We live in a mobile first culture with most of us relying on our smartphones for everything from online banking, staying connected via social media to tracking our health and fitness. By 2025 it’s predicted that 72% of us will solely use our smartphones to access the internet. Such is the dependence on these devices that the term Nomophobia – the fear or worry at the idea of being without your mobile phone or being unable to use it, was crowned word of the year by Cambridge Dictionary in 2018.
So whilst 3.5 billion of us (about 45% of the world’s population) love and rely on our smartphones for pretty much everything, why do we give so little thought about protecting them from cybercrime?
Every day we read about cyberattacks and data breaches affecting organizations trusted with our personal information. Yet most us don’t even consider the security of our own devices, leaving us increasingly vulnerable to cyberattacks.
In 2018 there were an estimated 116.5 million malicious mobile software attacks, almost double that of 2017, and its predicted that mobile cyberattacks will increase by 50% in 2020. Yet despite these alarming statistics it appears that awareness among individuals is still very low. In fact, it’s reported that fewer than 1% of the population have installed malware protection software on their devices.
Most of us understand the importance of protecting our laptops from potential viruses and malware, yet the very devices we rely on for most of our online transactions are left vulnerable. Unsurprisingly, cybercriminals are taking full advantage. Whether it’s using unsecured public Wi-Fi networks to spy on our web sessions steal identity and credentials, sending sophisticated phishing emails, hiding malware within applications or delivering payloads through malvertising, there is no doubt that our smartphones have become a popular target. Recent research from RSA estimates that 80% of mobile fraud is now achieved through mobile apps rather than mobile web browsers.
It’s clear we need to be more vigilant when it comes to preventing cyberattacks on our smartphones. The threats are real, and the research makes it clear that it is only getting worse. Before we look at the best way to protect our smartphones it’s worth exploring the different types of mobile threats we need to be aware of.
Application Based Threats
Downloadable apps can present a host of security issues for our mobile devices. There have been countless reports of malicious apps being found on the Google App Store. These apps may look legitimate, but they have been specially designed to spy on you. It’s also worth noting that legitimate software can also be exploited by cybercriminals. Application threats can fall into these main categories:
- Malware, short for malicious software, is software that has been specifically designed to cause damage to your device. It encompasses all viruses such as ransomware, adware and spyware. Malware can perform malicious actions when installed and in some cases it can allow an attacker to take control of your device.
- Spyware is a subset which defines software which specifically collects user behaviour and includes key loggers, forensic and data profiling. It is designed to collect or use your private data without your knowledge or approval which is some cases can lead to identity theft and financial fraud.
- Privacy threats refer to apps (not always malicious) that collect our information about our behaviour, interests, likes, dislikes, political leanings and any other personal information. This information is commonly collected, shared and sold with third parties and aggregated with other data to build an accurate profile of who you are. This os often used for Ad targeting and for social engineering. Most people don’t realize that that this data is collected and exfiltrated from their device without their knowledge or consent.
- Vulnerable applications are apps that contain embedded code for collecting or spying on users and they can be easily exploited by an attacker. They can allow an attacker to access sensitive information, perform undesirable actions, stop a service from functioning correctly, or download apps to your device without your knowledge.
Web Based Threats
Web-based threats, also known as online threats, are programs designed to target us when browsing online. Given the always connected nature of our smartphones they pose significant threats for mobiles. These threats include:
- Phishing attacks are a common way for cyber criminals to infiltrate your device and steal your information. Increasingly sophisticated in nature they are intended to trick you into clicking a link or providing personal information such as passwords or account numbers.
- Drive-by-downloads refer to the unintentional download of malicious code to your mobile device which can leave you open and vulnerable to a cyberattack. In some cases, you must take action to open the downloaded application, while in other cases the application can start automatically.
- Browser exploits are a form of malicious code that can take advantage of a flaw or vulnerability in an operating system or piece of software, with the intent to breach browser security and alter your browser settings without your knowledge. Examples would be Flash player, PDF readers or image viewers. By visiting an unsafe webpage, you can trigger a browser exploit that can install malware or perform other unauthorized actions on your device.
With such a large number of techniques available to cybercriminals what can we do to protect our smartphones from these threats? We know that hackers will inevitably get in. The secret to protecting our devices and our data is utilizing technology that will stop them before they can do any damage. Prevention really is the best form of defense. Only by adopting a multi-layered defense system to protect privacy, prevent data exfiltration and data collection can you be sure that your smartphone is truly protected.