Mobile Devices – Lucrative targets for attackers
The increasing storage capacities of mobile devices are making them a lucrative target for attackers. Traditionally, cyber criminals would look to yield confidential files by attacking computer systems.
Mobile devices, however, are a veritable treasure-trove, especially with their security being overlooked by many.
The presence of mobile apps to conduct everyday tasks allows sensitive data to be accessed. A survey conducted by IDG highlighted that over a third of respondents experienced a breach relating to vulnerabilities in mobile devices and related applications.
According to Lookout, Inc., 56% of data accessible on an individual’s computer is also accessible on their mobile phone.
These statistics illustrates the concern that should be paid to the security on mobile devices especially when the risk is spread to individuals’ personal data, but also confidential corporate data where companies have deployed mobile devices for work purposes.
Top threats to executives with mobile phones
There is an abundance of wireless networks allowing users to take advantage of Internet access. These locations may not be secure – data can be snooped on using publicly available tools which monitor websites a user visits. If the websites are unencrypted, they can even see a user’s keystrokes!
Any wireless network or ‘hot-spot’ can be named to whatever the initiator desires – are you sure that ‘Starbucks free Wi-Fi’, is a legitimate service or a cyber criminal trying their luck?
Using public Wi-Fi via a Virtual Private Network (VPN) will significantly assist in protecting data being transmitted over such networks. Further data on VPNs is available later in this article.
Malware is software made to cause disruption to a system. It was originally written for computers, but with the use of mobile phones, combined with their increasing storage capacity, malware is now written specifically for mobiles. Malware for mobiles is more difficult to detect as attackers have embedded malware into code for legitimate applications. This allows them to run in the background on a mobile device, gathering valuable user data.
All organisations possessing sensitive corporate data are susceptible to espionage. Commonly, this will be through social engineering or an organisation’s computer infrastructure. The increasing prominence of mobile devices introduces another element that needs to be closely monitored for intrusions. It is essential as the network increases, its security is also brought in line with this.
Mobile security tips
Following these tips won’t make you hack-proof but will reduce the risk of being compromised.
Lock it up!
The line of defence is to lock your screen; this might sound common sense, but it’s surprising how many people don’t have passcode locks on their mobiles.
A recent survey found out that “1 in 3 devices don’t use any form of lock screen” (duo labs, January 2016). So, at the least you should set a PIN or alpha-numeric password to secure your device and contents.
Biometric security features are being promoted by many hardware manufacturers; these commonly allow users to protect their data with their fingerprint. This method minimises unauthorised access via ‘shoulder surfing’. A common security faux pas is the utilisation of the same password for multiple services; once the password or passcode is identified from one device/account, it leaves all others vulnerable.
Use a VPN
Using a virtual private network allows a user to surf the Internet through an encrypted tunnel. So even if a hacker attempted and successfully intercepted information, they wouldn’t be able to decipher the transmitted data due to it being encrypted.
With the vast number of ‘free’ Wi-Fi hotspots nowadays, malicious attackers can propagate their own networks; these can be disguised as legitimate wireless networks, not only to intercept information, but to also upload malware to their victims. Subsequently, the victim will then connect to their home or corporate network, where the malware can move laterally to steal data or disrupt a network.
This is known as a ‘man-in-the-middle’ attack: where the hacker sits in the middle using their Wi-Fi and collects information. Not only do you have to worry about your information being wiretapped over the air, but you also have to worry about the hacker.
Screening of applications installed on your device
Be wary of where you download your apps from. Always check the permissions before you press ‘install’. Some applications may ask for unnecessary permission to services. If this is suspicious, do some research because the app might be infected with malware. Only download apps from the official app store found on your phone’s operating system. Although infected applications have made their way onto the official app stores, these applications are monitored and updated as and when compromises are identified.
Install antivirus app
Finally, make sure you have an antivirus app which scans your phone on a weekly basis. Once the app is installed, it runs in the background, keeping your device safe. Also make sure you scan your device every time you install a new app, just to be safe.
Most of these apps are available for free and are made by the same companies which have been making computer antivirus software for many years.
Ceri Walsh, LGC
Business Development Manager LGC Group