Skip to main content

Your smartphone is hackers' next big target

By Parmy Olson, Special to CNN
August 26, 2013 -- Updated 1733 GMT (0133 HKT)
STORY HIGHLIGHTS
  • Mobile devices are the next battleground for data and privacy, Parmy Olson writes
  • Pumping phones with information makes them increasingly attractive target for hackers
  • If people value their privacy, they'll invest in services that encrypt their data

Editor's note: Parmy Olson is a journalist for Forbes magazine, covering mobile technology. She is the author of "We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency."

(CNN) -- In the world of cyber security there are some well-known designations for anyone that considers him or herself to be a hacker, the term being so broad in scope now.

One can be a "white-hat" hacker or a "black hat," the former being someone who uses their programming prowess to protect digital data, and the latter someone who seeks to subvert and steal it for their own malicious reasons. Fall into the middle and you're a "grey hat."

Parmy Olson
Parmy Olson

The recent revelations about the NSA in the United States have made these labels much fuzzier, since government and NSA hackers should be white hat. Yet a recent report in the Washington Post, citing top-secret documents and an internal audit, showed the NSA had broken privacy rules thousands of times as it conducted its widespread surveillance.

Of course, navigating the ethics of data privacy is a complicated business since there's just so much of it -- 90% of the world's data has been generated in the last two years, according to IBM.

Your cell phone: Easy to hack
How dangerous is mobile malware?

A very likely consequence of the NSA revelations from former cyber security contractor Edward Snowden, is that people will increasingly not care who the hacker trawling through their data is -- whether it's an ethically-conflicted government contractor like Snowden, or someone more unscrupulous trying to sell their digital address book to spammers.

They just want their data to be un-hackable.

Read more: SIM card hack inspires quick fix by carriers

Over the years, we've read about how easy it appears to be to hack a website, server, or a device if you just have the know-how and the inclination.

The subversive digital community Anonymous showed this in 2011, when clusters of young people within its network were able to temporarily paralyze websites of major corporations and steal data, often without the background of real programming knowledge.

In more than one case these volunteers used a free program they downloaded from the Web, which automated a data theft for them.

For those in the cyber security industry, such big attacks were an "I told you so" moment, proving how insecure our personal data was when it was stored in online databases by even large companies and institutions.

Read more: Hacker says phone app could hijack plane

The question of how we can find a good privacy balance in a networked world leads us to the paradox of mobile devices, the next battleground for data and privacy.

Smartphones are essentially mini computers and as a result can offer both our best hope for private digital communication, and greater vulnerability.

First the hope.

Smartphones are particularly vulnerable in emerging markets like China, where people download apps from third party sites because Google Play is banned by Beijing.
Parmy Olson

It's been made clear in the last few months that email is no longer considered a safe and secure way to send information to someone.

The founder of secure email service Lavabit, who counted Ed Snowden as a user, recently suspended his business in the face of a government investigation. The vendors of another secure email service, called Silent Circle, shut down their email service soon after, and cited fundamental security flaws inherent in email.

Phil Zimmermann, the co-founder of Silent Circle and inventor of a popular encryption standard for email called Pretty Good Privacy (PGP) even said at the time that email was just not secure anymore. In one way, thanks to using standard Internet protocols, it never has been. Now instead of using email, Zimmermann increasingly uses mobile messaging services of the kind offered by his company.

The general public can take a leaf out of Zimmermann's book. Mobile messaging apps like WhatsApp and Wickr look better mainstream options for secure digital communication.

Researchers: We can hack an iPhone through the charger

WhatsApp avoids advertisers like the plague and relies on subscription payments, while Wickr encrypts messages and deletes them after a set amount of time -- like a burning candle wick.

On the other hand, mobile phones are just another attack vector for grey and black hat hackers, with potentially richer information than what's obtainable from a desktop computer: location data, access to your contacts address book, photos and real time audio through your microphone.

Smartphones are particularly vulnerable in emerging markets like China, where more people use Android phones than in the U.S. and Western Europe, and download apps from third party sites because Google Play is banned by Beijing. The problem here is that it's becoming easier to inject malware into fake apps, for unsuspecting Android users to download.

See how hackers can control your house
Hackers watch child over camera monitor
Don't get hacked on vacation

In the last few months, security researchers have found a remote access tool in the wild called AndroRAT, which coupled with a new software tool called a binder, makes it surprisingly easy to inject malicious code into a fake version of a popular, paid-for app or game, package it together and upload it to a third-party site at a discounted rate or for free.

Once the app has been downloaded, the hacker can remotely steal the victim's contacts data, turn on their camera or turn on their mic and record conversations. Researchers say the tool is most attractive to spammers who want to steal contact data and premium text messages.

Read more: Are you in danger of 'drive-by' hacking?

What's disturbing is that using the tool does not require a sophisticated level of programming knowledge, echoing the desktop tools that were used by supporters of Anonymous to attack online databases.

Far more tame, but still disturbing for many privacy advocates, is the amount of data that mobile app developers are able to funnel out to advertising networks after you've downloaded one of their free apps -- and this applies to anyone that uses an iPhone or Android phone in the developed world.

History repeats itself. So long as we continue to rely on small, rectangular slabs for computers and carry them everywhere, pumping them with all manner of personal and professional information, they'll increasingly become a target for hackers white, grey or black.

If people value their privacy, they'll vote with their wallets and invest in services that encrypt their data and keep their communications private -- and a few they might ditch their phones altogether.

The opinions expressed in this commentary are solely those of Parmy Olson.

ADVERTISEMENT
Part of complete coverage on
September 16, 2014 -- Updated 1305 GMT (2105 HKT)
LZ Granderson says Congress has rebuked the NFL on domestic violence issue, but why not a federal judge?
September 16, 2014 -- Updated 1149 GMT (1949 HKT)
Mel Robbins says the only person you can legally hit in the United States is a child. That's wrong.
September 15, 2014 -- Updated 1723 GMT (0123 HKT)
Eric Liu says seeing many friends fight so hard for same-sex marriage rights made him appreciate marriage.
September 15, 2014 -- Updated 1938 GMT (0338 HKT)
SEATTLE, WA - SEPTEMBER 04: NFL commissioner Roger Goodell walks the sidelines prior to the game between the Seattle Seahawks and the Green Bay Packers at CenturyLink Field on September 4, 2014 in Seattle, Washington. (Photo by Otto Greule Jr/Getty Images)
Martha Pease says the NFL commissioner shouldn't be judge and jury on player wrongdoing.
September 16, 2014 -- Updated 1315 GMT (2115 HKT)
It's time for a much needed public reckoning over U.S. use of torture, argues Donald P. Gregg.
September 16, 2014 -- Updated 1225 GMT (2025 HKT)
Peter Bergen says UK officials know the identity of the man who killed U.S. journalists and a British aid worker.
September 16, 2014 -- Updated 1128 GMT (1928 HKT)
Joe Torre and Esta Soler say much has been achieved since a landmark anti-violence law was passed.
September 12, 2014 -- Updated 2055 GMT (0455 HKT)
David Wheeler wonders: If Scotland votes to secede, can America take its place and rejoin England?
September 16, 2014 -- Updated 1241 GMT (2041 HKT)
Jane Stoever: Society must grapple with a culture in which 1 in 3 teen girls and women suffer partner violence.
September 12, 2014 -- Updated 2036 GMT (0436 HKT)
World-famous physicist Stephen Hawking recently said the world as we know it could be obliterated instantaneously. Meg Urry says fear not.
September 12, 2014 -- Updated 2211 GMT (0611 HKT)
Bill Clinton's speech accepting the Democratic nomination for president in 1992 went through 22 drafts. But he always insisted on including a call to service.
September 12, 2014 -- Updated 2218 GMT (0618 HKT)
Joe Amon asks: What turns a few cases of disease into thousands?
September 11, 2014 -- Updated 1721 GMT (0121 HKT)
Sally Kohn says bombing ISIS will worsen instability in Iraq and strengthen radical ideology in terrorist groups.
September 16, 2014 -- Updated 2231 GMT (0631 HKT)
Analysts weigh in on the president's plans for addressing the threat posed by the Islamic State of Iraq and Syria.
September 11, 2014 -- Updated 1327 GMT (2127 HKT)
Artist Prune Nourry's project reinterprets the terracotta warriors in an exhibition about gender preference in China.
September 10, 2014 -- Updated 1336 GMT (2136 HKT)
The Apple Watch is on its way. Jeff Yang asks: Are we ready to embrace wearables technology at last?
ADVERTISEMENT