Mobile Security Threats: Keep Your Eyes Peeled

Who knew that smartphones and tablets would become the preferred communication device for both personal and business use? But there’s an important consideration: Are they susceptible to mobile security threats? 

Our relatively small and portable devices can do anything a desktop computer can do: web searches, gaming,  research, travel, job searches —  you name it. More times than not, all you have to do is say, “Google (or Siri or Cortana or Bixby)” where can I…?” and the answer appears immediately in your hands or even in your ears if you’re using a Bluetooth hearing device.

Mobile Devices as an Entryway

The use of mobile devices isn’t limited to personal searches like trying to find the best local burrito shop: Microsoft estimates that up to 80 percent of the work in many organizations is now done via mobile devices. Over half of all web searches are now done from a mobile device rather than a desktop PC or Mac. 

When was the last time you searched for something?

The activities that were traditionally performed on desktop computers are now being done on mobile devices, and as a result, they have become increasingly targeted by cybercriminals. 

As it turns out, smart devices contain much of the same sensitive information and app access as a PC or Mac, so cybercriminals are creating mobile malware and other exploits to breach these mobile devices.

In 2020, approximately 36 percent of organizations were affected by mobile malware and 2.5 million people unknowingly downloaded multiple mobile adware apps.

Preventing Mobile Security Threats

It’s vital to start taking care of mobile devices in the same way you do computers when it comes to security. They need the same types of security precautions in place, including:

• Automated OS and app updates.
• Managed backup.
• Antivirus/anti-malware.
• DNS filtering.

Keep your eyes peeled for the most common mobile device threats that allow your data to be leaked or breached. Here’s how mobile malware works:

• Hidden malware in apps is difficult to find. It takes a keen eye and a bit of cynicism.
• The same types of bright, colorful graphics and high star ratings (most likely boosted through questionable means) are used by scammers. While the app might do what it says it will do when downloaded, malware can be hidden in the background, infecting a device as soon as the app is installed. Many of these apps will hide once on your phone or tablet by applying the icon of a common default system app (like settings or calendar). 
• Mobile malware can include all the same types of malware that can affect a computer, like adware, spyware, ransomware, trojans and more.

Unsecured Communications

Picture this: have you ever sent someone credit card details or a password over text or another messaging app? Did you first check to see if the message was encrypted? Some apps automatically encrypt and some do not. 

What about yours?

It’s not uncommon that different people use various methods of communication from their mobile devices without knowing how secure those methods are. If sensitive information is sent and it’s not encrypted, a hacker could easily intercept it.

Man-in-the-Middle Attacks and Public Wi-Fi

Almost everyone who uses public  Wi-Fi, like in a coffee shop or library, knows that these networks are notorious for being insecure. And yet people still use it when it’s the most convenient option or get a faster connection.

Whether it’s because they’re in an airport in a foreign country, cheap or just in a hurry, statistics show that 75 percent of people admit to connecting to email when on public Wi-Fi. What’s worse is they’ll also sign into apps (even sensitive ones like online banking), and shop online, entering their credit card details on an unprotected network.

If you’re using public Wi-Fi, then you’re at high risk of a man-in-the-middle attack. These attacks occur when a hacker connects to the same network, like in an airport, and looks for victims with unprotected communications. Since the network is unprotected, they can then capture any type of data being transmitted.

If you have to use public Wi-Fi, connect to it through a VPN app to encrypt your communications. There are also some fairly inexpensive devices you can use like USB data blockers, which usually cost less than $10 and act like a shield between public charging stations and your device.

Juice Jacking on Public USB Charging Stations

Like the aforementioned man-in-the-middle attacks, juice jacking infects your chosen mobile device with malware and sets up fake charging stations in public areas.

When you insert your USB cord to charge your device at these charging stations, the malware is duplicating all the data on your phone or infecting it with malicious code. 

Remember, USB cables aren’t just for charging. They can transfer data, too.

Avoid public USB charging ports in airports and other public places and re-charge your low-battery device with your own power adapter that plugs into an available outlet instead.  If you forgot your power brick at home, you can also invest in a “charge-only” USB cord to use if USB charging is your only option.

Outdated Software on Your Devices

Roughly 40 percent of Android devices are using outdated operating systems that no longer get vital security updates. But this problem isn’t limited to Androids. Discontinued iPhones still in use are also subject to hacking exploits and present mobile security threats.

When your mobile device isn’t kept up to date on the latest software, it becomes easier for a hacker to use an exploit that takes advantage of a code vulnerability in the operating system or one of the installed apps.

Many businesses aren’t paying attention to how many employees’ work devices are running updated operating systems, which puts their networks at higher risk of a breach. Ensure that all your apps and your OS are up to date because many of these updates include critical security patches.

Curious About Mobile Security Threats? Ask the Experts

With mobile devices handling so much of the computing workload these days, it’s vital they’re properly secured. Contact us or book a meeting to discuss mobile security threats and management solutions.