NOVEMBER 2011
Khaas Baat : A Publication for Indian Americans in Florida
Techno Corner

BEWARE OF SMS, MMS ATTACHMENTS ON CELL PHONES

By ARUN MARBALLI

Over the past 50 years, computers have become exponentially more powerful while at the same time they have become smaller and smaller in size. At the risk of dating myself, I must confess that the very first computer that I worked on occupied an entire room and needed a climate-controlled facility to work reliably. Today, we walk around with tiny personal computing devices that have become so ubiquitous we cannot imagine life without them. About 10 to 15 years ago, the term convergence became a major buzz word and encapsulated the concept of merging computing, communications and entertainment into one platform – something we are seeing more of these days in the form of smart phones and tablet computers. While we have taken every step to protect our desktop and notebook computers, not enough has been done to protect these new “connected” devices. Furthermore, our usage of these computing devices has undergone a radical shift – from being used as a utility tool to now being used as a communication and entertainment tool. And the more we rely on connected appliances and other consumer devices, the greater the potential for a hacker to get into our lives and wreak havoc. It would behoove us therefore to pay some attention to the numerous exploits that could come our way via our trusted smart phones and other connected devices.

One of the most common attack vectors for cell phones are SMS (simple) and MMS (Multimedia) Text messages. The attack modus operandi on the smart phone is similar to the one used on computers. You receive a text message from someone you know and the message includes an attachment (or picture) or a link and you are enticed into opening it using some social engineering technique. Typically, you are lulled into a false sense of security that you can trust this message since it is on your phone. The only problem is that this message is not from your friend but it has been sent to you from your friend’s phone after it had been hacked and its contact list had been harvested by the hacker. Once the attachment has been opened, it loads malware that hacks your phone and the entire cycle is repeated with your contact list. In addition to harvesting your contact list, some SMS (MMS) Malware could be more lethal as well – it would start buying worthless apps from the hacker and charging it all to your cell phone bill or use some other ruse to separate you from your money. The best defense against these kinds of attack is common sense – avoid clicking on text-message links and/or attachments.

Besides texting, our smart devices are often used as a portal for accessing social networks such as Facebook or LinkedIn. These networks are used by us for connecting with our friends and professional contacts. The ease that these networks offer in finding and connecting with people also make them vulnerable to what is called social network account spoofing. This is an age-old technique for conning people that has found new legs in this cyber world. In a typical exploit, you are contacted by someone whose name you recognize as a “long-lost” friend or colleague you worked with – someone you trust. Once the connection is established, your “new” friend begins communicating with you via e-mail outside the social network and eventually exchanging information that could lead to your identity being compromised. The problem here is that these social networks provide an environment where everything appears to be very nice and friendly and enables you to drop your guard. Additionally, on these networks it is important to recognize that you are connecting with a digital alias of a physical person and the alias chosen could be misleading and lead you to believe that you are connecting with a person you know but in fact you could be connecting with a masquerader. Again, the only way to avoid being taken is to use common sense when dealing with people reaching out to you for connecting – especially if you don’t know them personally.

Another way in which your social network account could be compromised is by succumbing to something akin to a phishing scam. You typically receive an e-mail that appears to come from LinkedIn indicating that someone is reaching out to you for connecting via LinkedIn. You typically respond by clicking on the link provided in the e-mail and enter your username and password into the LinkedIn access webpage that opens up – except – are you sure that you are actually logging into LinkedIn and not into a spoofed web page that just looks like the LinkedIn portal? Once you have entered your username and password, you just gave away the keys to your account and access to all your connections. Once again the common sense way of handling this is not clicking on the link in the e-mail but going directly to LinkedIn and logging in there to see if you have an invite waiting for you.

Finally, GPS-enabled smart phones in conjunction with social networks such as Twitter and Foursquare enabling users to virtually follow one another, have provided some amongst us the ability to indulge in a phenomenon known as cyberstalking, cyberharassment or cyberbullying. A defensive policy to follow in order to prevent these types of attacks is to avoid exposing too much personal information on the Net and certainly never revealing your street address or where you are going to be at any time.

Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail amarballi@hotmail.com.

homeeventsbiz directorysubscribecontentclasses/places of worshipnewseditorialhealthimmigrationfinance
techno cornermoviesfashionmusic/dancebooksyogahome improvementastrologycuisinemotoringgetawayclassifiedsARCHIVES
Read the Editor's Blog. By Nitish Rele Classifieds Getaway Motoring Cuisine Astrology Home Improvement Books Yoga Music and Dance Fashion Movies Techno Corner Finance Immigration Health Editorial News Classes/Places of Worship Content Find us on Facebook!