U.S. Mobile Security Questioned in Wake of U.K. Hacking
The unfolding phone-hacking scandal in Britain is heightening concern about the security of mobile devices, prompting one U.S. lawmaker to query companies including Apple Inc. (AAPL) and Google Inc. (GOOG) about potential risks.
“As mobile devices become more integrated into our daily lives and do more critical functions like e-banking, then we’ll see more hacking incidents because you’ll have higher reward,” Chenxi Wang, a San Francisco-based security analyst at Forrester Research Inc. (FORR), said in an interview.
Representative Mary Bono Mack, a California Republican who chairs the House subcommittee on commerce, manufacturing and trade, is contacting companies including Apple, maker of the iPhone and iPad, and Google, whose Android operating system powers millions of smartphones, in the wake of the British scandal, her spokesman Ken Johnson said.
“While this appears to be primarily a British issue, Chairman Bono Mack is reaching out to industry to determine if there are any vulnerabilities in cell phones or mobile devices which can be exploited by criminals and other unscrupulous individuals,” Johnson said in an e-mail. “Clearly, we want to prevent this from ever happening in the United States.”
Allegations that the U.K. tabloid News of the World hacked into voicemails including those of a murdered schoolgirl have sparked a public outcry in Britain and led Rupert Murdoch’s News Corp. (NWS) to close the newspaper.
The number of U.S. smartphone users is expected to jump to 158.9 million in 2015 from 99.6 million this year, according to Forrester Research Inc., a Cambridge, Massachusetts-based technology research firm.
Downloadable applications for smartphones and tablet computers are vulnerable to attacks by hackers, Enrique Salem, chief executive officer of Symantec Corp. (SYMC) the largest maker of security software, said in a June 1 interview.
“It’s very hard to completely vet everything,” Salem said. “It’s early in mobile security.”
Cupertino, California-based Apple’s App Store has more than 425,000 applications, while Google’s Android Market has more than 200,000.
“Apple takes security very seriously,” said Natalie Kerris, an Apple spokeswoman. “We have a very thorough approval process and review every app. We also check the identities of every developer and if we ever find anything malicious, the developer will be removed from the iPhone Developer Program and their apps can be removed from the App Store.”
Mountain View, California-based Google declined to comment in an e-mail.
‘Easy to Hack’
Bono Mack also is contacting BlackBerry maker Research in Motion Ltd. (RIMM) and wireless companies AT&T Inc. (T), Verizon Wireless and Sprint Nextel Corp. (S) in the wake of the British phone hack scandal, Johnson said.
“It’s fairly easy to hack into a cell phone,” Lawrence Ponemon, director of the Ponemon Institute, an information security research firm in North Traverse City, Michigan, said in an interview. Hackers can gain access to cell phones by calling a person and impersonating a phone company official, or using software to correctly guess a password.
The British scandal may boost awareness about the broader data risks posed by mobile devices, including smartphones that carry advanced features such as Web browsing and software applications, Ponemon said.
“If a tabloid has the ability to get this type of information and hack into phones, then very likely in fact it’s happening in other venues and in other ways,” Ponemon said.
Bono Mack released draft legislation June 13 that seeks to tighten data security in the wake of recent cyber attacks, including an April assault on Sony Corp. (6758)’s entertainment networks. Under the proposal, companies that experience a breach that exposes consumer data would have 48 hours to contact law enforcement agencies and begin assessing the potential damage.
U.S. lawmakers have scrutinized the privacy and security of consumer data on mobile devices in a series of hearings this year. Senator Ron Wyden, an Oregon Democrat, and Representative Jason Chaffetz, a Utah Republican, introduced a separate measure June 15 requiring law enforcement agencies to obtain a warrant to access location data from an individual’s smartphone.
Democratic Senators Al Franken of Minnesota and Richard Blumenthal of Connecticut introduced legislation last month that would require companies such as Apple and Google as well as application developers to obtain permission from mobile users before collecting location data and sharing that information with third parties.
“Manufacturers are consumer focused and are less concerned with security,” Wang said. “Until there’s a major hack and consumers start demanding increased security, or it becomes required by regulation, security will remain a step behind.”
To contact the reporter on this story: Eric Engleman in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Allan Holmes at email@example.com
Bloomberg moderates all comments. Comments that are abusive or off-topic will not be posted to the site. Excessively long comments may be moderated as well. Bloomberg cannot facilitate requests to remove comments or explain individual moderation decisions.