The BBC has demonstrated just how easy it is for someone to create a malicious application for a SmartPhone that steals information and spies on the owner.
Within a few weeks and with a bit of help from Chris Wysopal, co-founder of security firm Veracode, the BBC developed the application using parts from software toolkits.
Mark Ward, the technology reporter who demonstrated how it could be done, wasn’t a programming whiz; he simply downloaded a widely used application developer kit, learned some basic Java, and reworked existing code.
The application was pretty basic but wasn’t easy to identify as malicious as it looked just like a regular application, the kind of stuff available on any app store.
The BBC app wasn’t uploaded to an app store but was downloaded to a single phone instead and under its disguise as a simple game of noughts and crosses, it was able to retrieve data from the phone, grab text messages, log the phone’s location and send the information to a separate email address.
The security experts reckon that SmartPhones are now an easy target for would be fraudsters.
“Mobile phones are really personal devices” said Mr Wysopal.
“You might have one computer for a family but every family member has a personal device and it is with them all the time.”
The worrying thing is that a regular application can make legitimate use of all the functions that a malicious application needs, like access to contact lists etc.
“That’s kind of the scary thing” Mr Wysopal said.
“The face of the application, be it a game or a simple application that is for fun, can have behaviour that is not visible at the surface.”
Nigel Stanley, a security analyst at Bloor Research told the BBC that there are ways you can spot if you have been the victim of a rogue application.
“A very obvious tell-tale sign on the phone is all of a sudden your battery life is deteriorating” said Stanley, particularly if you wake up one morning and your battery has been drained overnight.
He also advises people to check their bills.
“Look at your billing information every month and if there are strange numbers appearing on your phone bill that might indicate that there is some software on there that is dialling out to premium-rate lines, billing you for a service that you have not authorised” he said.
The thing is we hear so much about security risks these days that a kind of complacency has set in. I mean who is bothering to check out the apps they download?
