Any programme that is designed to make your computer do something you don’t want it to is malware. This can range from programmes that damage your computer, to ones that can steal your personal data giving hackers the ability to do things like access your credit card and bank account details.
Niclas Kjellin of Softhouse Consulting in Sweden is one of Europe’s experienced mobile and security architect and works on the development of Enterprise apps. He knows the importance of security early on and spoke to Verghese V Joseph on the kinds threats we can expect. He is the team leader of the most creative and innovative app dev team in South of Sweden and security is always considered for every step in each project.
Working with technology that enables new experiences and makes people connect from all over the world, while never forgetting the importance of security and privacy. Apart from his knowledge within mobile development and security architecture, Niclas is also an experienced speaker and have held several talks about digital security, particular security related to software development, but also on more softer sides, involving the actual users and the forces that drives us all.
Together with an education at Stanford University in software security, he is also a Certified Ethical Hacker and fights for the ordinary user in a connected, although insecure, world. As hackers turn to attacking mobile devices in order to steal data that can compromise your company or bank account we spoke to Nicklas on issues impacting software security. Excerpts:
Is there such a thing as perfect computer security?
Probably not, I guess that would be a disconnected computer.
How prevalent is hacking on mobile devices in Asia Pacific?
Targeted hacking of individuals’ smartphones is still quite uncommon. However, considering that the attack surface in Asia Pacific is 1.3 billion smartphone users, I believe that random mass-attacks will become even more common, particularly regarding ransomware.
What are the warning signs for phishing attacks?
Clicking on links in phishing emails usually opens a login page or a payment page, double check the address and the sender email, if it doesn’t look right, then don’t continue. If you are in any way unsure, call the service and ask them, at the very least they would be interested in knowing about any ongoing phishing attacks.
A lot of malware comes in the form of Trojans, what warning signs should consumers look out for to avoid them?
Only download apps from the official stores, on Android check what rights the apps ask for, if it seems to be more than what the app really needs, just remove it. Other signs can be increased data traffic, battery usage or strange behaviours of the device, then again, this might also be due to legitimate apps being poorly written.
A lot of hacking is done through social engineering, where hackers use publicly available information in order to get access to computers – what would you suggest users do to reduce the risk?
Don’t use personal information in password and never reuse any passwords. Also for those security questions that some services require, make up false answers, just make sure you remember your answers. Answers to questions like ‘name of your school’ can often found online.
In the same vein, a lot of corporate hacking works through social engineering attacks where hackers get information through simply asking workers, how can companies train their workers better to avoid falling for this?
It is in our nature to be helpful and it is quite difficult to unlearn this behaviour. In my opinion, it is easiest to learn something by experiencing it yourself. Hands on exercises where employees are contacted by actors trying to extract information work quite well, if done unknowingly.
What tools( if any) would you suggest for users who have been infected with malware who want to get rid of it?
There are tools, however, on a mobile device I find a clean install of the operation system has the best effect.