Skip to main content

Your smartphone is hackers' next big target

By Parmy Olson, Special to CNN
updated 1:33 PM EDT, Mon August 26, 2013
STORY HIGHLIGHTS
  • Mobile devices are the next battleground for data and privacy, Parmy Olson writes
  • Pumping phones with information makes them increasingly attractive target for hackers
  • If people value their privacy, they'll invest in services that encrypt their data

Editor's note: Parmy Olson is a journalist for Forbes magazine, covering mobile technology. She is the author of "We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency."

(CNN) -- In the world of cyber security there are some well-known designations for anyone that considers him or herself to be a hacker, the term being so broad in scope now.

One can be a "white-hat" hacker or a "black hat," the former being someone who uses their programming prowess to protect digital data, and the latter someone who seeks to subvert and steal it for their own malicious reasons. Fall into the middle and you're a "grey hat."

Parmy Olson
Parmy Olson

The recent revelations about the NSA in the United States have made these labels much fuzzier, since government and NSA hackers should be white hat. Yet a recent report in the Washington Post, citing top-secret documents and an internal audit, showed the NSA had broken privacy rules thousands of times as it conducted its widespread surveillance.

Of course, navigating the ethics of data privacy is a complicated business since there's just so much of it -- 90% of the world's data has been generated in the last two years, according to IBM.

Your cell phone: Easy to hack
How dangerous is mobile malware?

A very likely consequence of the NSA revelations from former cyber security contractor Edward Snowden, is that people will increasingly not care who the hacker trawling through their data is -- whether it's an ethically-conflicted government contractor like Snowden, or someone more unscrupulous trying to sell their digital address book to spammers.

They just want their data to be un-hackable.

Read more: SIM card hack inspires quick fix by carriers

Over the years, we've read about how easy it appears to be to hack a website, server, or a device if you just have the know-how and the inclination.

The subversive digital community Anonymous showed this in 2011, when clusters of young people within its network were able to temporarily paralyze websites of major corporations and steal data, often without the background of real programming knowledge.

In more than one case these volunteers used a free program they downloaded from the Web, which automated a data theft for them.

For those in the cyber security industry, such big attacks were an "I told you so" moment, proving how insecure our personal data was when it was stored in online databases by even large companies and institutions.

Read more: Hacker says phone app could hijack plane

The question of how we can find a good privacy balance in a networked world leads us to the paradox of mobile devices, the next battleground for data and privacy.

Smartphones are essentially mini computers and as a result can offer both our best hope for private digital communication, and greater vulnerability.

First the hope.

Smartphones are particularly vulnerable in emerging markets like China, where people download apps from third party sites because Google Play is banned by Beijing.
Parmy Olson

It's been made clear in the last few months that email is no longer considered a safe and secure way to send information to someone.

The founder of secure email service Lavabit, who counted Ed Snowden as a user, recently suspended his business in the face of a government investigation. The vendors of another secure email service, called Silent Circle, shut down their email service soon after, and cited fundamental security flaws inherent in email.

Phil Zimmermann, the co-founder of Silent Circle and inventor of a popular encryption standard for email called Pretty Good Privacy (PGP) even said at the time that email was just not secure anymore. In one way, thanks to using standard Internet protocols, it never has been. Now instead of using email, Zimmermann increasingly uses mobile messaging services of the kind offered by his company.

The general public can take a leaf out of Zimmermann's book. Mobile messaging apps like WhatsApp and Wickr look better mainstream options for secure digital communication.

Researchers: We can hack an iPhone through the charger

WhatsApp avoids advertisers like the plague and relies on subscription payments, while Wickr encrypts messages and deletes them after a set amount of time -- like a burning candle wick.

On the other hand, mobile phones are just another attack vector for grey and black hat hackers, with potentially richer information than what's obtainable from a desktop computer: location data, access to your contacts address book, photos and real time audio through your microphone.

Smartphones are particularly vulnerable in emerging markets like China, where more people use Android phones than in the U.S. and Western Europe, and download apps from third party sites because Google Play is banned by Beijing. The problem here is that it's becoming easier to inject malware into fake apps, for unsuspecting Android users to download.

See how hackers can control your house
Hackers watch child over camera monitor
Don't get hacked on vacation

In the last few months, security researchers have found a remote access tool in the wild called AndroRAT, which coupled with a new software tool called a binder, makes it surprisingly easy to inject malicious code into a fake version of a popular, paid-for app or game, package it together and upload it to a third-party site at a discounted rate or for free.

Once the app has been downloaded, the hacker can remotely steal the victim's contacts data, turn on their camera or turn on their mic and record conversations. Researchers say the tool is most attractive to spammers who want to steal contact data and premium text messages.

Read more: Are you in danger of 'drive-by' hacking?

What's disturbing is that using the tool does not require a sophisticated level of programming knowledge, echoing the desktop tools that were used by supporters of Anonymous to attack online databases.

Far more tame, but still disturbing for many privacy advocates, is the amount of data that mobile app developers are able to funnel out to advertising networks after you've downloaded one of their free apps -- and this applies to anyone that uses an iPhone or Android phone in the developed world.

History repeats itself. So long as we continue to rely on small, rectangular slabs for computers and carry them everywhere, pumping them with all manner of personal and professional information, they'll increasingly become a target for hackers white, grey or black.

If people value their privacy, they'll vote with their wallets and invest in services that encrypt their data and keep their communications private -- and a few they might ditch their phones altogether.

The opinions expressed in this commentary are solely those of Parmy Olson.

ADVERTISEMENT
Part of complete coverage on
updated 4:47 PM EDT, Fri April 18, 2014
Jim Bell says NASA's latest discovery support the notion that habitable worlds are probably common in the galaxy.
updated 2:17 PM EDT, Fri April 18, 2014
Jay Parini says even the Gospels skip the actual Resurrection and are sketchy on the appearances that followed.
updated 1:52 PM EDT, Fri April 18, 2014
Graham Allison says if an unchecked and emboldened Russia foments conflict in a nation like Latvia, a NATO member, the West would have to defend it.
updated 9:11 AM EDT, Fri April 18, 2014
John Sutter: Bad news, guys -- the pangolin we adopted is missing.
updated 1:10 PM EDT, Sat April 19, 2014
Ben Wildavsky says we need a better way to determine whether colleges are turning out graduates with superior education and abilities.
updated 6:26 AM EDT, Fri April 18, 2014
Charles Maclin, program manager working on the search and recovery of Malaysia Flight 370, explains how it works.
updated 8:50 AM EDT, Fri April 18, 2014
Jill Koyama says Michael Bloomberg is right to tackle gun violence, but we need to go beyond piecemeal state legislation.
updated 2:45 PM EDT, Thu April 17, 2014
Michael Bloomberg and Shannon Watts say Americans are ready for sensible gun laws, but politicians are cowed by the NRA. Everytown for Gun Safety will prove the NRA is not that powerful.
updated 9:28 AM EDT, Thu April 17, 2014
Ruben Navarrette says Steve Israel is right: Some Republicans encourage anti-Latino prejudice. But that kind of bias is not limited to the GOP.
updated 7:23 PM EDT, Wed April 16, 2014
Peggy Drexler counts the ways Phyllis Schlafly's argument that lower pay for women helps them nab a husband is ridiculous.
updated 12:42 PM EDT, Wed April 16, 2014
Rick McGahey says Rep. Paul Ryan is signaling his presidential ambitions by appealing to hard core Republican values
updated 11:39 AM EDT, Wed April 16, 2014
Paul Saffo says current Google Glasses are doomed to become eBay collectibles, but they are only the leading edge of a surge in wearable tech that will change our lives
updated 2:49 PM EDT, Tue April 15, 2014
Kathleen Blee says the KKK and white power or neo-Nazi groups give haters the purpose and urgency to use violence.
updated 7:56 AM EDT, Wed April 16, 2014
Sen. Sheldon Whitehouse and Rep. Henry Waxman say read deep, and you'll see the federal Keystone pipeline report spells out the pipeline is bad news
updated 7:53 AM EDT, Wed April 16, 2014
Frida Ghitis says President Obama needs to stop making empty threats against Russia and consider other options
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT