Image source: Pixabay

According to Check Point’s Cyberattacks Trends: 2019 Mid-year Report, cyberattack incidences targeting mobile devices rose by 50 percent in the first half of 2019 compared to the previous year. Cybercriminals are increasingly targeting smartphones and other mobile devices as attacks on users’ personal data become more frequent.

Digital security and systems analysts warn that mobile attacks will only grow more rampant and devastating. In 2019 alone, Kaspersky detected over 3.5 million malicious mobile installations packages and a sharp rise in mobile banking and ransomware trojans.

Hackers can make away with sensitive personal information, such as identification, banking details, and login credentials, just by accessing your mobile phone. Corporate information could also be at risk, given how most companies now have mobile versions of virtual enterprise resources.

Let’s look at some of the reasons that make smartphones easy targets for hackers. Here is a list of five serious mobile security threats that are actually quite easy to mitigate.

1. Poor access protection

Nowadays, modern smartphones come with various security locking options besides passwords, patterns, and pins. Most phones now have highly advanced access authorization features, such as facial recognition, fingerprint scanning, and voice detection. Some smartphones allow users to combine up to three security locking systems on the same device. A layered user authentication check effectively protects the device against intrusion.

Unfortunately, most smartphone users do not care for strong passwords, and some don’t even bother locking their phones at all. It is such a shame that phone manufacturers go through all that trouble of providing convenient security features only for the end-users to completely ignore them.

If you lose or misplace an unsecured phone, anyone who comes across it can easily access your vital personal information. Enable all your device’s security services to make it impenetrable if it gets lost or stolen.

2. Malicious apps

The mobile industry is awash with thousands of malware. Malicious code or apps are often embedded and spread through email attachments and web downloads. They can also be innocent-looking apps that run risky background processes when given enough permissions. Some common malware includes:

  • Spyware
  • Phishing trojans
  • Botnets
  • Adware
  • Ransomware

Google and Apple continuously review the products on their app stores to weed out unsafe apps. But they can only do so much with the millions of apps available. It mostly comes down to the user to make the right decisions, even when installing verified apps. So, be careful when assigning app control permissions and ensure your OS and applications are always up to date.

As a rule of thumb, never install software on your phone or tap on email attachments and download links from untrusted sources or sketchy websites. Also, install a premium antimalware tool or antivirus to help detect malicious software and activities.

3. Unsecured public Wi-Fi

You’ve probably connected your phone to public Wi-Fi hotspots countless times, maybe in restaurants, offices, libraries, or waiting rooms. But did you know that your phone could be vulnerable to attacks when browsing on unsecured Wi-Fi networks?

A resourceful hacker can intercept traffic on an unsecured public network through fake access points to get hold of the users’ devices or confidential web traffic data. This is called network spoofing, an example of a man-in-the-middle attack.

Use public Wi-Fi sparingly and cautiously if you must use it at all. Avoid accessing sensitive apps and sites such as banking apps and email clients while browsing on public networks. And stay away from any free Wi-Fi that prompts you to create a user account.

4. Broken cryptography

Software developers sometimes overlook encryption, especially when it comes to mobile apps, to speed up the development process. Some leave risky cryptography loopholes, through which hackers can compromise an app.

End-to-end and in-transit encryption are both essential security protocols, particularly for communications apps. Encryption ensures that only the intended recipients can interpret data transmissions. That way, eavesdroppers cannot make any use of intercepted or stolen information.

Use only communications apps with robust encryption features. It is also a good idea to tunnel your internet access through a VPN (Virtual Private Network) if you doubt the network’s, browser’s, or app’s credibility.

5. IoT security risks

IoT (Internet of Things) is a relatively new concept that allows interconnections between everyday smart devices, home appliances, wearables, security systems, etc. Through IoT, any capable device can connect to computers, servers, smartphones, and other networks through the internet. The idea is to make consumer tech more convenient through intelligent automation.

One major problem with IoT is that it hasn’t been around long enough for electronics manufacturers to standardize security measures. Some IoT nodes can quickly become gateways to all the devices connected to the network; this makes IoT systems attractive to hackers.

To minimize exposure, only connect to other devices via your phone when you absolutely have to and always terminate the sessions after completing your tasks. It also helps to use a VPN and have an antimalware tool on stand-by when connecting to IoT networks.

A recent study found high-risk vulnerabilities in 38 percent of iOS apps and 43 percent of Android apps. Developers make mistakes and take shortcuts; many do not even realize their apps have exploitable vulnerabilities. This stresses that securing your phone and its content rests on how you interact with and use the device and its applications.

— — —

OliK
OliKang

Oli is a working mum who has a passion for teaching and all things educational. With a background in marketing, Oli manages the digital channels and content at Courses.com.au.

https://www.courses.com.au
https://www.linkedin.com/company/courses-com-au
https://www.facebook.com/courses.com.au