A hacker can install a piece of software code on a phone that can run in the background undetected by a user without having physical access to it. By sending a text or email couched as a promotional message that lures a user into clicking, for instance. They can play back snatches of our conversation, which can be able to surreptitiously record using the compromised phone’s microphone.
In other words, once hackers access your device, they can easily use your microphone or camera to record you, and thanks to GPS, they know your location. It’s a security nightmare.
Also Read :- Apple iPhone may become ‘useless’ in India Soon, TRAI could ban iPhones
Companies that make operating systems (OS) for mobile phones — Apple’s iOS and Google’s Android occupy bulk of the market — know the array of techniques used by hackers to compromise phones. They are in a cat-and-mouse game with the rogue elements of the information age. They plug known vulnerabilities and loopholes by periodically updating their operating systems. They release newer versions of it, and also issue security patches.
But in the case of Android, on which 9 out of 10 mobile phones in India run, there is a unique problem. Android is a foundational OS on which some of the most popular handset makers — such as Samsung or Xiaomi — build their versions of the operating system. This means when Android releases an update or a security patch, it’s unclear who is responsible for updating the OS that’s actually running on the device.
Also Read :- Gmail Users Warned of Security Threat by US DHS
Phone makers release an update months after Android, if at all. There are hundreds of companies making Androidbased devices, selling more than 60,000 models worldwide. It’s a complex ecosystem, with no one quite tracking the updates and vulnerabilities.
Also Read :- FACEBOOK WILL ALLOW CHINA’S TECH FIRMS IN, SAYS MARK ZUCKERBERG
A third of the Android phones in India are running a version of the OS released in March 2015 or before, according to analytics firm StatCounter. This leaves millions of phone users in India potentially vulnerable, and in an age when personal information harvested at scale can be weaponised to sway opinion and indeed elections, this hole at the heart of India’s mobile security deserves wider attention. India has witnessed explosive growth in handset sales and data usage. There are now some 300 million smart phone users in India, the world’s second biggest smartphone market after China.
This is expected to swell to just under 500 million by 2022, according to research firm eMarketer. With the entry of Reliance Jio, data costs have become affordable to just about anyone who can buy a smartphone. This means millions of excited firsttime users of smartphones with suboptimal understanding of security protocols, including what is safe to click and what might not be.
Also Read :- 4 Biggest Tech Giants Teamed Up to Make Moving Customers Data Around Less Painful
No one quite knows how they are using the internet and what apps are being installed on these devices. They are also likely to be less circumspect about sharing data with app developers. Most terms and conditions that users agree to tend to be in English. Fair to assume that many Indian mobile users are agreeing to things without quite understanding what they are agreeing to.
As we settle back into the chairs at his Delhi-based office, Modi says it is relatively harder to install malware on Apple’s iPhones. To install a hacking app on an iPhone, you need the unique device identifier — a sequence of 40 letters and numbers, which can only be accessed by connecting the phone to a computer via Apple’s iTunes software. “It is far easier to install an app from an unknown source on an Android phone than on an iPhone,” says Modi. According to data aggregated by Lucideus, And ..
Also Read :- iPhone Users in India Could Face Deactivation by Telcos Due to TRAI's New Regulation
Outdated privacy laws in India add to the woes of mobile phone users, say industry watchers. “In India, the regulations are weak at best,” says Shiv Putcha, founder of telecom consultancy Mandala Insights. “You don’t have a privacy law, no regulations around data storage or access to private data. If they (mobile phone makers and service providers) aren’t storing data here, how can we be sure how secure our data is?”
The user has little chance of bringing culprits to book in case of a data breach, as most companies aren’t liable to the user in India. “The business model (of the smartphone) doesn’t fit local regulation, because there isn’t one. As more cheap devices are sold, this problem doesn’t just compound, it explodes,” says Putcha.
Also Read :- Google might start charging for Android - Pichai hints and responds to EU fine
The Telecom Regulatory Authority of India (Trai) said this week the framework for data protection was “not sufficient” to protect consumers. It also recommended that ownership of data generated by telecom consumers should rest with the users and not internet giants and mobile device makers. The government has woken up to the need for a strong data protection law, along the lines of the General Data Protection Regulation (GDPR) in the EU, and has set up a committee to look into it.
With smartphones and data becoming cheaper, the number of devices, apps and the time spent on these will increase. The ensuing data explosion gives hackers more opportunities to exploit. Nearly a decade after Android was commercially released in September 2008, the mobile OS developed by Google might be becoming a victim of its own success. The European Union slapped a $5 billion penalty on Google earlier this week for abusing the market dominance of Android to push its search engine, a decision Google will appeal.
The world got a taste of large-scale hacking three years ago, when cyber security firm Zimperium said it had discovered a bug called Stagefright that rode on an innocuous-looking multimedia message to take over Android phones. Over a billion phones were reportedly infected.
Harmful Apps
According to Google, in 2017, India had the third highest percentage of phones with potentially harmful applications (PHAs) among the major Android markets, with 1% of the total Android phones in the country affected, though the figure had dropped by a third from 2016. Google says devices that install apps from outside the Google Play app store are nine times more likely to have PHAs. A Google spokesperson did not respond to Indiaspecific questions but pointed to two measures the company has taken to improve phone security in the country.
One is a partner-certification programme that was launched in August last year. Devices of some 140 vendors come with Google Play Protect feature, with automatic scans for malware. The company encourages phone buyers to look for the Play Protect logo on smartphone boxes ahead of purchase. It also ran a #SecurityCheckKiya public campaign earlier this year. Samsung, one of India’s leading smartphone vendors by unit sales in April-June, says it provides monthly security updates to its top and mid-range devices, and quarterly security updates to the rest.
National Security Concerns
Lax permission standards in the older versions of Android were said to be primarily responsible for Facebook getting access to users’ call and SMS logs through its apps, according to news reports that came out following the Cambridge Analytica controversy in March. Late last year, Trend Micro Mobile Security found 36 apps on Google Play that secretly harvested user data and tracked user location. Once notified, Google removed these apps.
In other words, once hackers access your device, they can easily use your microphone or camera to record you, and thanks to GPS, they know your location. It’s a security nightmare.
Also Read :- Apple iPhone may become ‘useless’ in India Soon, TRAI could ban iPhones
Companies that make operating systems (OS) for mobile phones — Apple’s iOS and Google’s Android occupy bulk of the market — know the array of techniques used by hackers to compromise phones. They are in a cat-and-mouse game with the rogue elements of the information age. They plug known vulnerabilities and loopholes by periodically updating their operating systems. They release newer versions of it, and also issue security patches.
But in the case of Android, on which 9 out of 10 mobile phones in India run, there is a unique problem. Android is a foundational OS on which some of the most popular handset makers — such as Samsung or Xiaomi — build their versions of the operating system. This means when Android releases an update or a security patch, it’s unclear who is responsible for updating the OS that’s actually running on the device.
Also Read :- Gmail Users Warned of Security Threat by US DHS
Phone makers release an update months after Android, if at all. There are hundreds of companies making Androidbased devices, selling more than 60,000 models worldwide. It’s a complex ecosystem, with no one quite tracking the updates and vulnerabilities.
Also Read :- FACEBOOK WILL ALLOW CHINA’S TECH FIRMS IN, SAYS MARK ZUCKERBERG
A third of the Android phones in India are running a version of the OS released in March 2015 or before, according to analytics firm StatCounter. This leaves millions of phone users in India potentially vulnerable, and in an age when personal information harvested at scale can be weaponised to sway opinion and indeed elections, this hole at the heart of India’s mobile security deserves wider attention. India has witnessed explosive growth in handset sales and data usage. There are now some 300 million smart phone users in India, the world’s second biggest smartphone market after China.
This is expected to swell to just under 500 million by 2022, according to research firm eMarketer. With the entry of Reliance Jio, data costs have become affordable to just about anyone who can buy a smartphone. This means millions of excited firsttime users of smartphones with suboptimal understanding of security protocols, including what is safe to click and what might not be.
Also Read :- 4 Biggest Tech Giants Teamed Up to Make Moving Customers Data Around Less Painful
No one quite knows how they are using the internet and what apps are being installed on these devices. They are also likely to be less circumspect about sharing data with app developers. Most terms and conditions that users agree to tend to be in English. Fair to assume that many Indian mobile users are agreeing to things without quite understanding what they are agreeing to.
As we settle back into the chairs at his Delhi-based office, Modi says it is relatively harder to install malware on Apple’s iPhones. To install a hacking app on an iPhone, you need the unique device identifier — a sequence of 40 letters and numbers, which can only be accessed by connecting the phone to a computer via Apple’s iTunes software. “It is far easier to install an app from an unknown source on an Android phone than on an iPhone,” says Modi. According to data aggregated by Lucideus, And ..
Also Read :- iPhone Users in India Could Face Deactivation by Telcos Due to TRAI's New Regulation
Outdated privacy laws in India add to the woes of mobile phone users, say industry watchers. “In India, the regulations are weak at best,” says Shiv Putcha, founder of telecom consultancy Mandala Insights. “You don’t have a privacy law, no regulations around data storage or access to private data. If they (mobile phone makers and service providers) aren’t storing data here, how can we be sure how secure our data is?”
The user has little chance of bringing culprits to book in case of a data breach, as most companies aren’t liable to the user in India. “The business model (of the smartphone) doesn’t fit local regulation, because there isn’t one. As more cheap devices are sold, this problem doesn’t just compound, it explodes,” says Putcha.
Also Read :- Google might start charging for Android - Pichai hints and responds to EU fine
The Telecom Regulatory Authority of India (Trai) said this week the framework for data protection was “not sufficient” to protect consumers. It also recommended that ownership of data generated by telecom consumers should rest with the users and not internet giants and mobile device makers. The government has woken up to the need for a strong data protection law, along the lines of the General Data Protection Regulation (GDPR) in the EU, and has set up a committee to look into it.
With smartphones and data becoming cheaper, the number of devices, apps and the time spent on these will increase. The ensuing data explosion gives hackers more opportunities to exploit. Nearly a decade after Android was commercially released in September 2008, the mobile OS developed by Google might be becoming a victim of its own success. The European Union slapped a $5 billion penalty on Google earlier this week for abusing the market dominance of Android to push its search engine, a decision Google will appeal.
The world got a taste of large-scale hacking three years ago, when cyber security firm Zimperium said it had discovered a bug called Stagefright that rode on an innocuous-looking multimedia message to take over Android phones. Over a billion phones were reportedly infected.
Harmful Apps
According to Google, in 2017, India had the third highest percentage of phones with potentially harmful applications (PHAs) among the major Android markets, with 1% of the total Android phones in the country affected, though the figure had dropped by a third from 2016. Google says devices that install apps from outside the Google Play app store are nine times more likely to have PHAs. A Google spokesperson did not respond to Indiaspecific questions but pointed to two measures the company has taken to improve phone security in the country.
One is a partner-certification programme that was launched in August last year. Devices of some 140 vendors come with Google Play Protect feature, with automatic scans for malware. The company encourages phone buyers to look for the Play Protect logo on smartphone boxes ahead of purchase. It also ran a #SecurityCheckKiya public campaign earlier this year. Samsung, one of India’s leading smartphone vendors by unit sales in April-June, says it provides monthly security updates to its top and mid-range devices, and quarterly security updates to the rest.
National Security Concerns
Lax permission standards in the older versions of Android were said to be primarily responsible for Facebook getting access to users’ call and SMS logs through its apps, according to news reports that came out following the Cambridge Analytica controversy in March. Late last year, Trend Micro Mobile Security found 36 apps on Google Play that secretly harvested user data and tracked user location. Once notified, Google removed these apps.
Comments
Post a Comment