As Apple prepares to launch the iPhone 5 on September 12, Wall Street firms who let their employees bring their own smartphone to work had better watch out, because the hackers are coming too.
This week, the internet was abuzz with news that a group of hackers leaked a million ID numbers from Apple devices.
As the Wall Street Journal states in an article, "Apps and phones transmit a lot of information, and once it is out there, there is no telling where it will end up."
While we don’t know if Apple has done anything to improve security on the new iPhone release, smartphone users are typically much too complacent about securing information on their devices, notes Shirley Inscoe, senior analyst, Aite Group.
Today, people are much more careful about security on their laptops than on their mobile devices. This can be extremely damaging, particularly since iPhone users are increasingly using their smartphones to trade or carry out banking transactions, providing a wealth of personal information to potential hackers.
Mobile users typically store a host of other personal information on their mobile, such as contacts, appointments, and even including lists of passwords they use on websites or other devices.
Further, many people are still not putting a password to secure access to their mobile device – and even if corporations force their employees to put one, these passcodes can – and have been – hacked.
“It is relatively easy to break passcodes and gain access to information on a device,” Aite’s Inscoe says. “There’s a lot of data people store on their mobile devices, and they don’t realize how compromising it is if they lose their phone.”
Apple has always claimed their brand doesn’t get malware. There was a big instance this past quarter of malware attack against Apple that was successful against Macs, Inscoe notes.“What you will see is a lot more attacks against Apple products.”
Mobile apps are a particular concern, since many are infected with malware, Inscoe warns. “90 out of the top 100 free applications that are downloaded have malware. Those are being downloaded by Apple users as much as others,” Inscoe says, although she notes that there has been more Malware downloaded by Android devices.
In the past, criminals targeted laptops as that’s how people did their online banking. Now as people are carrying out financial transactions and online banking via mobile devices, we’re seeing criminals turning their malware efforts towards mobile.
“As people are doing more mobile transactions we will see that trend increase. Crooks go where the money is,” Inscoe notes. So what can Wall Street firms and users do to help secure these devices?
First security measure: Smartphone users should know that they can remotely delete the personal information on their device if they have lost it. Here from is how to do it.
Second security measure: Firms need to veto which apps their employees can download on their smartphones.
“There will come a time when people have to question, ‘If I’m going to use a device for personal trading, do I really need to download every app that appeals to me whether it’s free or not? That is how hacking is going to happen,” Inscoe says.
In fact, it may already have happened: Hackivism group AntiSec claims that all the Apple UDIDs had been collected thanks to an app installed on iOS devices . "People whose UDID was on the list released by AntiSec might want to compare their installed apps. A common culprit might be found," AntiSec said on Twitter.
The point is that your phone may already be infected without you knowing it, Inscoe says. Which brings us to the next security measure firms should take:
Third security measure: Run tests to detect whether devices that your employees are using are infected.
Anti-virus software only protects against malware it’s written to protect against. Apple might be scanning apps today for strains of malware it is familiar with, but new strains of malware that are embedded in apps could be approved by them and posted for download, as they don’t yet know what to look for.
“We are seeing and hearing about some Apple apps that contain malware, but you don’t know which apps are problematic,” Inscoe says.
Employers can even start running tests in the background on phones that are connected to the corporate network, without employees having to turn in their phones – or being aware of it. (Although that might not necessarily be a good thing.)