Thursday, 1 March 2012

Taking candy from a baby

A quick word of warning about Smartphones for the less than savvy smartphone users (and perhaps even those who think of themselves as savvy).

Smartphones are computers, no less (and often more) powerful than many we had on our desktops a few short years ago. They are more connected than our PC's often were and we store more personal data on them nowdays.

Putting something somewhere makes it possible to take it, and as anyone in security knows, internet access makes it vulnerable. How easy is it to get at your data? its as easy as taking candy from a baby it seems.

Sure, this is about facebook, but it can easily apply to Smartphones.

I've been doing computing for something like 30 years and been "online" for about 20 of those years now. Gosh things were different back then, and while there was the Internet there was now WWW, only stuff like FTP GOPHER, NNTP and the suchlike.

There's been a lot of changes over that time, but one thing seems to have remained constant: people try to hurt you or steal from you. There were Trojan horses, boot sector viruses and all manner of man in the middle attacks.

Yesterday I was in a conversation where I mentioned that while iPhones and Android devices were slicker and slicker with Nokia being left a little behind in the "sexy" look and feel there is something about Nokia that I still like ... and that's its OS Symbian.

Then today I read this article in the paper:

George Kurtz, co-author of Hacking Exposed, former McAfee security champion and now at the helm of Crowd Strike alongside Dmitri Alperovitch, demonstrated how the team designed a smartphone remote access tool (RAT) and eavesdrop operation, then set about purchasing the necessary items to make it happen, later coding and executing the attack on their demo phone.
“We believe we are here today and on the cusp of what we're going to see in the future. If you think of what a smartphone has the capability to do, it's the ultimate spying tool. Always powered on, always connected, travels around with us at all times,” Kurtz began.

and it reminded me of the conversation I had yesterday.

Next time you install an app from the Android market, or in your iPhone have a read of the sort of terms and conditions you have to accept. Heck and these are from the trusted sources.

I don't know how smart the general public is, but personally I value my privacy highly. Anyone remember the scandals surrounding GPS tracking via iPhones ?

So while people seem to make a point about "how their phone is easy to configure here or there" (as if they made it) I wonder seriously, what difference does it make? Most people don't fiddle with their phones, and arguing the point about OS is only what some of us geeks do.

It may even be that in the future people react against the Google and iPhone terms and (invasive) conditions and seek something less ... intrusive?

Here is a sample of "terms and conditions" you need to agree to to install an app on your Android device.

I'm sure that iPhone is not much less invasive.

Nokia is no saint here, its just that perhaps they didn't think people would fall for this sort of stuff. Since everyone else seems to be getting away with it stuff like Nokia Messaging has popped up and is slowly weedling its way into my email credentials is Nokia's attempted grab at my personal information via another method. Insidious really.

Perhaps I credit the General Public with too much thought and capacity for decision making, but should they wake up to this. Perhaps then they may demand a platform which just offers them what they need in apps and some privacy as well.

One thing for sure, you can count on the fact that noone's going to make money out of selling you that ... perhaps thats why iPhones and Android is so well marketed lately?

No comments: