Smart Phones: Pocket Landmines?

Yeah, I’m an old guy. My first laptop took two 3.5-inch floppy drives to operate, and my cell phone was a box mounted in the trunk of my 1986 Ford Taurus with a handset bolted to the transmission hump. I truly can’t count all of the laptops, cell phones, and desktops that I have used and blown up over the past 36 years. I did learn a few things, such as don’t drop a laptop while its hard drive is spinning: instant device death.

Time marches on, and now most all of us have incredible computing capability in our purse or pocket with our smart cell phones. We are now at a point where there are apps for just about everything you can imagine, from monitoring your diet to giving you the opportunity to lose all your money on gambling websites.

I have found a couple of apps that might be useful for technicians and salespeople in our industry. But first, a couple of cautions.

Hackers are now focusing on smart phones for the simple reason that there are now more of them in use now than PCs, and hackers want the largest number of potential targets to attack. I remember when Apple Mac owners would puff out their chests and say their computer was immune to hacker attacks because “Macs are more secure than IBM-style PCs.” The real reason is that Macs only had about 10 percent of the overall PCs in use, so hacker attacks were mostly aimed at Windows PCs. Now that many, many people have iPhones, hacker attacks are blossoming due to the overall size of the device population. And the users often willingly inject the poison into their phones.

One problem is that, let’s face it, some users aren’t the sharpest knives in the drawer. Downloading apps onto a smart phone provides an opportunity for hackers to infect the device, and the users themselves performed the rogue software injection. Everyone is warned to only download apps from the “authorized” online stores, but sometimes apps get into the stores only to be jerked out later when they’re found to be dirty.

In my mind the biggest potential threat to smart phones is the explosion of QR codes. You can load them at the grocery store, your doctor’s office, restaurants, etc. The COVID-19 epidemic only exacerbated the growth of QR code use as retailers encouraged customers to get their QR code scanned without touching menus or other items that might pass from person to person.

QR codes can easily infect your smart phone. Let’s say that I go to the sandwich shop down the street. They have a QR code on a little sign that customers are supposed to scan to see the menu. The bad guy can easily copy the sandwich shop’s website or online menu, and add in some malware to give them access to the customer’s usernames, passwords, etc. He can then copy the sandwich shop’s QR code, put together a fake QR code that does what the hacker wants, put it on a sticker and cover the shop’s original QR code on the sign. Nobody will know the difference; after all, who can “read” a QR code with the naked eye? A smart phone can become infected and the user will never know where they picked up the malware if they are scanning lots of QR codes. Many people also do their banking on their smart phone, and these malware attacks can give the bad guys access to a user’s bank account. Just what I want, to have my bank account cleaned out by my smart phone’s vulnerabilities.

Having a driver’s license doesn’t make a person a good or safe driver. How many knuckleheads do you have to dodge when you are out driving around? In a similar vein, having a smart phone doesn’t make the user smart, and hackers know this fact.

“Downloading apps onto a smart phone provides an opportunity for hackers to infect the device, and the users themselves performed the rogue software injection.”

There are a number of useful apps that we will cover in following columns. Just be careful with your smart phone, and pass that information along to your family and friends.

I have been a long-time industry professional, and have had the opportunity to perform scores of speeches at ADI Expos in the past decade. I would like to thank John Sullivan, Mike Masten, Johnny Hudson, and Eileen Southard of ADI for their support for my ADI Expo presentations, and a very special thank you for all of the Expo attendees who attended one of my shows in the past 10 years or so. I always wanted to be a rock star, and my wish came true: me in front of 100+ industry professionals at shows all over the U.S. and Canada. The only problem was that I didn’t have a screaming 100-watt Marshall amp behind me to cover my mistakes. To all of my friends in New Orleans, Anaheim, Newark, Raleigh, Atlanta, Houston, and other cities, a heartfelt “thank you” for your attendance and interest in my shows.

PSA Security Network is one of the nation’s leading sources for education, training, and industry networking events. With multiple settings and events throughout the year to meet and exchange industry knowledge, there is something for everyone.

The Electronic Security Expo, owned by ESA, is designed to help electronic security pros to network with other like-minded professionals and to educate about improving your company’s efficiency and productivity