Smartphone malware can automatically make expensive calls

As smartphones become more common, so do viruses that infect them. Take this recent attack that gives criminals an easy way to steal from mobile users. 

Vulnerabilities in smartphones can allow hackers to force phones to make long-distance calls and rack up users’ bills, said security researcher Mikko Hypponen in presentation at the Black Hat security conference in Las Vegas.

Hypponen compares the attack to one that appeared a decade ago, when computers connected to the web via dial-up modems. Hackers in those days could infect computers with a virus that would make the machine dial phone numbers in the background while the user was online.

The same idea can be adapted for present day smartphones.

One attack cited by Hypponen involved several users of Windows Mobile devices who downloaded a cracked version of a game. The game was modified by a hacker who injected code that made the phones dial a few long-distance numbers every month.

This type of attack is not yet prevalent, Hyponnen notes, but as mobile malware becomes more common, it could give cybercriminals an easy way to make money if smartphone users aren’t careful.

Corporate phones could be hit especially hard, since a few extra long-distance numbers each month may be more likely to go unnoticed.

To keep your company’s mobile devices secure, make sure they’re locked down so no unneeded apps are installed. Hyponnen also recommends educating users about the dangers of installing unknown applications and investing in mobile security software as threats for these devices increase.