I use Twitter because I have to, and I play around with Foursquare for research purposes only. I am amazed that anyone uses the location-based services provided by these companies for anything but the most limited of applications.
Physical stalking is far from the only risk, however. Computer criminals can observe a person’s traveling behavior to craft incredibly convincing phishing e-mails or other cyberattacks (“Hey, it was fun meeting you last night at Sullivan’s Pub!”). Location-based service users need to add an extra helping of suspicion to their Web travels.
2. New media platforms
Consumers are welcoming browser-enabled gadgets all over their homes, and why not? It’s great to stream movies to your television without having to bother with tricky laptop-to-TV connections. But beware, says security firm McAfee. Many device application creators are rushing their products to market to meet demand, taking shortcuts on critical security issues.
“These tools have historically weak coding and security practices, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps,” the company warns. The threats could be simple, such as fake Web pages that pop up on TVs, asking users to submit personal information. Or they could be complex, such as theft of stored passwords, or even hijacking of the machines for use in botnets. “This danger will eventually lead to data exposure and threats through new media platforms such as Google TV,” McAfee warns.
3. Mobile phones
Until now, cell phones — even smart phones — have operated in very controlled environments. But the proliferation of the open-application environment of Android, and the “jailbreaking” of iPhones, has created a much more hacker-friendly world for cell phones. As the prevalence of these gadgets reach critical mass, hackers will be drawn to them like gnats to a porch light.
4. Mobile gadgets
In a related category, the explosion of mobile gadgets this year will create both a new playground for bad guys, and a new incentive to target operating systems that also control smart phones. Analysts predict some 50 million tablets of all flavors will be sold in 2011. Most will use Apple’s operating system, but perhaps 10 million to 20 million will be variations on that theme, running Google’s Android. The market for tablet-based antivirus software, meanwhile, is virtually non-existent.
5. URL shortening
URL shortening services like bit.ly. They’re great. Here’s a better link for my story above, by the way http://bit.ly/erORys. But they are also an incredibly easy way for hackers to send you to an unexpected Web page. After all, bit.ly, by definition, obscures the destination URL. URL shortening services undo years of safety training online, with security experts telling consumers to make sure the link they clicked really looked like it was headed to their intended destination. McAfee says there are more than 3,000 URLs being shortened every minute online. That’s a lot of hacker potential.
6. Friendly fire
By now, you probably know enough not to click on an e-mail sent to you by AnneMarie0876 promising to help you enhance your private parts. But what about an e-mail from a close friend offering you a chance at a free iPod, or a coupon for 20 percent off at your favorite department store? This year, next generation viruses like Koobface made it easy for hackers to personalize their attacks, using tools to gather information about you leading to specially crafted e-mails and other attacks. Their success will lead to widespread imitation, McAfee warns.
7. The end of spam. What?
Last year saw the lowest level in spam in years. Why? Criminals go where the people are. Both are moving on to more sophisticated communications platforms like Facebook. Spam is so 2004. Facebook wall posts apparently from friends asking for money are much more 2011.
“Social media connections will eventually replace e-mail as the primary vector for distributing malicious code and links,” McAfee says.” The massive amount of personal information online coupled with the lack of user knowledge of how to secure this data will make it far easier for cybercriminals to engage in identity theft and user profiling.”
Tweets from “friends” will lead to widespread infections. Facebook chats will trick people into giving up personal information, or clicking on malicious links. Promiscuous friending will allow bad guys to connect with all of your friends, creating an easy attack vector with a wide footprint. All of this will happen in an environment where consumers tend to trust more than traditional Web pages or e-mail — in other words, their guard is down, and attacks will be up.
8. Cloud computing
Remember Web 2.0? Me neither. It was just a marketing term that attempted to clarify what would happen if Internet applications started communicating with each other, such as Facebook and your phone’s GPS service. Cloud computing is much the same thing: a marketing term that describes a world where people store data and use applications on remote computers, rather than on their own desktops or laptops. It’s not new — in fact, it’s a rather 1960s concept. But technology firms would much rather rent computer space and services to users than sell them one-time products like a shrink-wrapped box of software. Think of it this way: Who would you rather be, the cell phone maker ($200 gadget sales) or the cell phone service provider ($100 monthly bills)? The TV maker ($400 gadget) or the cable company ($120 monthly bills).
All that’s well and good, and the cloud will provide some neat additional features for users, such as instant backup. But as the cloud moves into mainstream usage, hackers will follow. Only the payoff for hacking cloud services will be massive, warns ISCA Labs.
9. Hactivism outbreaks
The spreading of previously non-public information, against a government’s will, is a new form of attack, and one that can’t be stopped by added improved packet filtering. The only way it can be stopped is by government officials taking a huge step backward and following the advice of many lawyers I know — never type anything that you wouldn’t want to see in the newspapers. Expect a lot more secure phone calls and a lot fewer “secure” e-mails between government officials. That might have a detrimental impact on important information sharing — say, between terrorism researchers at the Department of Homeland Security and airport security officials. But WikiLeaks inevitably will lead to this kind of chilling.
10. More Targeted Malware, backed by nation-states
We now know cyberwarfare can go pretty far. The Stuxnet virus broke new ground in the computer security world, as it was clearly designed to take down utility plants — and may have been written to take down one particular plant in one particular part of the world.
McAfee warns that companies of all sizes that have any involvement in national security or major global economic activities should expect to come under pervasive and continuous … attacks that go after e-mail archives, document stores, intellectual property repositories and other databases.”
In other words, it appears cyberspace is going to be much chillier in 2011.