Skip to main content

Your smartphone is hackers' next big target

By Parmy Olson, Special to CNN
updated 1:33 PM EDT, Mon August 26, 2013
STORY HIGHLIGHTS
  • Mobile devices are the next battleground for data and privacy, Parmy Olson writes
  • Pumping phones with information makes them increasingly attractive target for hackers
  • If people value their privacy, they'll invest in services that encrypt their data

Editor's note: Parmy Olson is a journalist for Forbes magazine, covering mobile technology. She is the author of "We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency."

(CNN) -- In the world of cyber security there are some well-known designations for anyone that considers him or herself to be a hacker, the term being so broad in scope now.

One can be a "white-hat" hacker or a "black hat," the former being someone who uses their programming prowess to protect digital data, and the latter someone who seeks to subvert and steal it for their own malicious reasons. Fall into the middle and you're a "grey hat."

Parmy Olson
Parmy Olson

The recent revelations about the NSA in the United States have made these labels much fuzzier, since government and NSA hackers should be white hat. Yet a recent report in the Washington Post, citing top-secret documents and an internal audit, showed the NSA had broken privacy rules thousands of times as it conducted its widespread surveillance.

Of course, navigating the ethics of data privacy is a complicated business since there's just so much of it -- 90% of the world's data has been generated in the last two years, according to IBM.

Your cell phone: Easy to hack
How dangerous is mobile malware?

A very likely consequence of the NSA revelations from former cyber security contractor Edward Snowden, is that people will increasingly not care who the hacker trawling through their data is -- whether it's an ethically-conflicted government contractor like Snowden, or someone more unscrupulous trying to sell their digital address book to spammers.

They just want their data to be un-hackable.

Read more: SIM card hack inspires quick fix by carriers

Over the years, we've read about how easy it appears to be to hack a website, server, or a device if you just have the know-how and the inclination.

The subversive digital community Anonymous showed this in 2011, when clusters of young people within its network were able to temporarily paralyze websites of major corporations and steal data, often without the background of real programming knowledge.

In more than one case these volunteers used a free program they downloaded from the Web, which automated a data theft for them.

For those in the cyber security industry, such big attacks were an "I told you so" moment, proving how insecure our personal data was when it was stored in online databases by even large companies and institutions.

Read more: Hacker says phone app could hijack plane

The question of how we can find a good privacy balance in a networked world leads us to the paradox of mobile devices, the next battleground for data and privacy.

Smartphones are essentially mini computers and as a result can offer both our best hope for private digital communication, and greater vulnerability.

First the hope.

Smartphones are particularly vulnerable in emerging markets like China, where people download apps from third party sites because Google Play is banned by Beijing.
Parmy Olson

It's been made clear in the last few months that email is no longer considered a safe and secure way to send information to someone.

The founder of secure email service Lavabit, who counted Ed Snowden as a user, recently suspended his business in the face of a government investigation. The vendors of another secure email service, called Silent Circle, shut down their email service soon after, and cited fundamental security flaws inherent in email.

Phil Zimmermann, the co-founder of Silent Circle and inventor of a popular encryption standard for email called Pretty Good Privacy (PGP) even said at the time that email was just not secure anymore. In one way, thanks to using standard Internet protocols, it never has been. Now instead of using email, Zimmermann increasingly uses mobile messaging services of the kind offered by his company.

The general public can take a leaf out of Zimmermann's book. Mobile messaging apps like WhatsApp and Wickr look better mainstream options for secure digital communication.

Researchers: We can hack an iPhone through the charger

WhatsApp avoids advertisers like the plague and relies on subscription payments, while Wickr encrypts messages and deletes them after a set amount of time -- like a burning candle wick.

On the other hand, mobile phones are just another attack vector for grey and black hat hackers, with potentially richer information than what's obtainable from a desktop computer: location data, access to your contacts address book, photos and real time audio through your microphone.

Smartphones are particularly vulnerable in emerging markets like China, where more people use Android phones than in the U.S. and Western Europe, and download apps from third party sites because Google Play is banned by Beijing. The problem here is that it's becoming easier to inject malware into fake apps, for unsuspecting Android users to download.

See how hackers can control your house
Hackers watch child over camera monitor
Don't get hacked on vacation

In the last few months, security researchers have found a remote access tool in the wild called AndroRAT, which coupled with a new software tool called a binder, makes it surprisingly easy to inject malicious code into a fake version of a popular, paid-for app or game, package it together and upload it to a third-party site at a discounted rate or for free.

Once the app has been downloaded, the hacker can remotely steal the victim's contacts data, turn on their camera or turn on their mic and record conversations. Researchers say the tool is most attractive to spammers who want to steal contact data and premium text messages.

Read more: Are you in danger of 'drive-by' hacking?

What's disturbing is that using the tool does not require a sophisticated level of programming knowledge, echoing the desktop tools that were used by supporters of Anonymous to attack online databases.

Far more tame, but still disturbing for many privacy advocates, is the amount of data that mobile app developers are able to funnel out to advertising networks after you've downloaded one of their free apps -- and this applies to anyone that uses an iPhone or Android phone in the developed world.

History repeats itself. So long as we continue to rely on small, rectangular slabs for computers and carry them everywhere, pumping them with all manner of personal and professional information, they'll increasingly become a target for hackers white, grey or black.

If people value their privacy, they'll vote with their wallets and invest in services that encrypt their data and keep their communications private -- and a few they might ditch their phones altogether.

The opinions expressed in this commentary are solely those of Parmy Olson.

ADVERTISEMENT
Part of complete coverage on
updated 9:29 AM EDT, Mon October 20, 2014
Cornell Belcher says the story of the "tea party wave" in 2010 was bogus; it was an election determined by ebbing Democratic turnout
updated 4:12 PM EDT, Mon October 20, 2014
Les Abend says pilots want protocols, preparation and checklists for all contingencies; at the moment, controlling a deadly disease is out of their comfort zone
updated 11:36 PM EDT, Sun October 19, 2014
David Weinberger says an online controversy that snowballed from a misogynist attack by gamers into a culture war is a preview of the way news is handled in a world of hashtag-fueled scandal
updated 8:23 AM EDT, Mon October 20, 2014
Julian Zelizer says Paul Krugman makes some good points in his defense of President Obama but is premature in calling him one of the most successful presidents.
updated 10:21 PM EDT, Sun October 19, 2014
Conservatives can't bash and slash government and then suddenly act surprised if government isn't there when we need it, writes Sally Kohn
updated 8:28 AM EDT, Mon October 20, 2014
ISIS is looking to take over a good chunk of the Middle East -- if not the entire Muslim world, write Peter Bergen and Emily Schneider.
updated 9:00 AM EDT, Mon October 20, 2014
The world's response to Ebola is its own sort of tragedy, writes John Sutter
updated 4:33 PM EDT, Fri October 17, 2014
Hidden away in Russian orphanages are thousands of children with disabilities who aren't orphans, whose harmful treatment has long been hidden from public view, writes Andrea Mazzarino
updated 1:22 PM EDT, Sat October 18, 2014
When you hear "trick or treat" this year, think "nudge," writes John Bare
updated 12:42 AM EDT, Sat October 18, 2014
The more than 200 kidnapped Nigerian schoolgirls have become pawns in a larger drama, writes Richard Joseph.
updated 9:45 AM EDT, Fri October 17, 2014
Peggy Drexler said Amal Alamuddin was accused of buying into the patriarchy when she changed her name to Clooney. But that was her choice.
updated 4:43 PM EDT, Thu October 16, 2014
Ford Vox says the CDC's Thomas Frieden is a good man with a stellar resume who has shown he lacks the unique talents and vision needed to confront the Ebola crisis
updated 4:58 AM EDT, Sat October 18, 2014
How can such a numerically small force as ISIS take control of vast swathes of Syria and Iraq?
updated 9:42 AM EDT, Fri October 17, 2014
How big a threat do foreign fighters in Syria and Iraq pose to the West? It's a question that has been much on the mind of policymakers and commentators.
updated 8:21 AM EDT, Fri October 17, 2014
More than a quarter-million American women served honorably in the Iraq and Afghanistan wars. Now they are home, we have an obligation to help them transition back to civilian life.
updated 4:27 PM EDT, Thu October 16, 2014
Paul Begala says Rick Scott's deeply weird refusal to begin a debate because rival Charlie Crist had a fan under his podium spells disaster for the Florida governor--delighting Crist
updated 12:07 AM EDT, Thu October 16, 2014
The longer we wait to engage on Ebola, the more limited our options will become, says Marco Rubio.
updated 7:53 AM EDT, Wed October 15, 2014
Democratic candidates who run from President Obama in red states where he is unpopular are making a big mistake, says Donna Brazile
updated 12:29 AM EDT, Thu October 16, 2014
At some 7 billion people, the world can sometimes seem like a crowded place. But if the latest estimates are to be believed, then in less than a century it is going to feel even more so -- about 50% more crowded, says Evan Fraser
updated 12:53 PM EDT, Mon October 20, 2014
Paul Callan says the Ebola situation is pointing up the need for better leadership
updated 6:45 PM EDT, Wed October 15, 2014
Nurses are the unsung heroes of the Ebola outbreak. Yet, there are troubling signs we're failing them, says John Sutter
updated 1:00 PM EDT, Wed October 15, 2014
Dean Obeidallah says it's a mistake to give up a business name you've invested energy in, just because of a new terrorist group
updated 7:01 PM EDT, Wed October 15, 2014
Fear of Ebola is contagious, writes Mel Robbins; but it's time to put the disease in perspective
updated 1:44 PM EDT, Tue October 14, 2014
Oliver Kershaw says that if Big Tobacco is given monopoly of e-cigarette products, public health will suffer.
updated 9:35 AM EDT, Sat October 18, 2014
Stop thinking your job will make you happy.
updated 10:08 PM EDT, Tue October 14, 2014
Ruben Navarrette says it's time to deal with another scandal involving the Secret Service — one that leads directly into the White House.
updated 7:25 AM EDT, Tue October 14, 2014
Americans who choose to fight for militant groups or support them are young and likely to be active in jihadist social media, says Peter Bergen
updated 9:03 AM EDT, Mon October 13, 2014
Stephanie Coontz says 11 years ago only one state allowed same sex marriage. Soon, some 60% of Americans will live where gays can marry. How did attitudes change so quickly?
updated 4:04 PM EDT, Tue October 14, 2014
Legalizing assisted suicide seems acceptable when focusing on individuals. But such laws would put many at risk of immense harm, writes Marilyn Golden.
updated 9:07 AM EDT, Mon October 13, 2014
Julian Zelizer says the issues are huge, but both parties are wrestling with problems that alienate voters
updated 6:50 PM EDT, Mon October 13, 2014
Mel Robbins says the town's school chief was right to cancel the season, but that's just the beginning of what needs to be done
updated 11:43 AM EDT, Sat October 11, 2014
He didn't discover that the world was round, David Perry writes. So what did he do?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT