Earlier this week, I had a bit of a scare with phone malware that fortunately turned out to be nothing, but made me stop for thought. I’ve just come back from a period travelling, with a mobile phone bill to match. The unbilled usage was slightly higher than I expected so I started checking for calls and numbers. I noticed that there were a number of calls showing on the unbilled usage to numbers that I didn’t recognise dialling and that weren’t in my phone’s call history. The numbers were only dialled for a few seconds at a time and additionally, the first 8 digits of the numbers dialled remained constant with only the last 3 changing each time. I then thought to how only 3 months ago my battery would last between 36 and 48 hours usually but now can lose 50% in 8 hours.
It hit me that I must surely have malware running on my phone. Some malicious software that was running through blocks of numbers, automatically dialling at random until it found a victim, possibly logging the fact that the number was either assigned or that the call was answered.
I ran and installed some free popular anti virus software and begun auditing installed applications, battery and processor usage. Fortunately in this case, my paranoia had run away with me. A quick call to the network provider confirmed that the numbers showing up were network numbers and that these entries would automatically be corrected or quantified as data usage on my final bill. Of course, my draining battery most likely down to me using it more than when I’m travelling. A thorough audit followed and showed no sign of any malware.
It did get me thinking though.. my phone contains some of my most personal and sensitive data – logins for all my email accounts, the majority of my contact list, my personal banking application and GPS functionality that knows where I am all of the time. Why then, would I be so liberal with the software that I install on this device, even if it is from trusted sources. Why wouldn’t I be more concerned with the ridiculous permissions that some of these applications request, such a Spanish to English dictionary needing phone access.
The incident was a bit of a wakeup call to spend more time practising what I preach. If I’d found Company directors or staff with this level of business data on a phone with such sloppy application and permission management processes, I would be highlighting it as beyond critical. Fortunately, I avoided a major fail that time. It turns out that it took a scare before I took the risk seriously.