He can hack into your smartphone with 1 SMS

SINGAPORE - Rik Ferguson looks like someone not to be messed with.

The humorous IT security expert, who sports numerous tattoos and has a penchant for heavy metal music, can hack into your mobile phone with a single SMS.

He can then remotely listen to your calls, read text messages and even access the password to your online bank account.

"It's creepy, isn't it?" said Mr Ferguson, who is global vice-president for security research for IT firm Trend Micro, as he demonstrated the hack. Yet, many users still refuse to believe how vulnerable they are when they use mobile devices, he added.

Technology experts are warning that mobile devices have become the next lock to pick for cyber criminals.

One in three mobile users globally has been exposed to some form of mobile cyber crime, according to a 2012 report by anti-virus firm Norton by Symantec.

In Singapore, one in five adults has been a victim of either social or mobile cyber crime, such as scams. Victims suffered an estimated US$944 million (S$1.2 billion) in losses, the report said.

As mobile devices become smarter, they have become more susceptible to hacking. They are almost always connected and are often loaded with much more personal information. For hackers, these devices are easy targets and a treasure trove of intimate data that they can obtain and sell.

"Criminals follow consumer behaviour. The more we move from traditional to mobile devices, the more they will too," said Mr Ferguson.

Currently, the most common threats are what is known as premium-rate billing scams - apps secretly running software in the background to inflate phone bills.

Then there are data stealers who snitch on information such as addresses, said Mr Joseph Gan, chief technology officer of local mobile security firm V-Key.

Using the app, a sophisticated hacker can instruct the phone to record audio or snap photos, all without the user ever knowing.

In 2011, Trend Micro projected that there would be some 130,000 malicious apps that year, most of which were for Android devices.

By the end of 2011, more than 350,000 malicious Android apps were circulating online.

"That's when we first saw the first uptick of malware," Mr Ferguson said. By the end of this year, the firm expects to see more than a million. "We are seeing an exponential growth in the number of bad apps out there," he added.

Yet surveys by tech firms show that Singaporeans are still complacent when it comes to mobile security. Out of 500 Singaporeans surveyed by Symantec, three in 10 "choose not to" use any mobile security software.

Mr Ferguson admits that the IT security industry is partly to blame for this complacency.

Even before 2011, it has been crying wolf, warning mobile users to be prepared for large-scale attacks. "But it never appeared. Now that it really has become a problem, there's that fatigue of people hearing that warning over and over again," he said.

Mobile users can protect themselves by buying apps only from trusted vendors such as Google or Apple. It's also a good idea to read the "permissions" that apps require before downloading them.

"If a game wants permission to access the telephone, you got to ask yourself why would a game want to be doing that," said Mr Ferguson.

Mr Gan also advises Android users to install a mobile security software, many of which are free.

How to protect yourself from hackers

Here are tips on how mobile users can protect themselves from malicious apps:

- Download apps only from trusted app stores such as Google Play.

- Check the publisher of the app. Popular game Temple Run, for example, is made by Imangi Studios and has versions by Disney. Those made by anyone else are probably malicious ones.

- Avoid unofficial free versions of popular apps. They often have malware hidden in their code.

- Check the "permissions" of the apps.

- Apps from Google Play and Amazon App store, for example, have to declare which components of your device it wants to access. Something is fishy if a weather app wants to access your telephone to make calls.

This article was first published on April 8, 2013.
Get a copy of The Straits Times or go to straitstimes.com for more stories.