Mobile devices are by no means a new invention. Most of us have been using mobile phones and tablets for years now, but the way we use them is constantly evolving. In the past, our phones’ primary use was to text and call, yet today’s smartphones are used for everything from browsing the internet to mobile banking. Indeed, with our mobile interaction continually changing, we need to review our approach to security.
One of the first things we do when we purchase a computer is install anti-virus software and schedule it to run regular updates. Yet, most of us have no security equivalent running on our mobile devices. In fact, just 4% of us have security software on our mobiles. But, when we compare our engagement with these devices, what’s the difference? Many of us use online banking, log in to our work emails, share personal information, and purchase goods online. Mobiles are becoming so powerful that the notable differences between how we use them and how we use computers is negligible.
The latest findings from Flurry (March, 2014) revealed that the average mobile user spends 2 hours and 42 minutes per day on their mobile devices. 2 hours and 19 minutes of this time is spent on apps. Apps pose one of the greatest threats to your mobile security, especially if you use an Android device. Android has become a popular target for web criminals because of the openness and growing popularity of the platform. Indeed, 99.9% of mobile malware encounters were targeted at Android devices (Cisco, 2014). The problem is that Android application execution files (.apk files) can be cracked with various tools that are easily available (Beta News, 2014). If you own an Android device, you should certainly download security software. However, cybersecurity risks are not unique to Android users. Any mobile can face threats from hackers.
But how exactly does mobile hacking manifest itself? Unlike computers, there are no ‘viruses’ for mobile phones, but there are malware apps which can steal your information.
The most common threats they pose are:
– Malicious mobile applications targeted primarily at stealing your cash and secondly stealing your personal data. (Secure List, 2013)
– Mobile botnets which account for 60% of mobile malware. A botnet is a bot that runs on an IRC created with a Trojan – the Mobile botnets take advantage of unpatched exploits to provide hackers with root permissions over the compromised mobile device, enabling hackers to send e-mail or text messages, make phone calls, access contacts and photos, and more. Most mobile botnets go undetected and are able to spread by sending copies of themselves from compromised devices to other devices via text messages or e-mail messages. (Webopedia)
– Mobile malware targeted at infiltrating your online banking. Cybercriminals can check whether your phone is associated with a bank card and view how much balance you have to maximise their profits.
Vulnerabilities in mobile devices are being exposed on a global scale. According to the Nielsen report (2014), internet penetration in the Philippines has nearly doubled in the last four years as more Filipinos are using mobile phones to access the web. But although mobile malware is a growing problem, it constituted only about 1.2% of all web malware incidents in 2013 (Cisco, 2014). Certainly, prevention is much easier than the cure, especially in the case of cybersecurity. I’m sure we’ve all encountered a virus at some point in our lives, and it’s often very tricky to remedy.
So, what can you do to secure your mobile device?
Luckily, there are some very basic steps that you can take to improve the security of your mobiles.
1.) Use secure passwords – This may seem basic, but many of us have become so used to seamlessly accessing our apps and browsers that we leave our accounts logged in. The extra 10 seconds it takes to log in is nothing compared to the hassle it could save you. In addition, make sure your passwords are not easily crackable. ‘1234’ and ‘QWERTY’ will not cut it when it comes to choosing a secure password.
2.) Turn off Bluetooth discovery – This will ensure that no other devices can scan for your Bluetooth.
3.) Install mobile security software – This is a vital step towards improving your mobile security. Just think about how many important details are accessible through your mobile that you wouldn’t want falling into the wrong hands. This can protect you from malware apps.
4.) Be careful what you download – Make sure you only download trusted and verifiable apps. Check their reviews; go with big name or reputable companies. The last thing you want is a malware app downloaded onto your phone.
5.) Be extra cautious at work. Before mobile devices existed our personal and work computers were separate. Nowadays we take our mobile devices everywhere with us, using them for both professional and personal purposes. So whether you’re an employer or employee, it is important to think about mobile security measures. If you have sensitive work information on your mobile device and want to log into an unsecure Wi-Fi network, ask yourself the following: “Have I taken the necessary measures to protect my information”? 55% of SMEs and 66% of enterprises (SC magazine, 2012) provide company owned and supported mobile devices despite the fact that most of them have no action in place to protect their stored information. It comes down to our attitudes towards mobile devices. We don’t perceive them in the same way as our computers, and that has to change. Indeed, only 15% of tablet owners perceive them as work devices, regardless of whether or not it is owned by the business.
So is your mobile device secure? Perhaps after reading this you’re not so confident. It seems that whilst we’ve all enjoyed the growing accessibility to the web that mobiles now offer us, we haven’t fully considered the security of what we’re accessing. We need to take a step back to rethink our approach to security. By following the above measures as well as making use of more detailed training, you or your business can avoid serious security threats.
About Bob’s Business
Bob’s Business was set up to raise awareness of Information Security related issues in Small and Medium Enterprises (SMEs). The company’s varied client base now consists of small, medium and large public and private sector organisations. They provide a comprehensive range of bespoke training modules, all of which can be undertaken in any location at any time.
Mobile Banking Fraud Prevention Strategy
Did you know? As customers increasingly migrate to mobile devices as their preferred banking channel, cybercriminals will progressively come up with new and innovative ways to target mobile platforms and users. Financial institutions are now realizing mobile applications give them an advantage in winning new customers and retaining existing clients.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.