Just Hacked Your Smartphone to Say “I Love You”

Malware’s Made it to Your Smartphone

Just Say I Love You

1982 brought us one of the first instances of malware, short for malicious software, in the form of a self-replicating virus known as the “Elk Cloner.”  Believe it or not, Elk Cloner was the brainchild of a literal child: 15-year-old Rich Skrenta.

Designed to display an obnoxious message on every 50th bootup, Skrenta’s malware had the innovative ability to stealthily infect any floppy disk inserted into the compromised system.  While Elk Cloner was relatively harmless, except perhaps to young Mr. Skrenta’s social life, it paved the way for future generations of far more dangerous malware.

 

I Just Hacked to Say “I LOVE YOU”

A student in Manilla created a virus that would e-mail itself to everyone in the infected’s Outlook address book.  It appeared with the intriguing subject line of “I LOVE YOU” and many inexperienced Internet users could not resist the urge to click. The “Love Bug” virus spread like wildfire, and this malware was no joke.

Love Bug seized complete control over your operating system and storage.  Once Love Bug was in charge, it searched your drives for documents, music, images, and other files and replaced them with copies of itself.  It could delete important system files, rendering a computer inoperable.  It even attempted to install a trojan horse that would intercept passwords and send them to the Philippines.

Love Bug’s frightening speed of distribution combined with its devastating payload made it the ultimate malware at the time.  It would eventually infect over 45 million computers, 10 percent of all computers connected to the Internet.  Damage estimates range from $5 billion to $10 billion, and the resulting media blitz firmly embedded the concept of computer viruses in our cultural consciousness.

Malware, Anywhere: Your Smartphone

More people own smartphones than own computers these days, and much like the 90’s transition from sneakernet to global distribution, mobile malware has a vast pool of potential victims. Modern smartphone operating systems—things like Android and Apple’s iOS—are somewhat more sophisticated in terms of corralling malware than PC operating systems of old.

Mobile malware is especially troubling given how much of our lives are now run from our smartphones.  It can spy on your data, from text messages, and phone calls, to the sites you browse and the games you play.  Apps can access your GPS positioning, sending info on your movements to any number of unsavory elements.  It can directly cost you money by sending hijacked, automated text messages to premium SMS numbers.

Soon, with NFC technology and Apple Pay on the horizon, our wallets will be integrated with our phones, a prospect that surely has malware developers frothing at the mouth.

Outsmarting Your Smartphone

Malware has come a long way since a teenager not even old enough to drive played a trick on his computer club buddies and unwittingly gave birth to a new generation of crime.  The tools to combat malicious software have evolved a lot too, but education and caution will always be the first line of defense.

Like any security threat, avoiding mobile malware is part user savvy and part technical challenge.  Fortunately, modern smartphone ecosystems—the operating system like Android or iOS plus the apps and app stores—were designed with security in mind to a much greater extent than older generation PC operating systems.  Even given that fact though, maintaining security versus flexibility and facing off against malware authors with significant financial motivation makes for a dangerous landscape.

As we become more and more dependent on our smartphones, we need to be ever more vigilant of the threats that lurk in the deeper bowels of the app store and beyond.  Stay tuned for a follow-up post in the next few days where we will delve deeper into the current landscape of mobile malware, common mistakes, and methods by which phones get infected; and how to stay safe in a dangerous world.

If you are interested in a conversation regarding the intrusions, attacks, and security of your infrastructure, please contact us for a FREE CONSULTATION.