Cellphones get smart, but so do hackers

In today's Sunday Times, there's an article titled "Cellphones get smart, but so do hackers".

Smartphones bring the world to our fingertips as these can access the internet. Users can download games and other applications but this potentially opens the door for attack. Such cellphones can be easily bugged by a hacker sneaking in programs called spyware. The smart phone user may be unaware of it but such spyware can capture all of the user's incoming and outgoing phone calls, texts and email messages. It can even remotely turn on a phone's microphone to listen to a user's surroundings (without any call being made).

The most common way to to remotely plant spyware is to 'social engineer' the victim into installing the spyware. Scammers can dupe victims into installing a virus on their smartphones by pretending to be a legitimate contact, be it a bank or friend, in an email or text message. Scammers typically infect the smartphones via bogus text messages purportedly from a phone user's bank. The spyware poses as an online banking application. Once installed, it sniffs all incoming messages, including one-time passwords for authenticating banking transactions.

The following note was disseminated to all staff recently and serves as a reminder for compliance:

Vulnerabilities of Smartphones

Recent security studies on smartphones have revealed a host of vulnerabilities associated with their usage. In fact, with Internet compatibility, cases of trojanised smartphones will increase and smartphones risk potentially becoming an even bigger target for hackers than computers.

Smartphones built on “open” programming platforms and operating systems (OS) fundamentally designed to accept applications (apps) have also resulted in a trade-off on the level of control over what these apps are doing in the background. Many apps available nowadays can even operate below or at the OS level rendering them almost "invisible" to the users. These include the likes of tracking and surveillance apps which infringe our privacy and pose security threats. "Utilities" that are able to perform lower level functionalities with dubious modular programming codes can also be integrated into "free apps" without the users' knowledge.

Currently, smartphones without image capturing capabilities are allowed to be brought into camps and premises provided they are not used to process classified information higher than Restricted and are not connected to any office networks. In addition to its computing capabilities, smartphones have recording functions as well.

Whilst recording devices are not carried into meetings, these smartphones are! Trojanised smartphones, when remotely activated without the knowledge of the user, can potentially compromise all conversations in the vicinity of the device. Accidental auto dials or enabling auto-answer can inadvertently breach security during classified meetings/discussions. Built-in GPS capabilities can track movement, coupled with information aggregation, can potentially result in a compromise of locations and operations. Common to all mobile phones, any loss, theft or seizure of smartphones will likewise result in a compromise of important information such as, official contacts, schedules, text messages etc. residing within










.