Q: Is it possible to get a virus from surfing the Internet on my smartphone? — Jason
A: The amount of new ‘malware’ (malicious software) that is being written to infect computers that are on the Internet continues to grow at a fever pitch.
Most of the really sophisticated malware is written by organized crime syndicates around the world that have plenty of resources and a really big motivator: your identity.
A recent study shows that if you search for entertainment sites (music, video, games, software, etc.) and include the word ‘free’, your chances of coming across a malicious Web site goes up exponentially — in some cases 300%!
Additionally popular items like ringtones, wallpaper and screensavers have traditionally been big targets of the malware producers, so be careful what you search for!
When it comes to your question about smartphone vulnerabilities, if you’re referring to the common ‘drive-by download’ attack that silently slips malicious programs into your computer when you visit a rogue Web site, the answer (for time being) is no.
As of this writing, browser-based attacks on smartphones are generally in the ‘proof of concept’ stage, meaning that researchers are finding theoretical possibilities, but nothing substantial exists in the wild.
There is a new vulnerability that was recently discovered for Adobe’s Flash player, which runs on desktop operating systems like Windows, Mac and Linux, but the latest Android operating system (2.2) has some exposure to this exploit (the first of its kind, since most smartphones can’t run Flash).
At this point in time, it’s actually safer to use your smartphone for accessing web content, especially the fringe content that is highly targeted for desktop computers, but that’s likely to change over time.
With the popularity of smartphones on the rise, worldwide, be assured that this is an area that the malware coders are focusing on for future attacks.
The real concern for smartphone users for now are downloadable applications that can contain malware or silently access private information on your phone (contacts, e-mails, etc.) and upload it to a remote server.
Smartphone makers do their best to police rogue applications in their various app delivery systems, but they have had apps (only a handful of the hundreds of thousands) get into their systems that snuck past the security tests and were later pulled from their app stores.
Those that bypass the controls put in place by smartphone manufacturers (called jailbreaking) so they can override the system and install un-authorized applications will be the ones at greatest risk going forward.
With no orchestrated screening process for those that install apps outside of the system, malware producers will continue to experiment on those willing to take the risk.
Google’s Android platform is both open and gaining a lot of users, so it’s likely we will continue to see more of the malicious activity aimed at this emerging and more accessible group of smartphone users.
One of the side-benefits to only getting applications from the authorized sources is that the vetting process (especially for Apple’s App Store) is pretty rigid and the likelihood of a malicious program getting onto your phone is very low.
As the capabilities of what a smartphone (and now tablets like the iPad) can do increase, so likely will the risks in using those features (the current Flash issue is a good example) so keep your guard up and stay tuned.
Data Doctors Computer Services
Data Doctors Data Recovery Labs
Data Doctors Franchise Systems, Inc.
Weekly video tech contributor to CNN.com
Host of the award-winning “Computer Corner” radio show