In today’s digital age, an individual’s mobile phone carries a lot of data – some of which can be quite sensitive. It is, hence, no wonder that mobile devices are getting more and more attention from cybercriminals. At the same time, cyber threats against mobile phones are becoming more diverse. Hackers are using advanced methods to target devices without users getting even the slightest hint about what is happening. Therefore, when we think of cybersecurity threats, safeguarding our laptop or desktop is not enough – we need to consider mobile phone security.
Here are the top cybersecurity threats to mobile phones.
Unsecured Public Wi-Fi
When we connect our mobile devices to public Wi-Fi or cellular networks, we expose our phones to various cyber threats. Without our realisation, our information might be reaching cyber criminals in such cases. One of the most common modes is man-in-the-middle attacks. Usually, the insertion happens by intercepting data through a compromised but trusted system between two parties during a conversation or session.
In man-in-the-middle (MitM) attacks, a hacker either eavesdrops on or modifies the transmitted data. SMS is dependent on cellular networks that possess their own set of risks, making the interception of messages easy. Similarly, Wi-Fi eavesdropping occurs when the hacker sets up public Wi-Fi connections with an unsuspecting name and access the ‘victims’ when they connect to the malicious network. Email hijacking is another method wherein the attackers access the victim’s account and take advantage (maybe during a fund transaction) to capture relevant data. All of them compromise your mobile phone security.
Malicious App Downloads
Mobile phones have software and access to the Internet. With this, and by using the numerous apps available on Google Play Store and Apple Store, individuals download various apps daily. The challenge is that even if these downloads are from ‘credible’ stores, all apps are not safe. For example, earlier in 2021, Google Play Store removed apps stealing Facebook login credentials. These apps were hidden under app names that sounded genuine for daily use, such as Horoscope Daily.
In October this year, Google Play Store banned as many as 150 apps that were a part of a malicious campaign called UltimaSMS. This scam compels victims to sign up for premium SMS services that earn the hackers money but leave the victims with significant losses.
Mobile malware disguised under such applications can steal data or hijack accounts without any knowledge of the person. These apps can come in various forms, with the most common type being trojans that can perform ad and click scams. Some people also use the internet to download apps from unsafe but easy-to-use sources, posing a severe mobile security threat.
Mobile phishing is one of the most common modes of vector attacks on mobile gadgets. This comes in various forms, as stated below.
SMS Phishing or SMSishing: It includes spam messages that ask the person to click on malicious links. These messages lure an individual to share sensitive data and personal information. Most hackers use traditional SMS to carry out the attack, but with the growth of other messaging platforms like WhatsApp and telegram, they have branched out to other platforms.
Voice Phishing or Vishing: It includes phone calls from people who pretend to be customer care agents. To sound like a person from some authority, cybercriminals rely on technology to change and regulate their voices. These individuals will try to get your OTPs, bank details, passwords, etc., to carry out fraudulent activities.
To uphold your mobile phone security, take note of some red flags. These include incorrect spellings and any sense of urgency in the tone. For example, “your account will be deactivated” or “you will face legal trouble”. Also, resist the urge to open strange-looking URLs and attachments, especially from unknown parties.
The most dangerous thing about spyware is that it can be present on a person’s phone without their knowledge. Once installed, it can relay all kinds of data back to the hacker, including passwords, call logs, messages, emails, etc. Spyware can also be installed through device or operating system vulnerabilities. Such jailbreaking, as this is called, helps attackers delete default apps that are unwanted by them and install untrusted apps.
The Pegasus spyware scandal is the most recent example of how deeply threatening such technology is to the privacy of individuals. Pegasus, a type of malware, infects both iPhones and Android phones. It extracts sensitive messages, photos, and emails and records calls by secretly activating the microphone. NSO Group, an Israeli surveillance company., sells this malware A few months back, reports emerged that attacked journalists, politicians, religious figures, academics across the globe with malicious intent.
To keep your device safe from getting infected by mobile spyware, you must keep your device and systems up-to-date. Companies roll out updates that include patches, often fixing gaps in the security that older versions might have.
As people use their mobile phones more and more, mobile ransomware has gained popularity as a malware variant. Cybercriminals use this malware to lock files and then demand a ransom payment in the form of money or cryptocurrency to restore access to the encrypted data.
Surprisingly, it is not prominent businessmen or top figures targeted through these schemes. The commoner is as vulnerable as anyone else and is more likely to give in to the demand. The fear of losing necessary data plays on the minds of individuals to which hackers tend to latch on to. Mobile ransomware is often done through social networking schemes wherein individuals are tricked into downloading content that either seems innocent or contains critical services.
To hasten the app development process, developers sometimes use algorithms with weak encryption or use algorithms with known vulnerabilities. It becomes easy for a hacker to crack the vulnerabilities to gain access to mobile devices in such cases. Thus, the onus is on developers to enforce encryption standards that make the apps being developed strong and ‘un-hackable’.
You can protect yourself by using simple tricks like firewalls and antivirus software to block pop-ups that might contain malware. You should also keep a backup of all your data so that in case of infection, you can wipe your phone and then restore the data.
Even though mobile phone security threats are on the rise, it is not yet getting the attention that it deserves. Even now, more time is being spent on developing apps rather than on security. It is thus no wonder that the motivation of cybercriminals is on an all-time high. If we want to protect our devices from infection, we must become more cautious and take care of our cyber hygiene.