Skip to main content

Saurabh Harit says smartphone users should lock their devices with strong passwords to protect their information.John Lehmann/The Globe and Mail

Consumers take elaborate precautions to ensure their home computers are safe from viruses and hackers, but a security consultant says they spend dangerously little time worrying about the same threats to their smartphones.

Saurabh Harit, who works on how to plug the myriad holes in the devices, notes that smartphones provide a lot of functionality, but users are often reluctant to take the most basic steps to safeguard the information in them. For example, they don't create a strong password to secure the phone.

"If you put some effort into setting a good password, you can protect your phone to a certain extent," Mr. Harit said. "I know it's not very convenient to type an eight-digit password or an alpha-numeric password, which is long on a phone, but I think that's the least you can do to protect yourself."

Mr. Harit, employed by Security Compass, an information security consulting company based in Toronto, is teaching a seminar on smartphone hacking at CanSecWest, an international conference on digital security being held in Vancouver this week.

He said that some phones are easier to hack than others.

"Androids are most prone to hacking because they're open source," he said. iPhones are "a bit more secure but it's not like [they're] hack proof." Blackberries "keep their code really closed" and as a result, are the most secure, Mr. Harit said.

In a report widely circulated within the digital-security industry, information technology company HP analyzed 2012 data to determine how risky mobile apps are to users and concluded that 48 per cent of them are vulnerable to unauthorized access, meaning someone can manipulate the app to get access to user information.

The report, released last year, also found that 26 per cent fail to properly encrypt user information.

The report says standards for encrypting mobile apps have a long way to go. "In the age of bring your own device (BYOD) – that's dangerous," said the report.

"There are financial applications that can store your banking information and social-networking applications like Facebook which contain your personal information," Mr. Harit said. "There is all kinds of information stored on your phone so if people can get hold of that information, they can perform undesired actions."

Nish Bhalla, CEO of Security Compass, said part of the problem is the people that write apps aren't thinking about security.

"They're thinking from a functionality perspective," he said in an interview Monday.

Sean Comeau, who works for a Vancouver tech firm and is taking in Mr. Harit's course, said consumers should be concerned about the safety of their smartphones.

"There's nothing you can do to completely protect yourself," he said. "Smartphones are very popular so whenever a platform is popular it will be hacked."