Mobile security breaches can happen to anyone who uses a smartphone or tablet that is connected to the internet. Knowing these potential threats and how they can affect your devices are key to preventing them.
Data leakage can be a serious threat to mobile users, and especially to enterprises with employees using mobile devices. Companies have a significant chance of at least one major data leakage each year. This can happen by:
- Poor app setup allowing apps to see and transfer too much information.
- Not having an app vetting process that is easy enough and effective.
- Not having mobile threat defense software solutions (MTD).
- Non-malicious user error in transferring or sending information.
- Accidental disclosure of sensitive information.
- Riskware is given too many permissions.
For more information, read our post Ways To Prevent Smartphone Data Leaks.
Public and Unsecured Wi-Fi
Wi-fi, and especially public wi-fi hot spots are not always secure for users to download and send data. Add this to the fact that most mobile users including corporate users, are several times more likely to use wi-fi over cellular data. Common threats include man-in-the middle attacks and network spoofing, both of which are on the rise. Cyber thieves can use these methods to steal information to access social media, banking and even user VoIP conversations. Man-in-the-middle attacks can affect both Android and iPhone users because they do not depend any one specific OS.
Unfortunately, most people do not bother to to secure their connections while traveling. Having a VPN can definitely help, but choosing the right one is not easy. Mobile devices tend to be battery hungry. And VPN’s can diminish mobile battery power so they need to be activated only when necessary.
Devices That Are Out-of-date
Smartphones, tablets and other internet connected devices are at risk of security breaches due to not being up to date. This includes operating system updates and other software security patches. Some IOT devices are not even designed with updating capabilities at all. Enterprises having growing quantities of internet connected devices and mobile operating systems, making data breaches more costly. Unsecured Internet of Things devices are at high risk of disastrous data security breaches. Although Android devices are fairly good at recieving ongoing updates, it is up to
both individual users and organizations to ensure their overall security until improved security software apps enter the mobile market.
Cryptojacking (or malicious crypto mining) is a method for cyberthieves to use another computer or mobile device to mine cryptocurrencies without a user’s permission. This is a new and growing threat that can affect web browsers, network servers, and all types of user devices. These attacks are designed to be completely invisible to the owners of mobile devices or computers they are using. Basically, these attacks are made for profit and will use your device for a criminal’s gain. These can drain battery life and even damage components from overheating.
Cryptojacking started on desktops as cryptocurrencies gained popularity since 2016, but have now spread to mobile devices. Mobile apps are the main way cryptojackers can hijack a device’s resources. Many cryptocurrency mining apps are now banned by Apple’s App Store and Google Play which help diminish these threats, but not entirely. The best way to currently minimize the risk of cryptojacking is to download apps only from an Android or iOS official marketplace.
Poor Password Practices
Smartphones contain personal sign-ins and company account information, so good password hygiene is necessary. However, many users still do a fairly poor job of following good password security practices. These include reusing passwords over multiple accounts, not using password managers, and using weak passwords.
Many professionals use the same passwords for both work and personal use, increasing risk to both them and their companies. Many employees also share passwords with each other and mistakenly enter them into retail sites and message forums. The threat is multiplied by unsecured wi-fi use and their potential interference.
One solution is to use a password manager that can keep your passwords secure and generate strong new ones when you need them. For more information, read our post Are Password Managers Secure?
Physical Breaches of Devices
Losing your smartphone can cause a major security risk. This is increased if your pin and passcodes are not strong. Many companies do not have required measures to secure their corporate data across their user’s devices. Many users do not even have passwords, PIN’s, or biometric security setup to protect their devices. Many also do not use ecryption and even share passwords across personal and work accounts. Users and companies should create and follow policies and guidelines for user password and encryption practices.
Downloading unapproved or rogue apps creates opportunities for hackers to steal information from smartphones and other mobile devices. Many companies do not require employees to download apps from trusted sources, such as the Apple App Store and Google Play. Regardless of what Apple and Google do to stop rogue apps, their measures are not perfect. Less secure app marketplaces are even more at risk of cybercriminals using them to steal data. Rogue Apps are often well designed so they are hard to spot by the average mobile user, making them easy to fall for.
Social Engineering Tricks
The social engineering tactics of cyber criminals remains surprisingly effective, even with available education and resources available to the average mobile user. Most cybercrime is initiated via email, where users can be tricked into clicking on links to dangerous websites. Phishing is growing, and email spoofing can fool users into believing its from a trusted source.
Mobile users are particularly vulnerable, as they are several times more likely to fall for phishing attacks than on desktops. This is due to smartphone popularity, small screen size, and easy one-tap options to open emails. Workers can be distracted amidst multi-tasking and easily mistake a phishing attack for a standard email in their multi-screen environments.
The rise of mobile devices has also increased these types of attacks as hackers target them more often. Text messages, Facebook messenger,
WhatsApp and even games are all places phishing occurs. Cybercriminals can even phish for two-factor authentification codes, the very thing to protect users from them. Having hardware-based authentication can help, so check with your OS provider for options.
A Lost or Stolen Smartphone
It is estimated that somewhere between 50 to 100 million smartphones are lost or stolen every year. Very few are actually recovered. These include enterprise owned smartphones, often which do not have lock screen configured for devices across their organizations. The solution is to make sure your mobile device has a lock screen configured.
Hackers can setup fake connections that appear as legitimate wi-fi networks but are really just traps to ensnare user’s into giving up passwords and usernames. Many users will emply the same passwords across their accounts and then give them to hackers to create fake accounts on there phony wi-fi hotspots. This usually happens in high traffic areas such as airports, cafes, and restaurants. So, whenever asked to give a login, then use always use a unique one.
App creators using feeble encryption algorithms or those not properly implemented can lead to broken cryptography. This can happen with older encryption algorithms with known weaknesses or leave “back doors” to strong algorithms. The solution is for app developers and enterprises to impose strict encryption standards before apps reach the marketplace, and users to watch out for bad ones.
Faulty Session Handling
Session “tokens” are created to make mobie device dealings easier for users. They are generated each time a user attempts to access an app. However, apps can unintentionally share session tokens with cyber thieves. This can give them the ability to impersonate real users and access their apps, possibly exposing personal information for theft.
Operating System Weaknesses
All software has some weaknesses, and smartphone operating systems are no different. Malware and viruses can infect your mobile OS through security holes. Hackers can also target weaknesses specific to each OS and cause damage. Make sure to update your software regularly to fix these holes and stop these threats.
iPhone users are most at risk for trustjacking when connecting to USB ports on unsecured devices or computers. iOS will ask if you trust the computer, and your agreement to this can lead to an iTunes Wi-fi sync vulnerability. This is originally intended to give iPhone users the ability to manage their iOS device without a direct physical connection to their computer. However, it can lead to data theft through computer that is infected by malicious software.
Spyware can be even more threatening than malware because it can be installed by anyone to watch over your activities. This includes employers, co-workers, and even girlfriends and spouses. Having strong antivirus and
antimalware software can help to remove these programs before its too late. Spyware can give your personal information to cybertheives, advertising firms, or other unknown users.
Phishing attacks are more common on smartphones and tablets because they make up most online connected device today. Its also more difficult for mobile users to spot a fake emails before clicking on them because of smaller screensize and frequent multitasking. Social engineering tactics are often employed to scare or trick users into giving up information.
There are many activities that can lead to mobile security breaches so having the right protection and online behavior is how to to stay protected. Mobile devices and tablets are used more every year over desktop PC’s for users to access the internet and be productive at work. However, mobile security apps or OS protections are not as well developed as on PC’s.