Skip to main content

Your smartphone is hackers' next big target

By Parmy Olson, Special to CNN
August 26, 2013 -- Updated 1733 GMT (0133 HKT)
STORY HIGHLIGHTS
  • Mobile devices are the next battleground for data and privacy, Parmy Olson writes
  • Pumping phones with information makes them increasingly attractive target for hackers
  • If people value their privacy, they'll invest in services that encrypt their data

Editor's note: Parmy Olson is a journalist for Forbes magazine, covering mobile technology. She is the author of "We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency."

(CNN) -- In the world of cyber security there are some well-known designations for anyone that considers him or herself to be a hacker, the term being so broad in scope now.

One can be a "white-hat" hacker or a "black hat," the former being someone who uses their programming prowess to protect digital data, and the latter someone who seeks to subvert and steal it for their own malicious reasons. Fall into the middle and you're a "grey hat."

Parmy Olson
Parmy Olson

The recent revelations about the NSA in the United States have made these labels much fuzzier, since government and NSA hackers should be white hat. Yet a recent report in the Washington Post, citing top-secret documents and an internal audit, showed the NSA had broken privacy rules thousands of times as it conducted its widespread surveillance.

Of course, navigating the ethics of data privacy is a complicated business since there's just so much of it -- 90% of the world's data has been generated in the last two years, according to IBM.

Your cell phone: Easy to hack
How dangerous is mobile malware?

A very likely consequence of the NSA revelations from former cyber security contractor Edward Snowden, is that people will increasingly not care who the hacker trawling through their data is -- whether it's an ethically-conflicted government contractor like Snowden, or someone more unscrupulous trying to sell their digital address book to spammers.

They just want their data to be un-hackable.

Read more: SIM card hack inspires quick fix by carriers

Over the years, we've read about how easy it appears to be to hack a website, server, or a device if you just have the know-how and the inclination.

The subversive digital community Anonymous showed this in 2011, when clusters of young people within its network were able to temporarily paralyze websites of major corporations and steal data, often without the background of real programming knowledge.

In more than one case these volunteers used a free program they downloaded from the Web, which automated a data theft for them.

For those in the cyber security industry, such big attacks were an "I told you so" moment, proving how insecure our personal data was when it was stored in online databases by even large companies and institutions.

Read more: Hacker says phone app could hijack plane

The question of how we can find a good privacy balance in a networked world leads us to the paradox of mobile devices, the next battleground for data and privacy.

Smartphones are essentially mini computers and as a result can offer both our best hope for private digital communication, and greater vulnerability.

First the hope.

Smartphones are particularly vulnerable in emerging markets like China, where people download apps from third party sites because Google Play is banned by Beijing.
Parmy Olson

It's been made clear in the last few months that email is no longer considered a safe and secure way to send information to someone.

The founder of secure email service Lavabit, who counted Ed Snowden as a user, recently suspended his business in the face of a government investigation. The vendors of another secure email service, called Silent Circle, shut down their email service soon after, and cited fundamental security flaws inherent in email.

Phil Zimmermann, the co-founder of Silent Circle and inventor of a popular encryption standard for email called Pretty Good Privacy (PGP) even said at the time that email was just not secure anymore. In one way, thanks to using standard Internet protocols, it never has been. Now instead of using email, Zimmermann increasingly uses mobile messaging services of the kind offered by his company.

The general public can take a leaf out of Zimmermann's book. Mobile messaging apps like WhatsApp and Wickr look better mainstream options for secure digital communication.

Researchers: We can hack an iPhone through the charger

WhatsApp avoids advertisers like the plague and relies on subscription payments, while Wickr encrypts messages and deletes them after a set amount of time -- like a burning candle wick.

On the other hand, mobile phones are just another attack vector for grey and black hat hackers, with potentially richer information than what's obtainable from a desktop computer: location data, access to your contacts address book, photos and real time audio through your microphone.

Smartphones are particularly vulnerable in emerging markets like China, where more people use Android phones than in the U.S. and Western Europe, and download apps from third party sites because Google Play is banned by Beijing. The problem here is that it's becoming easier to inject malware into fake apps, for unsuspecting Android users to download.

See how hackers can control your house
Hackers watch child over camera monitor
Don't get hacked on vacation

In the last few months, security researchers have found a remote access tool in the wild called AndroRAT, which coupled with a new software tool called a binder, makes it surprisingly easy to inject malicious code into a fake version of a popular, paid-for app or game, package it together and upload it to a third-party site at a discounted rate or for free.

Once the app has been downloaded, the hacker can remotely steal the victim's contacts data, turn on their camera or turn on their mic and record conversations. Researchers say the tool is most attractive to spammers who want to steal contact data and premium text messages.

Read more: Are you in danger of 'drive-by' hacking?

What's disturbing is that using the tool does not require a sophisticated level of programming knowledge, echoing the desktop tools that were used by supporters of Anonymous to attack online databases.

Far more tame, but still disturbing for many privacy advocates, is the amount of data that mobile app developers are able to funnel out to advertising networks after you've downloaded one of their free apps -- and this applies to anyone that uses an iPhone or Android phone in the developed world.

History repeats itself. So long as we continue to rely on small, rectangular slabs for computers and carry them everywhere, pumping them with all manner of personal and professional information, they'll increasingly become a target for hackers white, grey or black.

If people value their privacy, they'll vote with their wallets and invest in services that encrypt their data and keep their communications private -- and a few they might ditch their phones altogether.

The opinions expressed in this commentary are solely those of Parmy Olson.

ADVERTISEMENT
Part of complete coverage on
December 24, 2014 -- Updated 1952 GMT (0352 HKT)
Danny Cevallos says the legislature didn't have to get involved in regulating how people greet each other
December 23, 2014 -- Updated 2312 GMT (0712 HKT)
Marc Harrold suggests a way to move forward after the deaths of NYPD officers Wenjian Liu and Rafael Ramos.
December 24, 2014 -- Updated 1336 GMT (2136 HKT)
Simon Moya-Smith says Mah-hi-vist Goodblanket, who was killed by law enforcement officers, deserves justice.
December 24, 2014 -- Updated 1914 GMT (0314 HKT)
Val Lauder says that for 1,700 years, people have been debating when, and how, to celebrate Christmas
December 23, 2014 -- Updated 2027 GMT (0427 HKT)
Raphael Sperry says architects should change their ethics code to ban involvement in designing torture chambers
December 24, 2014 -- Updated 0335 GMT (1135 HKT)
Paul Callan says Sony is right to call for blocking the tweeting of private emails stolen by hackers
December 23, 2014 -- Updated 1257 GMT (2057 HKT)
As Christmas arrives, eyes turn naturally toward Bethlehem. But have we got our history of Christmas right? Jay Parini explores.
December 23, 2014 -- Updated 0429 GMT (1229 HKT)
The late Joe Cocker somehow found himself among the rock 'n' roll aristocracy who showed up in Woodstock to help administer a collective blessing upon a generation.
December 23, 2014 -- Updated 2115 GMT (0515 HKT)
History may not judge Obama kindly on Syria or even Iraq. But for a lame duck president, he seems to have quacking left to do, says Aaron Miller.
December 23, 2014 -- Updated 1811 GMT (0211 HKT)
Terrorism and WMD -- it's easy to understand why these consistently make the headlines. But small arms can be devastating too, says Rachel Stohl.
December 22, 2014 -- Updated 1808 GMT (0208 HKT)
Ever since "Bridge-gate" threatened to derail Chris Christie's chances for 2016, Jeb Bush has been hinting he might run. Julian Zelizer looks at why he could win.
December 20, 2014 -- Updated 1853 GMT (0253 HKT)
New York's decision to ban hydraulic fracturing was more about politics than good environmental policy, argues Jeremy Carl.
December 20, 2014 -- Updated 2019 GMT (0419 HKT)
On perhaps this year's most compelling drama, the credits have yet to roll. But we still need to learn some cyber lessons to protect America, suggest John McCain.
December 22, 2014 -- Updated 2239 GMT (0639 HKT)
Conservatives know easing the trade embargo with Cuba is good for America. They should just admit it, says Fareed Zakaria.
December 20, 2014 -- Updated 0112 GMT (0912 HKT)
We're a world away from Pakistan in geography, but not in sentiment, writes Donna Brazile.
December 19, 2014 -- Updated 1709 GMT (0109 HKT)
How about a world where we have murderers but no murders? The police still chase down criminals who commit murder, we have trials and justice is handed out...but no one dies.
December 18, 2014 -- Updated 2345 GMT (0745 HKT)
The U.S. must respond to North Korea's alleged hacking of Sony, says Christian Whiton. Failing to do so will only embolden it.
December 19, 2014 -- Updated 2134 GMT (0534 HKT)
President Obama has been flexing his executive muscles lately despite Democrat's losses, writes Gloria Borger
December 18, 2014 -- Updated 1951 GMT (0351 HKT)
Jeff Yang says the film industry's surrender will have lasting implications.
December 18, 2014 -- Updated 2113 GMT (0513 HKT)
Newt Gingrich: No one should underestimate the historic importance of the collapse of American defenses in the Sony Pictures attack.
December 10, 2014 -- Updated 1255 GMT (2055 HKT)
Dean Obeidallah asks how the genuine Stephen Colbert will do, compared to "Stephen Colbert"
December 18, 2014 -- Updated 1734 GMT (0134 HKT)
Some GOP politicians want drug tests for welfare recipients; Eric Liu says bailed-out execs should get equal treatment
December 18, 2014 -- Updated 1342 GMT (2142 HKT)
Louis Perez: Obama introduced a long-absent element of lucidity into U.S. policy on Cuba.
December 16, 2014 -- Updated 1740 GMT (0140 HKT)
The slaughter of more than 130 children by the Pakistani Taliban may prove as pivotal to Pakistan's security policy as the 9/11 attacks were for the U.S., says Peter Bergen.
ADVERTISEMENT