Hackers are not only targeting your laptops and computers to spread malicious viruses and malware, they are also scoping your phones, mobile devices, and wearables, looking for easy means to infect you and your network.
As any IT expert knows, your complete defense is only as strong as your weakest link and in many cases, this is your phone. Our phones are often our most connected devices, while simultaneously being our least secure. More than half of adults didn’t even know mobile antivirus solutions were available.
Business mixed with pleasure: The Modern Trojan Horse
If you have a single mobile phone, used for work and personal life — you could be putting your company at risk. By accessing public Wi-Fi, downloading applications, accessing suspicious attachments and carelessly browsing the internet you are leaving yourself susceptible to infection.
When your phone gets hacked, the infection is not confined solely to your phone, it can spread on your personal network to your computer, laptop, your TV, fridge, even your Fitbit. Infection is bad enough if you are spreading infection in your household but is a red alert for any business.
Employee’s who connect to external and internal work networks on the same devices could be unsuspectingly bringing in viruses to their work network. We’ll run through some of the threats you and your company should be aware of:
Application-based threats:
Downloadable applications present the biggest threat to users and are the cause of many types of security issues. Malicious applications may look fine, and come from a reputable developer and marketplace but can sometimes be compromised and be coded to act maliciously.
Malware
Is a type of software, usually installed unwittingly, that can make changes to your phone bill, send unsolicited messages and even give attackers control over your devices. The malware can also replicate itself inside networks and transfer to other mobile devices and computers.
Madware (AdWare and Spyware):
A script that is installed without your consent that alters your internet browsing experience and usually collects your data. AdWare endeavors to get you to click on advertisements in order to make money for the hackers. AdWare is simultaneously joined at the hip to spyware, which tracks your device, collects your personal information in the hope of selling it to third parties. This type of information can be used to perpetrate identity theft or financial fraud.
Viruses and Trojans
Although more commonly found on laptops and computers, infections can occur also occur through mobile applications as well. Generally, a virus will come attached to or packaged with, a program you would think was legitimate, hijacking your mobile phone and potentially stealing your banking information and personal data.
Vulnerable Applications:
Applications that contain security flaws that can be accessed by hackers. The same way WannaCry found vulnerabilities in Windows operating systems, mobile malware can find back doors through unsecured applications. Be wary of applications that are not updated, and always ensure that you are up-to-date with latest operating system and application versions on your device.
Phishing Apps
Phishing apps are a new take on the old scam. Applications are designed to look legitimate, just like the emails, and are looking for you to hand over your sensitive information — just like the emails. Phishing applications might actually be more persuasive as it’s hard to notice the subtle differences between a legitimate app and a false one on smaller screens — anyone who goes through the hassle to make an app must be legitimate…. Right? Wrong.
Web Based Threats
Because mobile devices are constantly connected to the internet web based threats pose a persistent issue for mobile devices:
Drive-by Downloads:
Drive-by downloads refer to any malware that is installed on your computer without your consent. Infection usually occurs when you visit an unsecured website, click a suspicious link, or open an infected email. This kind of malware can be avoided by having a black list and white lists on phones, which can be managed remotely.
Browser Exploits:
Leverage vulnerabilities in your browser as well as software that can be launched by your browser like Flash player or PDF reader.
Phishing Scams:
Suspicious links sending you to suspicious locations and asking for your information should always be a little… suspicious. Don’t fall for phishing scams never give your password out over the internet through email or links. Proper user education is the first and best line of defense against most of your businesses security breaches.
Network Threats:
Wi-Fi and cellular activity can be hijacked by third parties if you are not diligent.
Wi-Fi spoofing is a common method for hackers to gain your passwords and emails. We discussed this in depth in an earlier blog post. Essentially hackers will set up internet connections outside popular, high traffic, locations offering free Wi-Fi in exchange for your username and password. Users unsuspectingly give hackers their email and passwords, which are commonly used across multiple sites.
Wi-Fi intercepting:
You are able to work your way through the internet, doing sensitive transactions based on certificates, and tokens which interact together ensuring the device is correct and the system is secure. For each session, you will maintain one token, allowing you to do secure transactions safely.
Sometimes, however, your token data can be captured by hackers, who can then masquerade as you on one of your sessions, giving them access to sensitive information.
Stay Secure:
There is an abundance of threats no matter where you go online, no matter the device you use. There are threats around every corner. Worryingly, few people use proper security protocol on their mobile device, yet it is their most used and more vulnerable device.
Digital Marketing Manager at Aware Group: Working his way through the world of technology and Thailand as best as he can. Happy to contribute to other tech publications.