ICSA Labs Offers Tips to Combat Growing Mobile Security Threats

September 14, 2011

Media contacts:        
Brianna Carroll Boyle


Warns Users to Only Access Trusted App Stores, Think Twice About Accepting ‘Permissions’ 

1.     Only buy apps from recognized app stores.  Apps from unofficial third-party stores and applications downloaded from peer-to-peer sites are much more likely to contain malware than apps sanctioned by official vendor stores such as the Android App Market or Apple App Store. 

2.     Think twice about accepting “permissions.” Most applications, legitimate as well as malicious ones, require users to accept several “permissions” before the apps are installed. Check carefully to be sure that the app comes from a legitimate source. 

3.     Monitor bills for irregular charges. If attackers gain access to personal information stored on your phone, they can quickly rack up charges by sending “silent” text messages to high-priced call services. For example, if the Android Trojan GGTracker is inadvertently installed on a device, it can sign up users, without their knowledge, for premium text messaging services. 

4.     Employ security policies to protect employer-issued devices.  Employers should enforce password-based access and require voice mail codes so that only authorized users can access data on employer-issued devices. 

5.     Be mindful that more and more employees bring their personal devices to work.  Companies therefore must have security systems and policies in place to safeguard their business environment and prevent access to company networks from employees’ personal devices.  

6.     Remember that mobile devices are tiny handheld PCs.  Many security threats that apply to traditional computers also apply to mobile devices, such as smartphones and tablets, and consumers should take necessary measures to protect themselves. One way to do this is to install anti-malware software on mobile devices and enable VPN functionality. 

7.     Protect your mobile phone password and voicemail pin.  If your mobile phone does not currently have a password, add one that is at least six digits.  Try to choose a unique password that is not already used across other systems and accounts. Do not use repeating digits in passwords or voice mail pins.  Remember that your provider will never request your voice mail pin, so do not be tempted to provide it to anyone who requests it. 

If you detect infection on an employer-issued device, immediately report your concern to the employee help desk or IT security staff personnel.  

“Mobile malware will continue to rise with increased smartphone use,” Hayter said, “but by following these tips users can help protect themselves and their personal data from unwanted intrusions.”   


About ICSA Labs

ICSA Labs, an independent division of Verizon, offers third-party testing and certification of security products and network-connected devices, such as printers and faxes, to measure product compliance, reliability and performance to many of the world’s top security vendors. Visit http://www.icsalabs.com and http://www.icsalabs.com/blogs for more information. 

About Verizon  

Verizon Communications Inc. (NYSE, NASDAQ:VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to consumer, business, government and wholesale customers.  Verizon Wireless operates America's most reliable wireless network, with more than 106 million total connections nationwide.  Verizon also provides converged communications, information and entertainment services over America's most advanced fiber-optic network, and delivers integrated business solutions to customers in more than 150 countries, including all of the Fortune 500.  A Dow 30 company, Verizon employs a diverse workforce of nearly 196,000 and last year generated consolidated revenues of $106.6 billion.  For more information, visit www.verizon.com.