The annual Pwn2Own competition is a high-tech Steel Cage Match that pits hackers against technology. Contestants compete to hack selected software and hardware platforms. Not only do the winners get to keep any devices they exploit, but they can also earn significant cash prizes.
Sponsored by the Zero Day Initiative, a project that rewards security professionals for responsibly disclosing vulnerabilities, the competition provides full disclosure to vendors, giving them a chance to plug holes in their software before the bad guys find them.
When the smoke cleared from the 2009 competition, no mobile devices had been breached. But just one year later, European contestants were able to hack into a fully patched iPhone. Around that same time, white hat hackers from the Intrepidus Group hacked into the Palm WebOS with text messages that loaded malicious web pages.
Why Are Smartphones Difficult to Attack?
Quite simply, the limited memory and processing power of most smartphones makes them difficult to attack. A second factor in the limited success of smartphone attacks is the lack of a platform standard. Windows is a tempting target for hackers, because one exploit can open the door to thousands, even millions of computers. There is a very strong financial incentive to create malware that can spred so widely.
Read More: How Cybercrime Pays
How Do Smartphone Attacks Threaten You?
As smartphones become a bigger part of our lives, you can expect the succesful attacks against them to increase. However, unlike the PC attacks that aim to spread malware over as wide a field as possible, smartphone hackers will likely use spear phishing techniques to target individual users or companies. Because a spear phishing attack can target just one user, antivirus companies may never be aware of its existence. As a result, there is little hope of anti-virus software being written for many attacks.
Not only do smartphones contain a gold mine of personal and company information. They may very well provide an access point into company networks. As a result, expect smartphones attacks to focus on stealing the information on a particular phone, or using them to enter a network.
How Can You Secure Your Smartphone?
Fortunately, there are many steps that you can take to protect the data on your smartphone.
Don't Lose It
I know that sounds ridiculously simple. But a survery released in 2005 reported that 160,000 portable devices are left in Chicago Taxis every year. Fortunately, this is a security risk with a simple, low-tech solution. Put the device back in your holster or purse. Every time.
Use a Password
Odds are, you'll leave your smartphone behind at some point. And when you do, you'll heave a sigh of relief knowing that your data is password protected.
Use Antivirus Software
Some vendors, such as Norton provide antivirus software for selected mobile platforms.
Clear Memory Before You Dispose of Your Smartphone
The time will come when you want to trade up, and the smartphone you love so well will be consigned to eBay. Before that happens, make sure you wipe the device clean.
During the 2008 Presidential Election, the McCain Campaign sold some leftover BlackBerries for $20 each. Because they didn't wipe the devices before the sale, they also threw in some confidential campaign data for free. A reporter who purchased one of the devices got a peek at the inner workings of a campaign by reading the emails left in memory. He also found a contact list full of McCain supporters. No damaging information leaked out, but needless to say the campaign was red-faced.
Your smartphone stores valuable information that makes it a target for hackers. By taking some commonsense security steps, you can keep your data safe.