By David Goldman
NEW YORK (CNNMoney) — A significant rise in smartphone attacks is predicted every year, and it hasn’t happened yet. But that isn’t stopping major security firms from saying this will be the year that phones will finally emerge as a major target for cybercriminals.
There are many reasons why smartphones are vulnerable. For one, they run most of the same software that smartphone users also use on their computers. Smartphones also have many additional capabilities that hackers can exploit. They can connect to other potentially vulnerable devices using Bluetooth and send and receive text messages, for example.
But smartphones are also increasingly being used as mobile wallets. That’s why cybersecurity experts believe mobile payment systems are likely to be the next big target for cybercriminals.
According to research from Juniper Networks, 300 million smartphones around the world will be equipped with the near-field communications (NFC) chips needed for mobile payments. Juniper predicts global NFC transactions will total nearly $50 billion this year.
Though the underlying NFC technology is believed to be secure, the applications designed to use it “will be riddled with security holes, and massive losses will ensue,” according to Rod Rasmussen, president of security company IID.
Mobile payments may be the most headline-grabbing phone attack method, but it won’t be the only one. Security experts believe another prominent technique will be ransomware — malware that takes control of a user’s device and data, relinquishing it only if the user pays money.
Researchers from McAfee, an Intel subsidiary, think ransomware will become a “prominent trend” in 2013. Security firm Top Patch expects ransomware to graduate from attacking “celebrity victims” to regular consumers this year.
So far, the vast majority of mobile malware has infected smartphones that run Google’s Android operating system. But some experts say iPhone users shouldn’t rest assured. Though Apple is very restrictive about allowing third-party apps to communicate with other software, that also makes antivirus apps less potent to defend against Web-based attacks.
“Apple’s ‘walled garden’ approach makes it difficult for third parties to protect it,” said Todd Kellerman, head of cybersecurity at Trend Micro and former commissioner of President Obama’s cybersecurity council. “We will see many more viable attacks on iOS, because hackers know that the wealthiest people tend to own Apple devices. The walled garden will ultimately fall.”
Kellerman added that malware will soon be written specifically for the iPhone, just as there are now more attacks targeted directly at Apple’s Mac computer.
In addition to smartphones, cybercriminals will also be after the growing “Internet of things” — an emerging world in which everything is connected online.
“From thermostats to garage door openers to security systems and appliances, traditional electronics are now Internet-connected,” said Michael Sutton, head of security research at cloud security company Zscaler. “The hardware industry unfortunately has a rather abysmal history when it comes to ‘baking security in’; so expect this wave of connected hardware to present a vast amount of low-hanging fruit for security researchers.”
McAfee co-president Todd Gebhart backed that view.
“All of these devices have been developed without the thought of security,” he said.
Still, the biggest security risk remains old-fashioned carelessness.
Data is most often taken from mobile phones when they’re lost or stolen and aren’t protected by a password. It’s an open invitation for thieves to go rummaging around. Those kinds of attacks will “far exceed” mobile hacks and malware in 2013, Verizon predicts.