Today’s world is a mobile one, with laptops, tablets, wearables and smartphones now having the computing power of traditional desktops. Their portability as well as the applications they now support, make them perfect to use from any location with an Internet connection. Moreover, mobile devices have also become so affordable that both businesses and individuals are choosing them over desktop machines.
But… and there’s always a but… the proliferation of wireless Internet, combined with the wide range of mobile devices, has caught the attention of attackers, and these devices are becoming increasingly vulnerable to breaches and other attacks.
Bad actors have flexed their muscles and showed the industry that practically every device is hackable.
They’ve hacked cars, smart homes, baby monitors and medical devices. If you consider that, according to analysts, there are around 12.3 billion connected devices today, it paints quite an alarming picture.
If we look at the types of threats mobile devices face, there are four that I consider to be a major danger. Firstly, there are mobile Web sites that download malware onto mobile devices without the user’s permission or awareness.
Next, spyware, is a software that aims to gather information about a person or company and send it to another entity, sometimes to better target users with advertising, but also for purposes of stealing credentials. Similarly, madware, or mobile adware, collects data for the purpose of better targeting users with ads. Neither are good.
Then there’s malware such as viruses and Trojans often come attached to what may seem to be legitimate applications or programmes. They can take control of the device and steal all it’s information, including sensitive data such as banking logins. They can also subscribe users to premium text messages and suchlike that can run bills up to hundreds of euros.
Phishing is probably the most dangerous.This scourge used to be limited to desktops, but alongside the increased use of mobile, new avenues for attacks were bound to rear their ugly heads. Attackers have recognised the value in exploiting channels such as social media, messaging services and mobile applications, to steal information.
Unfortunately, mobile devices generally don’t have the same security measures that desktops do, and as these devices are being used increasingly for business, cyber criminals were bound to find new ways to exploit them. There are several ways phones can be phished, but an example would be phishing apps, which are tailored to appear like legitimate apps and covertly secretly collect the information users input, such as passwords, account numbers, and the like.
They can also use text messages containing a malicious link that the attacker tries to get the target to open. If they do, the link loads a phishing page where the user is fooled into inputting their login credentials, or it sets off a silent download of spyware to the device.
So how should companies protect themselves from mobile threats?
Firstly, only buy devices from vendors who issue security patches as soon as they are available. Next, do not automatically save all passwords, and always use two-factor authentication. Take advantage of built-in Android security features - phones such as Samsung use Knox which is excellent, and other anti-malware can be downloaded with ease. Then, don’t connect via any unsecured WiFi networks, only buy apps from official app stores, and check every permission an app asks for, questioning why they might need something that doesn’t make sense.
Finally, as a business, train your users on basic security hygiene, as well as anything suspicious that should raise a red flag, to help them avoid falling victim to mobile attacks. After all, prevention is always better than cure.