Mobile security is a relatively new field in the world of cybersecurity. The rise of mobile computing calls for an increased vigilance in regards to our personal information. Smart phones and the like are now the standard. In fact, according to the Pew Research Center, 95% of Americans own a cellphone of some kind.
The obvious risk increase stems from the fact that cellphones are no longer primarily for calling people. Smart phones store everything from our emails to our banking information. We use them as calendars, GPS systems, and everything in between. Anyone who uses apps have the majority of their passwords stored on their phones. While these features are convenient for the user, they open the door for a plethora of mobile security risks.
One of the most obvious risks to mobile security is someone stealing your phone. Due to the portable nature of phones, it is easier to leave your phone somewhere. Additionally, it is easier to steal a phone than a desktop or laptop. If your phone is unguarded, or has a mediocre password (1234, 0000, etc.), whoever has your phone has access to your passwords, and all of your data. However, your data is not the only thing at risk. Smart phones are incredibly customization and personal. Therefore, they are a prime target for identity theft. After all, the information on a smart phone can easily paint a very clear picture of a person; their spending habits, their account information, and other sensitive information.
Google is currently undergoing criticism due to their play store hosting malicious apps. Google has a history of poorly vetting their apps and it is important to remember that literally anyone can create an app. Therefore, many apps can pose a significant risk to your mobile security by hosting malicious ads, or using social engineering tactics.
The most common issue is the access process, in which apps ask you to give them access to your data. Often this is plausible for certain apps. For example, Skype needs access to your microphone, so you can speak into it and others can hear you on the app. However, apps will often use your information in ways that you only implicitly consented to. In fact, the majority of apps that ask for your location use this information for marketing purposes. In worse situations, predatory apps marketed at children have asked for outlandish permissions, such as texting the contacts in your phone, posting on your behalf, and even access to your memory card. These apps are obviously a blatant violation of your mobile security. Some apps even eschew all pretenses and end up just being malware disguised as an app.
For the many unfortunate people who do not have unlimited data, airport or coffee shop Wi-Fi can be your only option. Unfortunately, most public Wi-Fi setups are not very secure. Mobile security can be easily compromised if an attacker decides to take advantage of a weak wireless network. Additionally, an attacker could easily take advantage of your smartphone’s automatic remember feature, in which a phone will automatically connect to a previously used Wi-Fi system. The attack could achieve this by access point spoofing, a method of created a fake Wi-Fi access point that hosts the same characteristics, parameters, and name as the original access point. A phone could easily confuse the two networks, granting the attacker easy access to intercept your data.
We Need to Take Our Mobile Security Seriously!
Botnets, malware, spyware, and backdoor communication channels all pose a significant threat to your mobile security. On a personal level, your data, identity, and money can easily be stolen. On a business level, your systems security can be compromised by an employee’s unprotected phone, as explored in our previous article, Bringing Your Phone Into Work COuld Cause a Data Breach.
Therefore, it is important to take take measures to protect and control your mobile security. Limit app access. Be wary of signing into public Wi-Fi. Use multi-factor authentication like a strong password and biometrics. Avoid storing your passwords on apps. Allow space on your phone for antivirus software. Update your phone regularly. However, perhaps most importantly, be skeptical. You should not always believe everything that is presented to you. Phishing attacks and and malicious distribution is the bread and butter of cyber attackers. Therefore, make sure to check the reputation of all downloaded apps, and learn the signs of legitimacy regarding links you come across.