One in four mobile applications contains at least one high-risk security flaw. (Via NowSecure)
Smartphones, since their rise to popularity in the late 90s and early 2000s, have become a large part of our society’s everyday life in hosting our communication and media consumption. Many of us can’t recall the last time our phone wasn’t within arms reach.
In today’s growing threat landscape, it’s no surprise that cybercriminals have worked to exploit smartphones, given that 90% of adults own a mobile device, totaling over 3.2 billion smartphone users worldwide. Unfortunately, many smartphone users don’t see the security risks associated with the apps they download, the websites they visit, and the information they store on their devices, making them more susceptible to an attack.
This article aims to inform smartphone users of the security risks associated with their devices and how to prevent them from being compromised.
Breaking it Down
The majority of security threats on mobile devices can be broken down into these four categories:
- Physical threats: Refers to the situation where a mobile device has been stolen or lost, therefore the user’s information is compromised.
- Network threats: Occurs when a threat actor targets an unsecured public WiFi connection to gain access to devices and credentials.
- Mobile app threats: Refers to a malicious app that looks trustworthy but is used to steal information.
- Web-based threats: Typically carried out via phishing attack, where a threat actor will send emails, text, or other forms of communication that contain a malicious link or attachment.
More specifically, here are the top threats to watch out for in 2022:
1. Phishing, Smishing, and Spear Phishing
These forms of attack are executed via social engineering– i.e. using various forms of communication to manipulate a target into divulging confidential information.
Phishing refers to the general practice of using methods of communication to deceive a target into giving information. Smishing refers explicitly to using text messages to phish for information, while spear phishing refers to a more sophisticated and targeted approach to phishing.
How to avoid it
To best avoid phishing attacks, users must practice awareness of the emails, links, and messages they open. Practicing more defensive thinking before opening these forms of communication, could be what saves a user’s sensitive information from ending up in the hands of cybercriminals. If a message seems suspicious, there is likely a reason. It’s best to verify the identity of the sender before clicking anything. For organization leaders, consider training staff to know how to identify the key indicators of a phishing attack.
2. Mobile Spyware and Malicious Apps
Mobile Spyware is any software that monitors, tracks, and collects activity and information off of a mobile device without the owner’s knowledge. Most mobile spyware is installed by either tricking a user into visiting a corrupt website, which then downloads the spyware or when a user unknowingly downloads a malicious app containing spyware. Once installed, spyware can track logins, passwords, text messages, emails, and even the location of the user.
How to avoid it
First, users must practice being cautious about the apps they download. Avoid downloading apps that don’t come straight from Android’s Google Play or Apple’s App Store, as these are the only official channels. Even then, only install apps from these channels posted by trusted app developers with good reviews. Expanding on this, be mindful of app permissions as they pop up. Don’t click the ‘allow’ button in a hurry to get to the next page– you may end up giving hackers permission to spy on your activity.
3. Weak Password Security
Don’t you love it when you’re forced to add an extra symbol or uppercase letter to set a new password? This may not be convenient at the time, but what it does is strengthen your password, therefore strengthening your security. Don’t let the name of your pet or your childhood nickname be the only thing keeping your sensitive information from the hands of hackers. According to GitHub, the most widely used passwords in the U.S. are also some of the easiest to guess. These include 123456, password, 12345678, qwerty, and 123456789. Even more alarming, Google found that 24% of Americans use a variable of these weak passwords.
How to avoid it
When creating new passwords, keep these things in mind:
- Don’t use information that can be found elsewhere online. (Ex: the name of your university, your business’s name, the name of your dog, etc.)
- Use numbers, a mix of lowercase and uppercase letters, and symbols
- Avoid using the same passwords across multiple logins
- Create passwords at least eight characters long
4. Neglecting Software Updates
Although software updates can be inconvenient, they often come with fixes to security flaws within your device’s current software. Finding the time to update the software on your smartphone may be what prevents your information from being stolen.
How to avoid it
This one’s simple– we advise users to plug in their smartphone before bed and run the update while they sleep. This way, when the user wakes up, their device will have up-to-date software with all the security bells and whistles attached.
5. Unsecured WiFi
Sometimes it’s nice to grab your PC and head to the nearest coffee shop to get your work done. While it may be a nice change of scenery, hopping on public WiFi networks can open the door for cybercriminals to gain access to information on devices connected. Some hackers even go as far as creating WiFi hotspots in public locations to gain access to devices. Once an unsuspecting user has joined that WiFi hotspot via smartphone, pc, or another device, the hacker has access to their private information.
How to avoid it
To best stay protected against unsecured WiFi connections, use a virtual private network (VPN) on all mobile devices– smartphones included. VPNs hide data traveling to and from your devices through encryption and remote servers. For smartphones, download a VPN mobile app on your smartphone to start using public WiFi more securely.
At first look when assessing the many security challenges facing smartphone usage, it can seem like a daunting task to secure your device. Fortunately, there are many ways we can minimize our risk of compromise if we choose to stay knowledgeable. As smartphone capabilities continue to evolve and as we continue to depend on them, implementing the practices detailed above grows even more critical.