As attacks on mobile devices skyrocket, the prospect of falling victim to a hacker seems like it's no longer a question of "if" but rather "when." Because we use our phones so often — 34 times a day according to one study's estimates — we're exposing ourselves and our data exponentially far more often than we used to, giving hackers that many more chances to break in. Last week, Juniper Networks reported a 400 percent increase in attacks on Android-powered phones between June 2010 and January 2011. In a Forbes column on Sunday night, Juniper vice president Karim Toubba explained that we've created a "perfect storm for hackers" with our sloppy smartphone habits:
The risks created by portable, always-on smartphones, tablets and other mobile computing devices are extending the attack surfaces that require protection for both consumers and enterprises. … People connect to unsecured wireless hotspots and download apps with impunity, giving little thought as to whether the app provider is trustworthy. Add to that the frequency that these devices with sensitive information are lost or stolen and the need to better secure and manage these devices becomes evident.
As Toubba suggests, our addiction to a steady flow of data isn't just a problem for consumers. The backend business solutions are just as vulnerable to attacks, and a strike in the right place can affect millions of people within minutes. If his goal was to bring awareness to breadth of the risks, Toubba's timing was prescient and perhaps a little bit ironic. Early Monday morning, a glitch in some Juniper-manufactured routers working on Level3's tier one network triggered an international incident that killed the part of internet, everything from Time Warner Cable to BlackBerry's email servers, for a few minutes across North America and Europe. Tier one networks act like the internet's spine and a properly placed blow can be paralyzing. So far, it appears that the problem was nothing more than a bug in a software update, but it could've just as easily been a Stuxnet-like virus from who-knows-whom that could've crippled half of the Western world's communication infrastructure.
So how could the rise in malware on smartphones translate into a devastating attack from a computer virus? It's a lot like the movie Contagion. Because we've become constantly connected to the internet through smartphones — Toubba calls this "extending the attack surfaces" — one infected device can quickly multiply into millions of infected devices before we even notice there's a problem.
What can we do about it? Well, for one thing, we can hope that the government figures out a way to protect us better against a cyber attack. So far, the prognosis is not good. On Monday, General James Cartwright told Reuters how the United States is becoming an increasingly hot target for cyber attacks, and we're not as prepared as we should be to defend ourselves. "We've got to step up the game," said Cartwright, former vice chairman of the Joint Chiefs of Staff, urging U.S. leaders to scare away hackers by bragging more about how we're defending ourselves. "We've got to get that done, because otherwise everything is a free shot at us and there's no penalty for it."
As we write this post, the Pentagon's elite research and development wing, DARPA, is trying to figure out how to get that done at a conference in Northern Virginia. Reporting from the conference, Wired's Spencer Ackerman explains failed solutions to the problem like "a second, secure network-of-networks apart from the internet's 'wild west'; or an internet, minus the anonymity" but says that DARPA would rather reverse-engineer a solution. "In other words, Darpa wants to bring in hackers to help set policy, designing dynamism into the framework, 'on timescales that correspond with the dynamic nature of advances in cyberspace,'" says Ackerman.
"Dynamic nature" is a government phrase that means "faster than the government works," so you might want to take some precautions while the Pentagon is sorting out their plan. Touba offers this great bullet list for smartphone users at Forbes:
- Install an on-device anti-malware solution to protect against malicious or infected applications, spyware, and other malware-based attacks on their device.
- Use an on-device personal firewall to protect device interfaces.
- Set a robust password to protect device access.
- Employ an on-device application to locate and track, as well as remotely wipe and lock the mobile device if it is ever lost or stolen, to protect sensitive information from falling into the "wrong hands."
James Fallows recently came up with a similar list for the internet users in an article in The Atlantic called "Hacked!" And while the task beefing up cyber security on a national level sounds daunting — and it sort of is — Fallows is closes with this sobering piece of advice should put some of your anxiety to rest: "As with so many other challenges in modern life, responding with panic or zealotry doesn't get us anywhere. But a few simple self-protective steps can save a lot of heartache later on."