Did you know that a mobile device is attacked every 39 seconds? Reliance on cell phones and tablets for business, especially during the COVID-19 pandemic, has increased exponentially. In response, cybercriminals have pivoted their focus to mobile devices and are working on ways to infiltrate via mobile. Ransomware has been developed that can attack cell phones. Malware has been designed to attack Mobile Device Management (MDM) systems, which can infect an entire corporation’s mobile devices in one swoop.
In their 2021 Mobile Security Index, Verizon published the results of their annual survey of professionals responsible for procurement, management and security of mobile devices. These results illustrate that mobile usage is up, as well as the security concerns that come with it.
Some of the most notable stats in the report showed that:
Apps: Malware isn’t just for computers. Malicious mobile apps and trojans (apps that appear to have a legitimate purpose, but are malware in disguise) are continually emerging. While most applications obtained through an official app marketplace like the iOS App Store have been security screened, malicious apps have been known to still make it through. The risk of installing a malicious app is many times higher when obtained through less official means, such as sideloading on a rooted or jailbroken device.
Legitimate applications, while inherently safer, can have security vulnerabilities that a cybercriminal would be able to exploit. In 2020, major vulnerabilities were found on popular applications such as Facebook Messenger, Instagram and WhatsApp.
Devices: Mobile devices themselves can have operating system (OS) or even hardware vulnerabilities. A cybercriminal could leverage these vulnerabilities to launch malware. Or they can even cause a device to leak information, including real-time camera and microphone recording, photos, videos, text message and GPS/location data.
Phishing and smishing (“SMS phishing”) attempts can be delivered via mobile browsers, fraudulent ads, SMS texts and social media. There are several approaches used to try to compel a user to click on a link or submit private information. Some trick users into thinking they are downloading “free” software or media. Some try to make users think their device is already infected, and direct them to click a link to fix it. Some send messages telling a user that their electric bill is unpaid and they must submit payment information within 30 minutes to avoid disconnection. Some even try to embarrass a user into clicking a link with a message like, “OMG is this you in this video??” During the COVID-19 pandemic, cybercriminals even preyed on people by pretending to offer help.
Network: Mobile devices can be especially prone to leaking sensitive information when on an unsecured network. Free Wi-Fi hotspots are notorious for their susceptibility to being hacked to intercept passwords and data. For example, a cybercriminal could set up an access point at a popular coffee shop and give it a name that looks legitimate (for example, “Starbuckz”). Unsuspecting users would connect to that Wi-Fi network not knowing that it’s actually operated by someone trying to steal their info.
Mobile Device Management (MDM): Mobile Device Management (MDM) platforms are used by organizations to monitor, manage and secure all of its mobile phones, tablets and laptops. In 2020, security researchers discovered a new type of malware that would attack an MDM server and spread through all of the company’s devices.
Fortunately, there are steps you can take to avoid these threats and increase your mobile security. Here are our 12 tips on how to avoid mobile security threats:
We hope the 12 tips above help you feel safer and more confident about your mobile security. AllSafe IT’s comprehensive cybersecurity services are designed to identify, assess, and manage cybersecurity risks. We have aligned with the National Institute of Standards and Technology (NIST) framework for the design of our cybersecurity solutions.