Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

Spyware: The Next Generation

on November 2, 2012

The world of IT continually creates new technologies and malicious software develops along with it. As we become more reliant on devices such as mobile phones, consoles and tablets, it is just a matter of time before hackers begin to focus on these technologies and develop tools that allow them to snoop on and steal the confidential information – including critical information you might have shared with someone daily.

Mobile Phones:

Spyware for mobile phones is actually quite common. So far these tools have been used for a few years by individuals, often in a relationship, to track the other person’s activity.

An enterprising hacker though could take this a lot further. Your phone’s microphone could be used to record your telephone conversations. Does that sound farfetched? It’s not. The FBI has already utilized software to do this. This was confirmed by a US judge who approved the practice in 2006.

Just think how valuable a conversation between two prominent individuals would be to an attacker. Even a basic conversation between a client and the bank could be enough for an attacker to obtain personal data that could be used for identity theft. Boardroom discussions can provide valuable insider information to competitors, or used for insider trading on the stock exchange. The opportunities for a focused and tech-savvy group of fraudsters are enormous. So is the risk to end users.

There are a few limitations at present that make these attacks a little less appealing to hackers. The malware would need to be widespread for a viable yield – and that would mean analyzing thousands of hours of audio every day to mine nuggets of valuable information. The volume of information transferred would also be huge.

These limitations could be mitigated by using good speech recognition technology. However, this technology, while being reasonably accurate, still cannot identify every single spoken word, even when a user is speaking clearly into a microphone. Accurately analyzing a conversation from a mobile phone sitting in one’s pocket, while possible, would be considerably more difficult because of all the noise distortion.

Consoles:

In recent years, the popularity of consoles has exploded and you can find one in almost every home. Today, consoles are used for much more than just gaming. They are, for example, increasingly used as media centers. Technologies like Kinect also increase the amount of hardware attached to these devices. Gaining access to the devices attached to the consoles, such as microphones and webcams, is certainly possible. An attacker with time on his/her hands can take picture or record conversations, especially if there is an opportunity to blackmail the console’s owner.

That said, this is not very likely to occur any time soon. Consoles are quite well protected, with inbuilt measure to prevent unsigned software from running on the system. However, as consoles evolve to incorporate new technologies such as email, vulnerabilities will appear that could be exploited by malware creators.

Tablets:

Tablets have similar exploitable points as mobile devices. Tablets are becoming the ‘toy’ of choice in business and more and more employees are taking their devices to the office. Now, tablets connected to a network can pose as much of a threat as a laptop or networked PC does. Tablets are used in board meetings, corporate email, online banking and have confidential work-related data stored on them, and so on.

Although to date they have not proven to be a prime target for spyware creators, it does not mean it won’t happen. With millions of tablets sold monthly, that is one big ‘market’ for hackers to tap into! There is more potential in tablets for hackers than other devices because they are used more frequently for online transactions than, say, phones or consoles. People also tend to install a lot more software on their tablets than they do on their phone or console at home. The more software you install, the greater the risk of some form of spyware finding its way onto your device.

Talking prevention

The same security and safety tips we have been talking about for over a decade still apply. Don’t install software from sources you don’t trust, and avoid falling for social engineering attacks that attempt to gain information or install spyware on your device. When it comes to mobile phones and tablets, however, there is another important safety precaution to take note of: never leave them unattended. It is very easy for someone to install a spyware package once they have access to your device – so don’t let it out of your sight; and  if you protect your mobile device with a password, always beware of your surroundings to ensure you don’t fall victim to shoulder surfing attacks.

Be prudent and a bit of healthy paranoia always helps. The more mobile phones, tablets and consoles become part of our lives and our daily acitivities, the greater the chance that hackers will develop ways to try and gain access to them. Protect them as you would protect your PC.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!