Avoiding the DroidDream Nightmare: Taking A Common Sense Approach To Protecting Your Smartphone
As smartphones get"smarter," they resemble computers more and more every day, and their size and portability makes them a viable alternative to carrying a laptop.
The downside is that they also become increasingly attractive to hackers.
And it seems that smarter phones lead to smarter exploits. When the DroidDream exploit was exposed, Google responded swiftly with the Android Market Security Tool. Not to be outfoxed, hackers got a hold of the tool, added a Trojan to it and sent it back out to the public through a third-party Chinese market. Google then shot back by deploying a kill switch that automatically removed the malware from infected phones.
As the war between those who would exploit and those who would protect rages on, it becomes clear that ultimately we need to educate ourselves to be smarter than our phones.
The Trojanized version of the Security Tool had a few telltale giveaways that should have set off red flags. For example, it was not available on the Android Market, and it asked for permissions it should not have been required to fulfill its function.
Let’s discuss a couple of common sense approaches to mobile security that will protect you and your smartphone from exploits.
Watch out for requests to access permissions that seem unnecessary for the app.
A frequent example: If you are trying to download a scientific calculator and it’s asking for texting permission, something’s not right. As is any app requesting a urine sample. (Although interestingly enough, a UK group of clinical research was working on an app that will check for STDs via a urine-laden micro-USB chip.)
Requiring people to carefully read the permission screens is likely to cause business downtime as employees take the time to ponder the installation prompts rather than just clicking"next" as they have been trained to do. And to be fair, does the average smartphone owner know what SMS is—much less if it’s required for the app being installed? We kind of hope so, but we can’t really count on it.
Only download from reputable sources.
Of course a"reputable source" is left to each user to define. Based on how quickly Android Market discovered and removed DroidDream, some may accept it as a safe source. Then again, DroidDream did make it on to the Android Market in the first place, so safety is relative.
Install an antivirus app on your smartphone.
Surprisingly, there are still users out who are reluctant to invest in antivirus software for their personal computers. It’s likely that they will show the same disdain for their phones. Businesses face that particular problem when it comes to monitoring an employee’s personal cell phone (which may contain client phone numbers).
To meet SMB mobile security needs, a number of software companies have already come out with antivirus protection for smartphones, and really this is the best option for ultimate security.
Webroot has just come out with a mobile security app that you can access through several ways. You can either download a free version from the Android Market, or visit us to scan our convenient QR code. The free app doesn’t slow down your operating system and includes a remote-locking feature so no one but the intended user can use the device. It also blocks harmful websites, automatically checks for security updates every day and bars malicious software before it has a chance to infect your device.
For an upgraded version that lets you know whether you’re downloading a non-marketplace app and warns you of possible risks when using your USB port to download apps to your device, visit a BestBuy store near you.
Common sense may not be as common as it once was. Even if you know what to look for, sooner or later a really clever exploit will get past you. When that happens, Webroot’s got you covered.
By Nathan Darling