes through the network remain secure.

The Personal Data Protection Act (PDPA) 2010 is an Act that regulates the processing of personal data of individuals in regards to commercial transaction, finally took effect last year in November.

It covers seven principles such as general, notice and choice, disclosure, retention, security, access and data integrity.

Every commercial sector in Malaysia such as banks, telecommunications and other data sensitive services in Malaysia must comply when obtaining and using their customer’s personal information, including sensitive data such as name, identity card number, date of birth and other information in all their operations, transactions and dealings with customers.

Always becareful when sharing personal data online. Pic: pearson4loyalty.comCyberSecurity enlists users with useful tips on preventing threats and mobile device protection that includes installing safeguards like anti-viruses, anti-spyware and firewall, securing Bluetooth ‘pairing’ when using it, password or lock code on devices and backing up devices’ data in case of stolen or lost devices that could endanger hackers to hack your phone.

Phone security is something we all should be aware of. It is best to keep abreast of the current mobile threats, so you can secure the sharing of your personal data and ensure that your personal information always move from one place to another safe and sound.

 Read More on