▶ General

Reckon you know all the ways your handset can become infected? Think again...

You may think you're playing things safe by mostly only using your phone to make calls, but is that really the case? Your smartphone is now as powerful - and as connected - as your desktop PC. Too many people fall into the trap of thinking its smaller physical size somehow means its less important to think about securing.

If anything, your smartphone contains more sensitive content than your PC, such as your bank details, family photos, calendar etc. If all this data was written in a book, you'd definitley not want prying eyes anywhere near it. However - if that were the case, you'd at least know there's only one way someone could obtain the information, and that's by opening it and reading through it. In your smartphones' case, one single way in is most definitely not the case, so let's look at the top 10 tricks the bad guys use to infect your handset.

sharks 700x250

1 Visiting a website which contains malware

Just as your PC can become infected from nefarious content on a website, so can your handset. A script can be started off the moment you visit the site with your onboard browser, and it can be set up to recognise exactly which combinatio of device and software you're using. Armed with thei information. it can then adapt itself looking for known weaknesses - ways in - to copy its payload to your handset. Once there, it might well have full access, including the abiity to make silent calls, trawls your data looking for sensitive information and send it to the attackers website secretly.

2 Malicious apps

What's the difference between what a "good" App on your handset can do an a "bad" one? The technical answer is nothing - they are both merely carrying out a set of operations provided to them by the system software they are installed to, such as making calls, accessing data, connecting to the internet and so on. What you think of as a "bad" App is just putting all this together, most likely in a sneaky, hidden way, in order to achieve some goal the malicious developer intended. The way into your phone is therefore a kind of "half and half" approach - what seems to be a regular App, and therefore convinces you to install it, actually does, or seems to do, what you thought it would but also sneaks around in the background doing its mischief.

These are known as "trojans". A well-known example of one of these is the "Geinimi Toojan" for Android. The bad guys don't even have to write good apps in the first place to spread this one - they take one from the app store, decompile it, insert their malware, rebuild it and then upload it to oter apps stores. Note it is always other apps stores, since Google can detect this kind of tampering before it gets anywhere near theirs. There is an obvious lesson regarding where you get your apps from, here.

3 Memory card

When you insert that memory card into your smartphone, are you certain you know exactly what's on it? Again, the parallels between this and the removable media you should be careful of with your PC (USB sticks, floppy drives, even writable CD/DVD's etc) are present. Files can be hidden too, so putting the card in a PC reader and inspecting it there might not show anything untoward. Some handsets automatically look for certain files to run when the card is inserted, so if the bad guys get to it this way by the time it's in it's too late. 

4 Bluetooth

The first recorded smartphone virus - Cabir - was spread via Bluetooth. Things are a little better now, since the user is usually alerted when another device wished to connect, or "pair" to use the correct parlance, but once it has done so, are you sure you know what's coming in? Again, superficially innocent content, such as a movie trailer video, could in fact be used as the attack vector behind which malware infacts your smartphone.

5 Network/USB connection

Most smartphones nowadays have a USB connector (micro/mini), and when hooked into a PC, or by extension a network via that connector, it can unwittingly signal its presence to malware lying dormant but just waiting for such an event to occur. Using the same techniques "good" software uses in this situation - for example to sync photos taken on your handset automatically with your PC - a way in for malware could have just been opened.

6 Email attachments

This is one of the most common ways viruses are spread to PC's - but people seldom stop to thik it could be doing the same to their handset, too. As the power and sophistication of somartphone software grows, so does the ability to handle email attachments, be they photo, videos or apps. App which could coltain malware, using the email itself as a trojan to get onboard.

7 WiFi

Open WiFi networks can be lethal. The promise of convenient, free internet access is too much to resist for some users, and the bad guys know it. When you connect to a network you don't totally trust, all the data passing through your handset can be intercepted. It can be stored for further analysis later, or even interfered with such that a trusted site you think you are visiting isn't - it's a clever copy with just enough content to fool you, whilst infecting your phone behind the scenes. They can even make the URL in your browser appear the same, because they provide the DNS (Domain Name Server) to your device too, when you connect. That's pretty nasty, because all your bookmarks etc will appear to work as usual. As will the forms asking for your banking passwords...


A relatively new phenomenon if NFC - Near Field Communication. This is where a chip is installed in your device and software is automatically triggered when another one comes close, typically just a few centimetres away. In other words, a tap from a similarly-equipped device could be used to deliver a trojan behind some otherwise innocent-seeming content, such as a photo or video.

9 Physical 3rd party tampering

"Could you lend me your wallet for a minute please?". How you'd laugh if a stranger asked you this question. But your phone? Especially if there's some other reason, like someone says they are thinking of buying that model etc. it only takes a second for a tooled-up bad guy to infect your device when he has prepared for it, using almost any of the other ways listed here such as intentionally visiting a site which will download malware etc. Always know where your smartphone is and who has access to it!

10 Push message

Similar to network trojans, modern handsets allow servers to send "Push messages" directly to the device. These are the internet equivalent of the old SMS/MMS systems, which themselves can contain links to malware so should be treat with the same caution. Push messages are more powerful since they can actually target specific Apps already onboard, and they can be used to "command and control" entire botnets of phones which are not suitably protected.