- The Washington Times - Monday, July 30, 2012

Maybe your smartphone isn’t so smart after all.

Millions of smartphones and other mobile devices are vulnerable to malware that can steal passwords, drain bank accounts and even eavesdrop on users. But a small tech firm funded by a Pentagon research grant has developed a program to help protect smartphones, and it can be downloaded for free.

X-Ray, the security program financed by the Defense Advanced Research Projects Agency, was unveiled this week by Duo Security Inc., a Michigan-based start-up company.

“Anyone can download X-Ray from the Internet at xray.io,” said Brian Kelly, a spokesman for the company, adding that 8,000 people already have downloaded and used the package.

Smartphones such as the Droid and tablets such as the iPad are basically just small computers. As their use has spread, so has the malicious software designed to allow hackers to steal email, bank log-ins or other data — and even turn on the phone’s microphone and eavesdrop on its user.

Nearly half of all mobile-phone users in the United States last year had smartphones, according to Nielson.com, but few realize how vulnerable they are. Worldwide, there are more than 400 million mobile devices using the popular Android operating system, which is produced by Internet search giant Google Inc., according to the company’s website. Within five years, there will be 2 billion mobile devices across the globe, according to Ovum Research.

In 2011, security researchers identified 8,000 kinds of malware designed to infect mobile devices, “almost all of it” aimed at Android, according to Anup Ghosh, a research professor at George Mason University in Northern Virginia.

“A lot of it is cybercrime,” said Mr. Ghosh, referring to so-called Trojan Horse or keylogger infections that record log-ins and passwords for bank, social media and email accounts to allow hackers to steal money, data or identities.

“There is also a lot of espionage in the industrial sense,” he said, citing efforts to spy on or hack the email of U.S. business executives.

Fraud follows the money

Researchers in Europe have identified malware that surreptitiously forces smartphones to make calls or send text messages to premium rate lines, racking up income for the crooks who own the numbers and huge bills for the consumer, according to Sorin Mustaca, product manager at German computer-security firm Avira.

“The problem is big and getting bigger every day,” Mr. Mustaca said.

According to Bank News.com, 50 million Americans now are using smartphones for mobile banking. The business research firm Gartner Inc. says the total value of mobile banking transactions globally will be more than $171.5 billion this year.

“Where there is money, there is fraud,” Mr. Mustaca said.

Hundreds of security and anti-virus programs are available for laptop and desktop computers, and users generally can download software patches to fix known security flaws or weaknesses in the other programs they use.

Story Continues →