Hackers Turn Their Attention to Smartphones, Apps
Security software vendor McAfee (NYSE: MFE) is warning social networking fans -- particularly those who like to access their accounts and instant messaging applications through their smartphones -- that hackers will increasingly target them for a variety of scams and hoaxes as the popularity of these mobile devices continues to explode.
This week, McAfee Labs researchers debunk a new BlackBerry-borne hoax in a blog posting by security researcher Oliver Devane.
The unsolicited message sent via BlackBerry Messenger (BBM), warns the user that his or her account will be hacked if the user accepts a new contact. Worse, it claims that if one of the user's existing contacts accepts this new contact, the user's account information will be hacked.
The perpetrator of the hoax then asks the user to send this unsolicited message on to all of his or her contacts -- a phony warning used to spread even more malware to the user's contact list.
Devane writes that he became aware of this new scam after a friend IM'd him the particulars.
"As soon as I read it, I knew it was a hoax and told her just to delete it," he wrote. "It didn't really surprise me that these hoaxes are now being spread via BBM as the devices are becoming increasingly popular."
It should come as no surprise that the very features and capabilities that make mobile devices, social networking and integrated instant messaging so popular are also responsible for a wide variety of vulnerabilities that can spread spam and other malware much faster and wider than the garden-variety e-mail-based assault.
"I don't want to take the usual route of blaming social networks sites but I believe they are the cause for this new wave of hoaxes," Devane said. "The problem with social networks is that it enables almost anyone to be able to add you on several different IM's by just visiting your page if you do not set your privacy settings correctly."
Also, the latest version of BlackBerry Messenger 5.0 incorporates a convenient barcode feature that creates a visual representation of a user's device PIN. Users can now simply scan the barcode of a friend or colleague's devices with the camera on their own BlackBerry, rather than having to type them out manually -- a pain during a sales conference or while out for a night of drinks at the bar.
The convenience and simplicity is undeniable. And so are the risks.
"That makes it incredibly easy for people who you don't know to add you to their contact list, which leaves you open to receiving more hoaxes and spam messages," Devane said.
Devane also said he has discovered "lots" of these barcodes on a variety of social networking sites and forums, essentially providing a virtual marketplace for scam artists to find new targets.
"Users should be careful who they accept as contacts as you may start to see a lot more of these hoaxes or even spam in your BBM inbox," he said.
Larry Barrett is a senior editor at InternetNews.com, the news service of the internet.com network.