Why mobile is far more riskier than Aadhaar leak
What do you do when you buy a smartphone? Install Facebook and WhatsApp after the mandatory settings are put in place. While the next set of downloads involving third-party apps follows soon after, the catch is we rarely go through their permission policies.
A closer look at the permission policy of one of the most commonly used applications such as Facebook, for instance, reveals that it asks for access to all of the subscriber’s contacts and information stored in the handset. Moreover, it also seeks to have access to the device camera and to make calls, without informing the user. While Facebook is a proprietary app, the rule remains the same for many third-party applications, whose origin and ownership remain unknown to most of us.
At a time when data leaks from the Unique Identification Authority of India (UIDAI) — the body that maintains the Aadhaar data of over a billion Indians — are raising disturbing questions over the security of one’s personal information, breach of privacy can come from one’s handheld device. From biometric details such as fingerprints and retina scans to financial information such as credit card numbers and passwords — all may be up for sale if one’s handset is hacked.
And while the possibility of a mobile hack was of little concern a few years ago, that is no longer the case now. The falling price of the International Mobile Subscriber Identity (IMSI)-catcher and a flurry of other malwares have now changed the tide against common users. IMSI, for example, is today widely used (by hackers) to identify a user of a mobile network, making analysts and experts jittery.
While users of all types of mobile handsets can be targets of hacks, users of open operating systems such as Android, which comprise over 80 per cent of all mobile users globally and over 90 per cent in India, are most vulnerable.
“Any information stored in the mobile phone can be accessed from a remote location. Once a malware or advanced virus gets into the system, it can copy and send all information to the hackers.
It can also enable the camera, forward text messages, redirect calls and send any files from the device, without the user even knowing about its activity,” Such incidents are not rare. According to anti-virus major Norton’s recent mobile survey, over a third or 34 per cent of mobile phone users in India have faced malware or virus attacks recently, followed by threats involving fraudulent access or misuse of credit card or bank account details (21 per cent). The share of people facing hacking and leakage of personal information is no less. Nearly one in five (19 per cent) mobile users’ privacy has been breached in recent months, the survey says.
As half the users (50 per cent) grant permission to send promotional texts and/or emails to application providers, the threat levels are only rising. The survey reveals that 47 per cent of users have granted access to their contacts in exchange for free apps. And close to 40 per cent have granted permission to access their camera, bookmarks, and browser history.
Experts say while the damage from leakage of personal data like images, documents, and financial details may still be compensated, once biometric data is compromised, the loss is irreparable. As an increasing number of smartphones now comes with added features such as fingerprint scanners and iris scanners, such biometric data stored in devices may land up in the hands of hackers. However, once lost, these cannot be changed to secure one’s identity unlike passwords and account details.
“Digital security is still an afterthought for many. Getting a new mobile phone scratched is more worrisome than the risk of having it infected by a virus. While desktops and laptops do get the attention they need for their security, mobile phones still have a long way to go in this aspect. It’s time individuals and businesses realised that viruses, malware, and Internet threats do not only prey on computers. more
A closer look at the permission policy of one of the most commonly used applications such as Facebook, for instance, reveals that it asks for access to all of the subscriber’s contacts and information stored in the handset. Moreover, it also seeks to have access to the device camera and to make calls, without informing the user. While Facebook is a proprietary app, the rule remains the same for many third-party applications, whose origin and ownership remain unknown to most of us.
At a time when data leaks from the Unique Identification Authority of India (UIDAI) — the body that maintains the Aadhaar data of over a billion Indians — are raising disturbing questions over the security of one’s personal information, breach of privacy can come from one’s handheld device. From biometric details such as fingerprints and retina scans to financial information such as credit card numbers and passwords — all may be up for sale if one’s handset is hacked.
And while the possibility of a mobile hack was of little concern a few years ago, that is no longer the case now. The falling price of the International Mobile Subscriber Identity (IMSI)-catcher and a flurry of other malwares have now changed the tide against common users. IMSI, for example, is today widely used (by hackers) to identify a user of a mobile network, making analysts and experts jittery.
While users of all types of mobile handsets can be targets of hacks, users of open operating systems such as Android, which comprise over 80 per cent of all mobile users globally and over 90 per cent in India, are most vulnerable.
“Any information stored in the mobile phone can be accessed from a remote location. Once a malware or advanced virus gets into the system, it can copy and send all information to the hackers.
It can also enable the camera, forward text messages, redirect calls and send any files from the device, without the user even knowing about its activity,” Such incidents are not rare. According to anti-virus major Norton’s recent mobile survey, over a third or 34 per cent of mobile phone users in India have faced malware or virus attacks recently, followed by threats involving fraudulent access or misuse of credit card or bank account details (21 per cent). The share of people facing hacking and leakage of personal information is no less. Nearly one in five (19 per cent) mobile users’ privacy has been breached in recent months, the survey says.
As half the users (50 per cent) grant permission to send promotional texts and/or emails to application providers, the threat levels are only rising. The survey reveals that 47 per cent of users have granted access to their contacts in exchange for free apps. And close to 40 per cent have granted permission to access their camera, bookmarks, and browser history.
Experts say while the damage from leakage of personal data like images, documents, and financial details may still be compensated, once biometric data is compromised, the loss is irreparable. As an increasing number of smartphones now comes with added features such as fingerprint scanners and iris scanners, such biometric data stored in devices may land up in the hands of hackers. However, once lost, these cannot be changed to secure one’s identity unlike passwords and account details.
“Digital security is still an afterthought for many. Getting a new mobile phone scratched is more worrisome than the risk of having it infected by a virus. While desktops and laptops do get the attention they need for their security, mobile phones still have a long way to go in this aspect. It’s time individuals and businesses realised that viruses, malware, and Internet threats do not only prey on computers. more
Viewed by 1743
View all 10 comments Below 10 comments
Care in mobile can be maintained. Aadhaar on the other hand is in government control, which means no one knows who has access and who does not. and government can control our lives. For example government is now saying without Aadhaar, my mobile service will be disconnected. Same with banking service. While FB and other social media can sell your data that you upload in the media or save on the mobile (only contacts etc), they cannot directly affect our lives. I can even just uninstall the app from my mobile. Also my banking or other apps will not share their information with the social media apps. FB can only track what I do online. Not what I do on a daily basis. Aadhaar linkage has that risk. One needs to understand the implementation of the project, access controls, lack of security, the private companies who are managing the service, etc, all into consideration. Would be good for everyone to understand the situation of Aadhaar. more
Jan 17
there are enough duplicate or fake aadhaar cards. in Hyderabad itself one address was registered with 275 aadhar cards in different names.
A card was even issued in the name of 'Barak Obama' just to show how leaky this system is. more
A card was even issued in the name of 'Barak Obama' just to show how leaky this system is. more
Jan 18
Write up of Shri Mohit Jain should form a manual to all mobile phone users. particularly amongst the youngs (girls, in particular). I shall urge all mobile phone users (again particularly girls), not to share their mobile numbers with someone not thoroughly acquainted with them. Receipt of phone calls from strangers - more than 2 or 3 occasions - need be recorded with the police. The caller should warned beforehand. more
Jan 14
The Facebook collects more all personal info of the mobile user. It also recommends friend suggestion based on the details of the personal data of the user. Almost all the suggestions are based on the personal details collected by it. It is likely that they could or someone else also could use it. IT IS GOOD THAT THE CELL IS USED TO TRANSACT IMPORTANT TASKS WITHOUT REVEALING THEIR IDENTITY . more
Jan 14
It is our weakness that we want all applications on our mobile phones. We should limit use of mobile phones for essential and secured services. Social media like Facebook should left on laptops or computers. more
Jan 14
I totally agree with and endorse the views of Shri Mohit Jain. One should never keep important information on one's mobile. Likewise on one's computer too. I keep all info on an external hard disk. more
Jan 14
I guess google play store audits all apps before lodging it on their site.They have been removing regularly the apps. The contact details the apps ask for is basically for expanding their network and for marketing. more
Jan 14
