We have entered the age of using “smart payments” for almost everything. I can bank from my phone, pay bills from my phone, even buy merchandise from it. What I cannot do, however, is guard that phone from a growing number of security threats that seem to be getting out of hand. Now, before you go accusing me of being alarmist, let me say that I fully expect the smart phone industry to get this all figured out eventually. But millions of smart phones have already been compromised, more than once in many cases, and people are not getting the word.
The first threat to your smart phone comes from unregulated apps. I say “regulated” because I mean there are official “app stores” where you can download apps with good confidence that they have been approved by some unbiased process. Of course, as my smart phone keeps telling me, these apps can all access my private information so I have to trust the app companies not to abuse these privileges of access.
But anyone can create an app and upload it to a Website. If you cannot find their app in the app store on your phone you can still get it from a Website. So who is making sure these apps are safe? The consumer is responsible for his own security and privacy on the Web.
The second threat to your smart phone comes from the very code that it uses. Recent news says that 10,000,000 Android phones include security code that should never have been placed there. Ouch! And that news comes on the heels of another disclosure that we have been using flawed security since the 1990s. Hackers can have a field day with smartphones.
Snobby iPhone users are no safer, it would seem. Hackers recently also compromised Apple’s iCloud service. iPhone users cannot store their private data on removable chips inside their phones the way Android users can. Of course, cloud hosting services are provided to all smart phone users today. Your private data may be hacked by anyone, as many celebrities recently found out when their selfies were stolen and leaked to the Internet.
If you smartphone can be attacked and taken over by a hacker than whatever information you store on it or use it to pass to other devices (such as your banks’ networks) can be captured by the hackers. But that is not the end of the security problem.
Do you know what a “Man in the Middle attack” is? It is where a computer that you don’t know or trust pretends to be a computer that you do know or trust. Security experts say that all Websites should be using HTTPS protocol to protect their visitors’ connections. But this protocol does not protect you from man-in-the-middle attacks. Anyone can take a smartphone into a coffee shop and use it to steal users away from the “free wifi” network. Those users can then log into the smartphone via secure connection and use it to connect to their banks (securely). The hacker with the smartphone in the middle can decrypt all passwords and transmissions all day long while people are reassured that they are using secure connections.
These so-called proxy routers are so simple to set up because instructions and software are freely available from the Internet.
So how do we protect ourselves from these kinds of threats? Short of not using wireless devices in public, there is literally nothing you can do to defend against this problem. And if you download malware or a bad app it does not matter if you are at home or in public.
The changing world means we all have to become more aware of how electronic security works and how to manage it. Experts tell us to change our passwords often but I find that is impractical. What I think I will do for now is use my smartphone less often when I want to pay for something. I’ll go back to using cash or debit cards, if necessary.