In the wake of the infamous WannaCry ransomware attack, cybersecurity continues to remain under the microscope for concerned organizations across the globe. Everyone is most highly concerned about their computers. But less attention is paid to the threat sitting in your very pocket right now: your mobile phone.
Your phone often handles the most sensitive data you have to offer, from confidential work e-mail to the embarrassing photos you took of yourself while in that Super Mario costume. As the power and capability of our phones increases, so does our reliance on them. And as our reliance on mobile phones increases, so does the interest of criminals in hacking them.
This article by Ryan Francis of ComputerWorld lays out what he believes are the top 5 security threats facing your mobile phone. Let’s take a look:
1. Untrustworthy devices. A device itself may be faulty or maliciously configured within the supply chain, providing violation of CIA (confidentiality, integrity, availability), he said. One example: CheckPoint earlier this year found an infection of 36 Android devices at a large telecommunications company. In each case, the breach was not caused by the user, but by malware already on the phone when the employee took it out of the box.
“According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain,” CheckPoint wrote on its blog.
This is a tough one, considering you have zero control over your phone before you’ve bought it. The best way to deal with this is to make sure you buy your phone from a reputable source. Purchase your phone from your local big-name retail outlet? Good. Purchase from the strange man selling phones from inside his coat on the street corner? Bad.
2. Malicious apps. Installed applications that claim to perform one task, but actually do something else, represent a hard-to-spot vulnerability.
Always use good judgement when downloading apps. Generally, you want to stick to well-known apps with a lot of downloads and positive ratings. If you need to download an app that seems less well-known, examine the details of the app first and google the developer. Visit their website if possible. If something seems fishy, it’s probably best to just avoid.
3. Useful apps with unwanted information leakage. Many applications installed for legitimate uses, can still result in misappropriation of information, such as the extraction of contacts from telephone, Crowley said.
I’m not certain about iOS, but Android apps usually require a prompt before being allowed to access your contacts, location, e-mail, or other sensitive information. As a rule, I usually say no whenever possible. If an app doesn’t need access to my contacts, then I’ll deny the access. Why open another front for that information to leak out?
4. Banking malware. Kaspersky Lab Senior Malware Analyst Roman Unuchek sees banking malware as an ongoing mobile security threat. Cybercriminals use phishing windows to overlap banking apps and steal credentials from mobile banking customers, he said. They also can overlap other apps and steal credit card details. Furthermore, they can steal incoming mobile transaction authentication number (mTans) and even redirect calls.
When engaging in mobile banking, you need to be vigilant. It’s one thing to have your contacts stolen, but another entirely to have your money stolen. I strongly recommend downloading a well-rated virus protection app for your phone before using any mobile banking apps, just to cut down on the possibility. It’s also vital to make sure you are downloading only the approved app for your bank, not something developed by a mysterious 3rd-party. Never, ever provide your banking details to any app that doesn’t seem to need it. If it’s not a banking or budgeting app, they probably don’t need your account info.
And finally, the special guest star of recent cybersecurity events:
5. Ransomware. In the first quarter of 2017, ransomware was the most popular type of malware in the U.S. Ransomware blocks a device (or desktop computer) by imposing its demand-for-payment window over all other windows, including system windows. After that they demand money to unblock the device. Ransomware comes in a variety of forms, most recently as the WannaCry malware, which attacked Windows desktop systems.
As mentioned earlier, virus protection is a key first step in protecting your phone. You can aid the virus protection app in it’s mission by not downloading suspicious apps and controlling access to your sensitive phone information/functions. Don’t plug your phone into unprotected or unfamiliar devices like public computers, and definitely don’t let strangers fiddle with your phone for any reason other than you paying a reputable technician for service.
Don’t let your phone become a mobile liability. Know the threats, know how to counter them, and keep control of your phone!