BY 2015, nine in 10 mobile phone users in Australia will own a smartphone and security experts are concerned many users don’t fully understand how to prevent data loss.
One medium that’s gone under the radar is the humble microSD card, the tiny memory cards in handsets that store personal images, videos and other information.
There are several ways criminals can obtain information on smartphones, including gaining access of the physical device, tapping into the phone’s browser and developing rogue apps. Instructions on how to hack Bluetooth and WiFi connections are readily available on the internet.
People who lose their smartphones at the pub may think the phone password can save them from embarrassment, but more often than not, they forget about the media or memory card, according to Ty Miller, chief technology officer at IT security consultancy Pure Hacking. “People don’t really think about securing media cards on phones,” Mr Miller said. “From a consumers’ point of view, they just enjoy the storage of the media card.”
Start of sidebar. Skip to end of sidebar.
End of sidebar. Return to start of sidebar.
In four years, about 14.6 million smartphones are expected to be shipped in Australia, representing more than 92 per cent of the mobile phone market, IDC Australia says.
Most smartphones today come with a standard 4GB microSD card, usually found at the rear of a handset.
Apple’s popular iPhone doesn’t have a memory slot and relies on internal memory on the device.
BlackBerry-maker Research In Motion and Nokia were the only two handset manufacturers locally to say microSD cards on their devices could be encrypted. Both either have native software or third-party security apps that do the job.
Sony Ericsson and LG admitted they didn’t have any security for the cards, while Samsung and HTC declined to comment.
RIM Australia was the first to respond to queries by The Australian, a sign that smartphone security and data encryption technologies are ingrained in its DNA.
A RIM spokeswoman said the company offered technology that consumers could use to encrypt data on their BlackBerry media cards. It is applicable to all BlackBerry devices on sale locally.
She said BlackBerry devices were designed to encrypt media data stored on a media card, according to the Encrypt Media Files field in the memory section of the device options.
However, this encryption does not apply to files that are manually transferred to a media card (for example, from a storage device using mass storage mode), she said.
The RIM spokeswoman said that when a file was stored on a media card for the first time, after mass storage mode is turned on, the BlackBerry device decrypts the encryption key for the external memory file and uses it to automatically encrypt the stored file.
A Nokia Australia spokeswoman said consumers could download Kaspersky Mobile Security and Touch Crypto from its apps store, dubbed Ovi Store, to secure smartphone memory cards. Users could select folders to encrypt and the Nokia-based security apps also provided firewall and anti-virus protection, she said.
Sony Ericsson spokeswoman said its Xperia line of smartphones were powered by Google’s Android operating system, which does not support native encryption. “As a result, Sony Ericsson‘s smartphones do not include encryption technology for media-memory cards at this stage,” she said.
An LG Australia spokeswoman said the company did not have any encryption technology in its handsets. LG was not aware of any third-party provider who supplied media card encryption for both its Google Android and Microsoft Windows smartphones.
Half of the respondents to a recent Symantec Australia survey said they would be willing to pay money to retrieve their lost or stolen mobile phone. Of these, smartphone users said they would gladly pay out an average of $174 for peace of mind.
However, Mr Miller warns that money cannot replace personal information that could fall into the wrong hands and ruin people’s reputation.
“Firstly, if you think the passwords on your smartphone cannot be hacked, think again. It can be done in a few steps.”
As a security consultant, Mr Miller would not recommend specific products, but he said it was a “question of security versus functionality” for consumers.
You must be logged in to post a comment.