What Every Commercial Operator Needs To Know About Distracted Driving

distracted_driving_trucks

In the midst of Distracted Driving Awareness Month, it’s easy to overlook the many commercial drivers and operators that we travel amongst everyday. Distracted driving isn’t just about teens using their smartphones while driving. It affects all of us and involves any person operating a moving vehicle whether they are a private citizen or a commercial driver.

The Federal Motor Carrier Safety Administration prohibits commercial drivers from using a cell phone while driving, and most states either prohibit all drivers from talking on the phone or require them to use hands-free devices. Many companies that employ commercial drivers also have policies against cell phone use. In spite of all this, the sad reality is some drivers still engage in distracted driving behaviors. Even though commercial drivers are trained and licensed professionals, they’re still human and feel the same temptations.

The risk is increased when commercial vehicles are involved because many commercial vehicle types have long braking distances and are difficult to maneuver in an emergency situation. Large vehicles like semis and busses can do a lot of damage even in low-speed crashes. And even though passenger and freight trains are on rails, speed around curves, track switches and vehicle/pedestrian railway crossings are critical areas that must be constantly monitored. If a commercial driver or operator causes an accident, in addition to possible loss of life and injury it leaves their employer open to fines and expensive litigation.

Types of Distractions

A 2009 study of commercial truck drivers found drivers who engaged in texting while driving were more than 23 times more likely to be involved in a close call or wreck. Texting or using a smartphone while driving is one of the most dangerous things a driver can do behind the wheel because it causes three types of distractions:

Cognitive distractions are caused by thoughts and feelings. They include things like memories, emotions and conversations with passengers.

Manual distractions are when the driver takes one or both hands off the wheel to perform a task not directly related to driving. This includes tasks such as eating and drinking, adjusting the radio or mirrors and manipulating a phone, GPS or dispatch device.

Visual distractions are caused by objects or events that cause the driver to look away from the forward roadway. Billboards, accident scenes, street signs and people or animals on the side of the road can all be visual distractions.

Technology Helps Commercial Fleet Owners Fight Distracted Driving

Companies that employ commercial drivers need to take steps to eliminate distracted driving, both for the safety of the public and to protect their drivers and the bottom line. The problem is many commercial drivers ride alone so the chance of detection is small. Unless a co-worker or member of the public catches a distracted driver in the act and makes a report, few companies are aware they have a problem until the driver causes a wreck.

Even if the company uses a dash cam, drivers can block the camera’s view while they text away. Last year a trucker on an Arizona highway was using his wallet to block his dash cam while he used his smartphone and struck a parked police car, killing the officer inside.

BVS is committed to helping commercial fleet owners solve this serious safety issue by manufacturing devices like TransitHound™ that monitor cell phone use of train, bus or fleet operators behind the wheel. Contact me today for information on how your company can increase safety and lower fleet costs by reducing distracted driving.

About our company:

Berkeley Varitronics Systems (BVS) designs and manufactures innovative, RF analysis and wireless threat detection tools, for businesses, and government professionals to manage secure facilities and maintain wireless networks. BVS provides engineering, prototyping, just-in-time production runs, quality testing, software, tech support, and training plus our guarantee that products perform as specified.

The Grass Is Always Greener On The Wireless Side

sprinkler

The sun shines bright as it rises in the distant horizon shimmering across the lake of a magnificent golf course. You pull the sock off your favorite Big Bertha driver excitedly as you meander to the tee box for your first shot of the day. Time stops for a brief moment and you are in disbelief that you finally are able to spend a quiet day playing 18 holes. The deep green relaxes you as your club launches your Titleist 375 yards – just a foot from the pin. As you gleefully walk towards your ball, you notice the perfectly manicured grass and wonder how do they keep it so green?

There is one secret to green grass, water and lots of it. The average golf course thirsts for 35 million gallons of water a year. To effectively get this water evenly spread over the 18 holes requires a network upwards of 1,500 sprinklers spaced 70-80 feet apart. The average course runs sprinklers up to 8 hours a day, everyday. To effectively control a massive system such as this takes advanced technology.

When golf courses are designed, the irrigation system is carefully engineered to keep the grass green, minimize water usage and do all this while remaining hidden to anyone on the course. Irrigation companies use numerous sensors monitoring temperature, humidity, and moisture within the turf to properly irrigate the golf course and keep it green. Sprinkler heads are typically controlled through a 450 MHz wireless paging system allowing the 1,500 sprinkler heads to be remotely controlled automatically. The wireless sensors have technical range limitations as well as FCC transmission guidelines to comply with. To effectively install and maintain an advanced wireless irrigation system requires an equally advanced tool that can measure the signal strength. Engineers and installers need to measure how well the RF (Radio Frequency) signals propagate within the confines of a given course to maintain adequate signal coverage.

When designing a wireless network there is even a need to factor in wireless obstructions such as leaf foliage; the leaves on trees hold a tremendous amount of water which attenuates an RF signal’s propagation characteristics. There is also a need to verify that there are no other nearby interfering RF signals within the same band.

Irrigation companies turn to BVS for their Mongoose™ signal strength meter to tackle their wireless challenges. The Mongoose unit is a handheld and ruggedized calibrated field instrument that instantly measures the 450-470 MHz band aiding in installation and maintenance of the wireless network.

Next time you are driving down the fairway or putting for birdie, stop for a moment and enjoy your day away from reality. Know that high-tech solutions are always working behind the scenes to ensure the grass stays green.

Berkeley Varitronics Systems (BVS) designs and manufactures innovative, RF analysis and wireless threat detection tools, for businesses, and government professionals to manage secure facilities and maintain wireless networks.  BVS provides engineering, prototyping, just-in-time production runs, quality testing, software, tech support, and training plus our guarantee that products perform as specified.

Teens & Smartphones Part of Bigger Distracted Driving Problem

distracted_driving

Distracted driving has become a major problem on America’s roadways. According to the National Highway Transportation Safety Administration (NHTSA) in 2013, 3,154 people were killed and 424,000 were injured in crashes caused by distracted driving. The NHTSA estimates during daylight hours over 660,000 vehicles are being driven by someone using a cell phone at any given moment.

Drivers on cell phones are what almost everyone thinks of when talking about distracted driving, but distracted driving is caused by a wide variety of behaviors. Performing tasks such as grooming, fiddling with the radio or navigation system, talking to passengers and eating or drinking behind the wheel can also cause fatal distractions.

Teenage drivers are most at risk. Researchers at the University of Iowa examined dashcam video of 1,691 crashes with drivers aged 16 to 19 and found 58% were either inattentive or involved in a non-driving-related activity when the crash occurred. Drivers who were using cell phones spent an average of 4.1 seconds out of the final 6 seconds before the crash looking away from the road. They also failed to react before impact more than half of the time.

The Multitasking Myth

Many drivers think they can multitask without affecting their driving performance. In reality, the human brain is terrible at dealing with more than one thinking task at a time. Instead of processing everything simultaneously, it switches back and forth between tasks. Every time the brain switches focus, there is a recovery period where it is not functioning at optimal levels. While there hasn’t been much research focusing on multitasking drivers, studies focusing on workers have found multitasking increases mistakes, lengthens learning time, impairs retention and lowers productivity.

Studies have found drivers using cell phones actually have slower reaction times than drunk drivers with a .08 blood alcohol level. When their brain is concentrating on a task other than driving, drivers can easily miss cues they would have noticed if they were focused on driving. Many at-fault drivers who survived distracted driving accidents say they never saw the vehicles or pedestrians they hit.

Smartphone Apps Provide Safe Driving Solutions

Smartphones catch a lot of the blame for distracted driving, but they can actually help put the brakes on it as well. All modern smartphones allow the user to turn off texts and notifications by turning on flight mode, and most feature a special driving mode with oversized icons and simplified menus. There are even apps that disable calls, texts and notifications automatically when the car is moving. These apps calculate the vehicle’s speed using GPS data. Some even send alerts to parents when the vehicle exceeds the speed limit or engages in risky behavior like hard braking. These apps vary by smartphone platform, so check your device’s app store for specific apps.

Distracted driving deaths and injuries have been falling on average over the last few years thanks to legislation and education efforts, but there is still a long way to go. So far we’ve only looked at distracted driving by the general public. Next week we’ll look at commercial drivers.

Sources:

https://www.aaafoundation.org/sites/default/files/2015TeenCrashCausationFS_0.pdf

About the author:

Scott Schober is a cyber security expert and CEO of Berkeley Varitronics Systems which designs and manufactures innovative, RF analysis and wireless threat detection tools, for businesses, and government organizations to manage secure facilities and maintain wireless networks.

Teachers Have New Enemy In War On Cheating

cheating_students_social_media

Back in the days before the Internet, ethically-challenged students could make a quick buck by selling copied test questions to other students who still needed to take the test. Now students are trading copied tests on the Internet using social media instead of in the hallways.

In the old days, most tests were not standardized so students in one district might take a totally different test than students just a few miles away. The few standardized tests such as the ACT and SAT were given to almost all students within just a few days.

Tests are copyrighted material, and testing companies monitor social media services like Facebook and Twitter using automated software. The software scans user comments, looking for keywords or trigger phrases. Scanning social media for advanced tests such as college admittance and professional licensing exams has been going on for a long time, but social media monitoring for K-12 tests is fairly new.

Adoption of Common Core standards has led to an increase in the number of standardized tests, and changes to the school schedule in some areas has lengthened the testing window significantly. Students in one state might be taking the same test as students in a different state with as much as a month between them. If a student who took the test early shares information about the contents and material it covers, students who take the test later have an unfair advantage.

Test Security and Privacy Concerns

Last month the test publishing company Pearson came under fire for deleting a New Jersey student’s tweet regarding a question on a Common Core test. Pearson also informed the New Jersey Department of Education (DOE), which then contacted the superintendent asking school staff to discipline the student. Parents and Common Core critics blasted the test publisher and the New Jersey DOE, accusing them of spying on students and invading their privacy.

Originally an unnamed state DOE employee indicated the deleted tweet included a link to a picture of the test, but that wasn’t the case. The student’s message did not compromise the test contents.

Pearson issued a statement defending their actions, though they did change their policies regarding matching online accounts to students. Pearson had been matching the names to school rosters, now they are giving the names to the state DOE.

Smartphones, Social Media and Test Security

Even though a cell phone was not involved in this particular incident, they do pose a significant threat to testing integrity. Students use them to cheat by looking up answers, and most smartphones come with social media apps built right in. A few snaps with a smartphone camera can compromise the entire test. Berkeley Varitronics Systems offers tools educators can use to detect and locate cell phones being used in the classroom or before they even get that far. Contact us for more information about maintaining the integrity of your testing environment.

About Us

Berkeley Varitronics Systems (BVS) designs and manufactures innovative, RF analysis and wireless threat detection tools for businesses, government and educational organizations to manage secure facilities and maintain wireless networks.

Why Healthcare Hacking Has Become Big Business

healthcare_hacker

As banks and large retailers have taken steps to harden their networks, hackers have turned their attention to healthcare providers. Just recently, Premera announced a breach that took place last year may have exposed the personal and financial data of approximately 11 million customers. Last month, the nation’s second largest health insurance company reported the information of approximately 80 million people was exposed to hackers in a breach discovered on January 29th.

There are several reasons hackers have focused their attention on healthcare companies, even though companies in the industry don’t usually handle financial transactions.

Healthcare companies keep patients’ personal and financial data. Many patients use online payment options, which means their records may have information such as bank accounts and debit/credit card numbers. Even without financial data, criminals can use personal data to commit crimes such as identity theft and insurance fraud. They can also use email addresses to target patients for phishing scams. While email addresses are easy to change, other information such as names, birth dates, physical addresses and social security numbers are much more problematic if compromised.

Healthcare companies keep and share patient records. As part of the Affordable Care Act, healthcare providers are required to maintain their records electronically and share the data with other healthcare providers. This means if a patient must visit a doctor while on a trip or sees a specialist at another facility, the new doctor can access their records and information. This is important because patients can’t always tell the new provider important details like life-threatening allergies to medications.

Sharing information has real benefits for providers and patients, but it also increases risk of exposure. Because healthcare providers share data, if a criminal uses a patient’s data to obtain prescription drugs, the false prescriptions could become a part of the patient’s record and affect a doctor’s medical decisions in the future. For example, some drugs are incompatible. If a false record shows a patient is taking a drug that is not compatible with the preferred medication, a doctor may be forced to choose a less effective alternative medication.

Healthcare companies are a soft target. Companies in the healthcare industry are more focused on regulatory compliance than security. In the wake of the ACA many small software companies sprang up offering patient record and database software. Some healthcare companies developed their own software, but many opted to purchase off-the-shelf products from these companies. Many have gone out of business or been absorbed into other software companies, leaving the healthcare provider without security updates.

Even when security problems are known and updates are available, they often go for long periods without being patched. WhiteHat Security recently revealed only 24% of known security flaws in the healthcare industry are patched at any given time. Even more troubling, the average length of time for a healthcare site to fix security problems is a whopping 158 days.

Healthcare companies must take steps to harden their networks against hackers. Security breaches can have long-lasting effects on a patient’s financial and physical health.

Learn more about healthcare and other hacking targets. Subscribe to our weekly video 2 Minute Cyber Security Briefing Podcast on iTunes or Youtube. Visit www.CyberSecurityDictionary.com for more terms and definitions.

These Are Your Must-Have Secure Mobile Messaging App Features

 

dirty_text_message

When you send a text or MMS from your phone the normal way, you can’t control what happens to the information once it leaves your device. Wireless carriers are required to save messages for a certain length of time to assist authorities in criminal investigations. The recipient can save the message indefinitely, or send it to someone else without your knowledge or permission.

That means those risqué photos, videos or texts you sent to your significant other could come back to haunt you in the future. There are web sites where people post pictures and messages of a private nature sent by their exes as a form of revenge. Relatively innocuous business-related messages could prove damaging if taken out of context later. Even if you don’t have a disgruntled ex or business partner, the recipient’s device could be lost or stolen, or their cloud accounts hacked.

Several messaging and social media apps have sprung up in response to these security concerns. But how secure are they? Let’s examine the features you should look for in a messaging app that will keep your private messages under wraps.

End-to-End Encryption

Encryption uses a public and private key to encode and decode the messages. A secure messaging app should generate and store the keys on the user’s device, not on a server. The keys should only leave the device by action of the user, such as creating a backup or transmitting them to a new device. This means that even if a company is subpoenaed or required to deliver your private messages to the authorities, they technically cannot.

In-Transit Encryption

Encryption during transmission is important because these apps use a data connection instead of the phone connection. If you or the recipient is on WiFi, the messages could be intercepted and read by a third party. The app should also encrypt stored messages, in case the device is hacked or falls into the wrong hands.

Permanent Deletion

The digital storage on a smartphone works much like a PC’s hard drive. By default when you delete something, the operating system marks the space as available, but doesn’t actually remove the data until something overwrites the space. A secure messaging app should either remove the information completely, or only store the messages in RAM. Some messaging apps automatically delete the messages once they are read or after a specific length of time.

User Friendliness

While this isn’t a security feature in itself, it’s still important. Most secure messaging apps require both parties to be using the same app. If you choose one that isn’t user-friendly, it will be difficult to convince others to join and they may not stay. If you’re choosing a messaging app for business purposes, your employees may be tempted to find their own solution and resort to easier to use but less secure apps instead.

Which Messaging App Should I Use?

Most mass market messaging apps were not designed with security in mind. Apps like Yahoo! Messenger, AIM, Google Hangouts, SnapChat and Viber encrypt messages during transit, but leave them vulnerable to being read at other points.

Of the more popular messaging apps, iMessage and FaceTime are the most secure but are limited to Apple products. On the Android exclusive side, users concerned about security can use TextSecure. Other secure messaging apps such as Cyber Dust, Silent Text and ChatSecure support both platforms.

The best way to decide which app is right for you is to ask your contacts or employees and find out if there is a secure messaging app they are already using. If they are using an app without robust privacy protection, try out a few different apps and determine which one has the features you need the most.

Learn more about texting security features. Subscribe to our weekly video 2 Minute Cyber Security Briefing Podcast on iTunes or Youtube. Visit www.CyberSecurityDictionary.com for more terms and definitions.

How Easy Is It For Hackers To Jack The Tower?

air_tower_hacked

Earlier this month the Government Accountability Office issued a 46-page report outlining security vulnerabilities in critical Federal Aviation Administration (FAA) systems. The report concerns the national airspace system (NAS) used to track and direct public and private aircraft. Many of these issues are common in all types of organizations, so look over the FAA’s list of shortcomings and see how many might be affecting your company.

Interconnectivity: The NAS is not connected to the Internet, but it is connected to outside networks. The report indicates there are too many unnecessary connections between the NAS and these other networks. Security shortcomings in the connected networks could open access points into the NAS, leaving it vulnerable to attack.

Passwords: The report found some servers did not have sufficiently strict password requirements. The password requirements are actually less strict than I usually recommend.The FAA’s minimum number of characters in a password is eight. For maximum security your organization should require a minimum of twelve characters. Passwords should have at least one upper and lower case letter, and should contain numbers and special characters. The passwords should also automatically expire after a certain length of time.

User Authentication: Regulations state only authorized users can have access to the system, and users should have the minimum number of permissions required to perform their duties. The investigators found users with excessive permissions and improper security documentation.

Encryption: Another alarming detail is the FAA did not always ensure sensitive data was encrypted during storage and/or transmission. The investigation found network devices supporting certain systems did not encrypt authentication data, and some systems used weak encryption to store passwords.

Auditing & Monitoring: The report also indicated the FAA did not have adequate systems in place to monitor network traffic or ensure the NAS was logging security-related events. If an attack were to occur, the administrators may not be able to detect and respond to malicious activities in time.

Patching: Investigators found the FAA did not always take steps to ensure key systems were fully patched or kept up-to-date. Some systems were missing patches dating back more than three years, and some servers supporting key systems were so old they had reached end-of-life and were no longer supported. This leaves the systems vulnerable to security loopholes and exploits that have been fixed under newer software releases.

Unlike the FAA, lives may not depend on your network security. That doesn’t mean your organization can afford to relax. Ensuring your network is hardened against hackers is an essential part of running a business.

The Hidden Privacy Upside of Net Neutrality

 

net_neutrality

On February 26th the Federal Communications Commission voted in favor of stronger net neutrality rules. The vote reclassifies both wired and wireless broadband internet service providers (ISPs) as utilities under Title II of the Communications Act of 1934. Most of the media attention has focused on the ruling barring ISPs from blocking or prioritizing internet traffic and forcing companies running services that require a lot of bandwidth to pay extra for faster speeds. While these provisions are important, the act also includes regulations that could increase consumer privacy and help unsatisfied customers file complaints against broadband service providers.

Wireless Consumer Privacy Under Current Regulations

Wireless service providers were already classified under Title II, but only for voice service. Cellular companies have long used their man-in-the-middle status to track users’ mobile browsing habits and the apps they use. Because the carrier has personal information about account holders, the device’s location data and can identify each device at the network level, they can assemble detailed demographics lists to sell to mobile advertising networks.

This allows ad companies to target consumers with a level of precision that worries consumer privacy advocates. For example, if a mobile advertiser wants to target Latino families with pets in northern Los Angeles, the carrier could probably assemble such a list based on the account and browsing information available only to them.

Wireless Consumer Privacy Under Title II

Under the new ruling, Title II Section 222 requires broadband providers to “protect the confidentiality of proprietary information” of “other telecommunications carriers, equipment manufacturers, and customers.” The law was originally written to protect consumers and businesses against AT&T’s monopoly on landline services and telephone directories.

If “proprietary information” applies to data such as user account information, browsing records and location data, carriers would be required to protect the data and could not sell it to third parties without the customer’s consent. Until now, these protections have been severely lacking. In a talk that took place in Boulder, CO on the 9th, FCC Chairman Tom Wheeler shared a story of an unnamed telecommunications carrier that put sensitive customer information on the web with no encryption or password. Anyone could find a customer’s information with just a simple Google search.[1]

Broadband Consumers Finally Get an Ally with Some Clout

Another important but often overlooked feature of the ruling allows consumers to complain about their ISP directly to the FCC. Telecommunications and cable companies have some of the lowest customer approval scores of any industry. Until now, the FCC could only take action if the complaint involved misleading or deceptive claims. Unsatisfied broadband consumers could only take other complaints to the company directly or to advocacy groups with no powers of enforcement. Title II Sections 206-209 and 216-217 allow the FCC to investigate complaints and take action if necessary.

Even though the ruling passed 3 to 2, this isn’t the end of the net neutrality debate. The FCC vote was divided on party lines and some politicians are already vowing to fight the regulations. At least one carrier has already promised a lawsuit. If the ruling is challenged, any replacement regulations should keep the consumer protection parts intact.

[1] http://www.twice.com/blog/executive-insight/fcc-chairman-wheeler-justifies-net-neutrality/55968

Billion Dollar Bank Hackers Use Old Phishing Technique

spear_phishing

Last week the internet security firm Kaspersky Lab released a report on a highly-successful group of cybercriminals who targeted banks and may have stolen up to a billion across 100 financial institutions worldwide. While Kaspersky Labs did not name the victimized organizations, the report indicates they were mostly located in China, Russia and the United States. The attacks included a lengthy reconnaissance phase, with the criminals masquerading as legitimate users for long periods of time. The FBI and Secret Service said the U.S. financial system has not been affected, so perhaps the criminals were uncovered before they could strike.[1]

The malware the cyber criminals used, opened a back door into the company’s computer networks, allowing them access to learn the organizations’ systems. It even gave the hackers the ability to monitor webcams and embedded cameras in laptops to conduct long-term observation of employees. Once the criminals were familiar with the network, they were able to steal money in a variety of different ways depending on the organization. With some banks, they manipulated ATM machines to dispense cash at predetermined times, which were then picked up by money mules. At others, they artificially inflated the balance on legitimate accounts, then transferred the money to other banks in a different country.

As sophisticated and patient as they were, the hackers relied on email spear phishing to launch the initial phase of their attack. It’s an old-school technique favored by hackers because it works.

What is Spear Phishing?

Have you ever gotten an email asking you to “verify” your bank, eBay or PayPal account? Those emails are a form of phishing. When you click on a link in the email, it takes you to a web page that looks very much like the real thing, but is run by criminals attempting to steal your information.

Spear phishing works much the same way, except the emails are targeted toward a specific person or small group of people instead of broadcast to thousands. In today’s world of social media, it’s not difficult for criminals to find the names and email addresses of people within an organization. Once they have the person’s name and email address, the criminals simply write a convincing email that supposedly came from their boss or the company CEO. They attach the malware and instruct the employee to open the attachment in the message.

In this case, some of the emails were sent from compromised employee accounts. Once the bank employee opened the attachment, the embedded malware used a vulnerability in certain versions of Microsoft Office or Microsoft Word to infect the users’ computer.

How Can You Prevent Spear Phishing in Your Organization?

Instruct employees not to open email attachments they were not expecting, no matter who the message comes from. If an employee receives an email with a suspicious attachment from someone they know, have them double-check with the supposed sender before they open it.

Always install security updates and patches to computer operating systems and the programs your organization uses as soon as possible. In many cases, your IT staff can push updates out to computers on the network remotely.

Learn more about internet scams and security. Subscribe to our weekly video 2 Minute Cyber Security Briefing Podcast on iTunes or Youtube. Visit www.CyberSecurityDictionary.com for more terms and definitions.

[1] http://uk.reuters.com/article/2015/02/18/uk-cybersecurity-banks-idUKKBN0LM26120150218

Android & PC Tie For First Place In Malware

malwaremarathon

A report published last week by Alcatel-Lucent revealed malware on mobile devices has caught up to the infection rate on traditional PCs. The report was created by the telecommunications company’s Motive Security Labs and used data compiled from fixed and mobile networks using their Motive Security Guardian software. The software is deployed in networks around the world, and monitored traffic from nearly 100 million individual devices.

The report revealed 0.68% of mobile devices were infected with some type of malware. This may not sound like much, but with 2.3 billion mobile broadband subscriptions this estimate puts the number of infected smartphones and tablets at approximately 16 million. The report notes the estimate is probably conservative due to lack of coverage in China and Russia, where mobile malware infections are higher than average.

Android Makes Up Over 99% of Mobile Malware Infections

That the Android operating system makes up most mobile malware infections should come as no surprise. Its open source environment and the ability for users to install apps from third-party sources makes it easier for cyber criminals to distribute their malware. Apple and BlackBerry mobile devices have a more restricted app environment, and Windows Phone simply lacks the numbers to make a dent.

Another part of the problem is Android devices receive updates less frequently than PCs. In the United States, most Android devices run a version of the OS that is customized for each manufacturer, model and carrier. When Google releases a new version of the stock OS, the device manufacturer must test and tweak the OS for each supported device and carrier.

Top 20 Mobile Malware Infections of 2014

The report also gave information on the top 20 malware programs installed on Android devices. Six of the top 20 list consists of spyware apps that can monitor phone calls, SMS/MMS messages and track the user’s location via GPS data. Three spots went to adware programs. The rest of the list is made up of a wide variety of malicious apps.

Some apps open back doors into the device and allow the attacker to steal data for identity theft. A few are apps that send SMS messages to premium numbers to charge users on their phone bill. Others allow attackers to use the device as a proxy for illicit internet activity. There’s even a bot app that makes the mobile device part of a botnet, a type of malware usually targeted at PCs. New on the list this year are two ransomware programs, which claim to encrypt the information on the device and attempt to extort money from the user.

Mobile Malware is Growing in Sophistication

In the past mobile malware mainly consisted of adware, but some of the malware on the list have features previously targeted exclusively toward traditional computers. As the number of mobile devices grows and the device become more powerful, they will become an increasingly attractive target for hackers.