Android smartphone users can take some common sense precautions to protect their personal data from being stolen -- important advice considering an app developer purports to know how to take the information in under 60 seconds.
Loredana Botezatu of BitDefender, a cybersecurity software maker, recommends:
- Never lose sight of your smartphone in public.
- Keep a close eye on what a person is doing with your phone if you lend it to someone.
- Install mobile anti-malware software on your phone.
- Don't store job-related information on your phone unless it's encrypted.
The advice comes as a gray hat app developer has released into the wild five tools purportedly for "study purposes" that can clean out all the data on an Android smartphone in less than a minute.
Based on information from virus researchers at BitDefender, here's how the tools work.
When any of the apps is loaded on a victim's phone, they can be activated remotely by a cyber thief. Once activated, it sends a five digit pass code to the phone's intruder and secretly uploads the device's contacts, messages, recent calls, and browser history into the developer's space in the Android Cloud. After copying the data from the phone, the apps uninstall themselves so a target won't know they were even on their mobile.
To obtain data sucked from a phone, a Net crook need only travel to the developer's cloud location, enter the five-digit code generated by their copy of the app and for $5 they can download all the data nicked by the sinister software.
In an ironic twist, the developer has posted a notice at their site informing users of the apps that if they don't pay for the data they've stolen within 24 hours of the theft, all the information will be erased from the site "out of respect and for security reasons." "[N]eedless to say...this statement is by no means to be trusted," Botezatu cautions.
This latest attack on Android phones is just one of many this year. In fact, the phones are seen as a ripe target for mobile miscreants. According to a report released by a cybersecurity software maker in August, attacks on Android by malware writers jumped 76 percent over the previous three months, making it the most assaulted mobile operating system on the planet.
Some of that malware has been devilishly clever. For example, a bad app called Soundminer listens to conversations on an Android phone and is able to recognize when a credit card is spoken. After identifying such a number, it snips it from the conversation it has been recording and sends it to a Web baddie.
While cyber sorties like these may give some smartphone buyers pause before picking up an Android mobile, some commentators believe the benefits of an open system like Android outweigh those of systems with less openness and less vulnerability to attack. "Threats are everywhere," JR Raphael wrote in PC World. "The answer isn't locking down the world; it's taking basic precautions."
"With freedom of choice comes a small level of responsibility -- and whether we're talking about the Web or talking about our smartphones, the tradeoff is almost always worth it in the end," he added.