30 Nov 2018

Mobile security threats

mobile security threats
Mobile security threats include both physical and software-based threats that can compromise the data on smartphones, tablets and similar mobile devices. Like viruses and spyware that can infect your PC, there are a variety of security threats that can affect mobile devices.
I will divide these mobile security threats into several categories: application-based threats, web-based threats, network-based threats and physical threats.

Mobile malware and spyware security threats can access a device’s private data without a user’s knowledge or consent and can also perform malicious actions without the user knowing, including transferring control of the device to a hacker, sending unsolicited messages to the device’s contacts, making expensive phone calls on smartphones, and more.

Application-based Threats

Mobile malware and spyware security threats can access a device’s private data without a user’s knowledge or consent and can also perform malicious actions without the user knowing, including transferring control of the device to a hacker, sending unsolicited messages to the device’s contacts, making expensive phone calls on smartphones, and more.

Always download and install applications from trusted/legit app-stores.
  • Malware is software that performs malicious actions while installed on your phone. Without your knowledge, malware can make charges to your phone bill, send unsolicited messages to your contact list, or give an attacker control over your device. You need a mobile security application to detect malware.
  • Spyware is designed to collect or use private data without your knowledge or approval. Data commonly targeted by spyware includes phone call history, text messages, user location, browser history, contact list, email, and private photos. This stolen information could be used for identity theft or financial fraud.
  • Privacy Threats may be caused by applications that are not necessarily malicious, but gather or use sensitive information (e.g., location, contact lists, personally identifiable information) than is necessary to perform their function.
  • Vulnerable Applications are apps that contain flaws which can be exploited for malicious purposes. Such vulnerabilities allow an attacker to access sensitive information, perform undesirable actions, stop a service from functioning correctly, or download apps to your device without your knowledge.

Web-based Threats

Because mobile devices are constantly connected to the Internet and frequently used to access web-based services, web-based threats pose persistent issues for mobile devices:
  • Phishing and Social Engineering: Attackers present themselves as a legitimate person or firm to try and trick unsuspecting users into handing over valuable data about themselves or their organization. Most times, these attacks use email, text messages, social media (Facebook, Twitter etc.) to send you links to websites that are designed to trick you into providing information like passwords or account numbers. Often these messages and sites are very different to distinguish from those of your bank or other legitimate sources. Check paypal phishing attack.
  • Drive-By Downloads. Malware installs itself onto a user’s devices without their consent or knowledge then explore vulnerabilities in the mobile operating system or a mobile applications to gain access and/or control of the device.
    Malware may install itself through a vulnerability in the browser via an invisible element such as HTML iframe tag element or by HTML embed element of image file. Such malware either tempts the victim to visit a infected website or send malware-infected messages (SMS).
    You should type URL instead of copying/pasting or clicking links to protect mobile phones from drive-by download attacks.
  • Browser exploits take advantage of vulnerabilities in your mobile web browser or software launched by the browser such as a Flash player, PDF reader, or image viewer. Simply by visiting an unsafe web page, you can trigger a browser exploit that can install malware or perform other actions on your device.

Network Threats

Mobile devices typically support cellular networks as well as local wireless networks (WiFi, Bluetooth). Both of these types of networks can host different classes of threats:
  • Network exploits take advantage of vulnerabilities in the mobile operating system or other software that operates on local or cellular networks. Once connected, they can install malware on your phone without your knowledge. Ha
  • Wi-Fi Sniffing intercepts data as it is travelling between the device and the WiFi access point. Never connect to an unsecured WiFi network. An unsecured WiFi network or hotspot is one that a user does not need to provide a password to connect (free WiFi). These networks are a prime target for attackers to snoop or spy on a user’s online activity. Attackers can steal information such as login credentials, credit card data, or personal data which can leave them vulnerable to identity theft or theft of proprietary information. However, If you are to connect to these unsecured networks, use VPN (Virtual Private Network). VPNs protects users by encrypting their Internet connection which prevents attackers or anyone, including Internet Service Providers, from seeing/intercepting the information sent over the network.

Physical Threats

Phones that lack passwords, screen locks or other forms of authentication are vulnerable to unauthorized access, which can compromise sensitive information stored on the mobile device.

Lost or Stolen Devices are one of the most prevalent mobile threats. The mobile device hardware may be sold on the black market or sold for spare parts and hackers can bypass many forms of authentication in order to gain access to the device’s sensitive information.

Additional types of mobile security threats include applications that take advantage of vulnerabilities in the mobile operating system or a mobile application to gain access and/or control of the device, phishing scams, Web browser and network-based exploits, Wi-Fi packet sniffing for accessing mobile device data in transit, and more.

image source

1 comment:

  1. Lots of security threats these days and you mentioned most of them, I've started using Surfshark to encrypt my data flow when on public wi-fi. At first I had doubts, thought a VPN will slow down an already slow connection, but their server speeds performed well. Got it for just $47.76 with "BLACKSHARK" coupon discount for 2y plan, affordable price for some peace of mind.

    ReplyDelete