Skip to main content

Your smartphone is hackers' next big target

By Parmy Olson, Special to CNN
August 26, 2013 -- Updated 1733 GMT (0133 HKT)
STORY HIGHLIGHTS
  • Mobile devices are the next battleground for data and privacy, Parmy Olson writes
  • Pumping phones with information makes them increasingly attractive target for hackers
  • If people value their privacy, they'll invest in services that encrypt their data

Editor's note: Parmy Olson is a journalist for Forbes magazine, covering mobile technology. She is the author of "We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency."

(CNN) -- In the world of cyber security there are some well-known designations for anyone that considers him or herself to be a hacker, the term being so broad in scope now.

One can be a "white-hat" hacker or a "black hat," the former being someone who uses their programming prowess to protect digital data, and the latter someone who seeks to subvert and steal it for their own malicious reasons. Fall into the middle and you're a "grey hat."

Parmy Olson
Parmy Olson

The recent revelations about the NSA in the United States have made these labels much fuzzier, since government and NSA hackers should be white hat. Yet a recent report in the Washington Post, citing top-secret documents and an internal audit, showed the NSA had broken privacy rules thousands of times as it conducted its widespread surveillance.

Of course, navigating the ethics of data privacy is a complicated business since there's just so much of it -- 90% of the world's data has been generated in the last two years, according to IBM.

Your cell phone: Easy to hack
How dangerous is mobile malware?

A very likely consequence of the NSA revelations from former cyber security contractor Edward Snowden, is that people will increasingly not care who the hacker trawling through their data is -- whether it's an ethically-conflicted government contractor like Snowden, or someone more unscrupulous trying to sell their digital address book to spammers.

They just want their data to be un-hackable.

Read more: SIM card hack inspires quick fix by carriers

Over the years, we've read about how easy it appears to be to hack a website, server, or a device if you just have the know-how and the inclination.

The subversive digital community Anonymous showed this in 2011, when clusters of young people within its network were able to temporarily paralyze websites of major corporations and steal data, often without the background of real programming knowledge.

In more than one case these volunteers used a free program they downloaded from the Web, which automated a data theft for them.

For those in the cyber security industry, such big attacks were an "I told you so" moment, proving how insecure our personal data was when it was stored in online databases by even large companies and institutions.

Read more: Hacker says phone app could hijack plane

The question of how we can find a good privacy balance in a networked world leads us to the paradox of mobile devices, the next battleground for data and privacy.

Smartphones are essentially mini computers and as a result can offer both our best hope for private digital communication, and greater vulnerability.

First the hope.

Smartphones are particularly vulnerable in emerging markets like China, where people download apps from third party sites because Google Play is banned by Beijing.
Parmy Olson

It's been made clear in the last few months that email is no longer considered a safe and secure way to send information to someone.

The founder of secure email service Lavabit, who counted Ed Snowden as a user, recently suspended his business in the face of a government investigation. The vendors of another secure email service, called Silent Circle, shut down their email service soon after, and cited fundamental security flaws inherent in email.

Phil Zimmermann, the co-founder of Silent Circle and inventor of a popular encryption standard for email called Pretty Good Privacy (PGP) even said at the time that email was just not secure anymore. In one way, thanks to using standard Internet protocols, it never has been. Now instead of using email, Zimmermann increasingly uses mobile messaging services of the kind offered by his company.

The general public can take a leaf out of Zimmermann's book. Mobile messaging apps like WhatsApp and Wickr look better mainstream options for secure digital communication.

Researchers: We can hack an iPhone through the charger

WhatsApp avoids advertisers like the plague and relies on subscription payments, while Wickr encrypts messages and deletes them after a set amount of time -- like a burning candle wick.

On the other hand, mobile phones are just another attack vector for grey and black hat hackers, with potentially richer information than what's obtainable from a desktop computer: location data, access to your contacts address book, photos and real time audio through your microphone.

Smartphones are particularly vulnerable in emerging markets like China, where more people use Android phones than in the U.S. and Western Europe, and download apps from third party sites because Google Play is banned by Beijing. The problem here is that it's becoming easier to inject malware into fake apps, for unsuspecting Android users to download.

See how hackers can control your house
Hackers watch child over camera monitor
Don't get hacked on vacation

In the last few months, security researchers have found a remote access tool in the wild called AndroRAT, which coupled with a new software tool called a binder, makes it surprisingly easy to inject malicious code into a fake version of a popular, paid-for app or game, package it together and upload it to a third-party site at a discounted rate or for free.

Once the app has been downloaded, the hacker can remotely steal the victim's contacts data, turn on their camera or turn on their mic and record conversations. Researchers say the tool is most attractive to spammers who want to steal contact data and premium text messages.

Read more: Are you in danger of 'drive-by' hacking?

What's disturbing is that using the tool does not require a sophisticated level of programming knowledge, echoing the desktop tools that were used by supporters of Anonymous to attack online databases.

Far more tame, but still disturbing for many privacy advocates, is the amount of data that mobile app developers are able to funnel out to advertising networks after you've downloaded one of their free apps -- and this applies to anyone that uses an iPhone or Android phone in the developed world.

History repeats itself. So long as we continue to rely on small, rectangular slabs for computers and carry them everywhere, pumping them with all manner of personal and professional information, they'll increasingly become a target for hackers white, grey or black.

If people value their privacy, they'll vote with their wallets and invest in services that encrypt their data and keep their communications private -- and a few they might ditch their phones altogether.

The opinions expressed in this commentary are solely those of Parmy Olson.

ADVERTISEMENT
Part of complete coverage on
April 16, 2014 -- Updated 1642 GMT (0042 HKT)
Rick McGahey says Rep. Paul Ryan is signaling his presidential ambitions by appealing to hard core Republican values
April 16, 2014 -- Updated 1539 GMT (2339 HKT)
Paul Saffo says current Google Glasses are doomed to become eBay collectibles, but they are only the leading edge of a surge in wearable tech that will change our lives
April 15, 2014 -- Updated 1849 GMT (0249 HKT)
Kathleen Blee says the KKK and white power or neo-Nazi groups give haters the purpose and urgency to use violence.
April 16, 2014 -- Updated 1156 GMT (1956 HKT)
Sen. Sheldon Whitehouse and Rep. Henry Waxman say read deep, and you'll see the federal Keystone pipeline report spells out the pipeline is bad news
April 16, 2014 -- Updated 1153 GMT (1953 HKT)
Frida Ghitis says President Obama needs to stop making empty threats against Russia and consider other options
April 15, 2014 -- Updated 2129 GMT (0529 HKT)
Peter Bergen and David Sterman say the Kansas Jewish Center killings are part of a string of lethal violence in the U.S. that outstrips al Qaeda-influenced attacks. Why don't we pay more attention?
April 15, 2014 -- Updated 1641 GMT (0041 HKT)
Danny Cevallos says families of the passengers on Malaysian Airlines Flight 370 need legal counsel
April 14, 2014 -- Updated 1523 GMT (2323 HKT)
David Frum says Russia is on a rampage of mischief while Western leaders and Western alliances charged with keeping the peace hem and haw
April 14, 2014 -- Updated 1156 GMT (1956 HKT)
Most adults make the mistakes of hitting the snooze button and of checking emails first thing in the morning, writes Mel Robbins
April 14, 2014 -- Updated 1754 GMT (0154 HKT)
David Wheeler says as middle-class careers continue to disappear, we need a monthly cash payment to everyone
April 14, 2014 -- Updated 1155 GMT (1955 HKT)
Democrats need to show more political spine when it comes to the issue of taxes.
April 14, 2014 -- Updated 1555 GMT (2355 HKT)
Donna Brazile recalls the 50th Anniversary of the Civil Rights Act as four presidents honored the heroes of the movement and Lyndon Johnson, who signed the law
April 14, 2014 -- Updated 1317 GMT (2117 HKT)
Elmer Smith remembers Chuck Stone, the legendary journalist from Philadelphia who was known as a thorn in the side of police and an advocate for the little guy
April 13, 2014 -- Updated 1856 GMT (0256 HKT)
Al Franken says Comcast, the nation's largest cable provider, wants to acquire Time Warner Cable, the nation's second-largest cable provider. Should we be concerned?
April 11, 2014 -- Updated 1522 GMT (2322 HKT)
Philip Cook and Kristin Goss says the Pennsylvania stabbing attack, which caused grave injury -- but not death, carries a lesson on guns for policymakers
April 11, 2014 -- Updated 1906 GMT (0306 HKT)
Wikipedia lists 105 football movies, but all too many of them are forgettable, writes Mike Downey
April 11, 2014 -- Updated 1432 GMT (2232 HKT)
John Sutter and hundreds of iReporters set out to run marathons after the bombings -- and learned a lot about the culture of running
April 11, 2014 -- Updated 1649 GMT (0049 HKT)
Timothy Stanley says it was cowardly to withdraw the offer of an honorary degree to Ayaan Hirsi Ali. The university should have done its homework on her narrow views and not made the offer
April 11, 2014 -- Updated 1416 GMT (2216 HKT)
Al Awlaki
Almost three years after his death in a 2011 CIA drone strike in Yemen, Anwar al-Awlaki continues to inspire violent jihadist extremists in the U.S, writes Peter Bergen
April 12, 2014 -- Updated 0121 GMT (0921 HKT)
David Bianculli says Colbert is a smart, funny interviewer, but ditching his blowhard persona to take over the mainstream late-night role may cost him fans
April 10, 2014 -- Updated 1731 GMT (0131 HKT)
Rep. Paul Ryan says the Republican budget places its trust in the people, not in Washington
April 10, 2014 -- Updated 2128 GMT (0528 HKT)
Aaron David Miller says Obama isn't to blame for Kerry's lack of progress in resolving Mideast talks
April 14, 2014 -- Updated 1522 GMT (2322 HKT)
David Weinberger says beyond focusing on the horrors of the attack a year ago, it's worth remembering the lessons it taught about strength, the dangers of idle speculation and Boston's solidarity
April 10, 2014 -- Updated 1632 GMT (0032 HKT)
Katherine Newman says the motive for the school stabbing attack in Pennsylvania is not yet known, but research on such rampages turns up similarities in suspects and circumstances
April 11, 2014 -- Updated 1103 GMT (1903 HKT)
Simon Tisdall: Has John Kerry's recent track record left Russia's wily leader ever more convinced of U.S. weakness?
April 10, 2014 -- Updated 1640 GMT (0040 HKT)
Mel Robbins says Nate Scimio deserves credit for acting bravely in a frightening attack and shouldn't be criticized for posting a selfie afterward
April 9, 2014 -- Updated 1839 GMT (0239 HKT)
Wendy Townsend says the Rattlesnake Roundup -- where thousands of pounds of snakes are killed and tormented -- is barbaric
April 10, 2014 -- Updated 1345 GMT (2145 HKT)
Dr. Mary Mulcahy says doctors who tell their patients the truth risk getting bad ratings from them
April 9, 2014 -- Updated 1328 GMT (2128 HKT)
Peggy Drexler says the married Rep. McAllister, caught on video making out with a staffer, won't get a pass from voters who elected him as a Christian conservative with family values
April 9, 2014 -- Updated 1143 GMT (1943 HKT)
David Frum says the president has failed to react strongly to crises in Iran, Syria, Ukraine and Venezuela, encouraging others to act out
April 9, 2014 -- Updated 2057 GMT (0457 HKT)
Eric Liu says Paul Ryan gets it very wrong: The U.S.'s problem is not a culture of poverty, it is a culture of wealth that is destroying the American value linking work and reward
April 9, 2014 -- Updated 1151 GMT (1951 HKT)
Frida Ghitis writes: "We are still seeing the world mostly through men's eyes. We are still hearing it explained to us mostly by men."
April 10, 2014 -- Updated 1408 GMT (2208 HKT)
Chester Wisniewski says the Heartbleed bug shows how we're all tangled together, relying on each other for Internet security
April 9, 2014 -- Updated 1926 GMT (0326 HKT)
Danny Cevallos says an Ohio school that suspended a little kid for pointing his finger at another kid and pretending to shoot shows the growth in "zero tolerance" policies at school run amok
ADVERTISEMENT