Security in the Mobile Age

March 12th, 2018
Security in the Mobile Age

Hackers find your smartphone valuable. In this article, we’ll explore why smartphones are becoming an increasingly desirable target for hacking and provide some tips on how to protect yourself and your personal information.

Smartphones for most people are an integral part of daily life from personal matters to business. And for good reason. Access to the world of knowledge on the internet sits at our fingertips. They help us communicate through various channels and accomplish tasks from everything ranging from ordering groceries to making our mortgage payments. The scary thing is our phones really know more about us than we do. Not only do our phones store our pictures, passwords and access to bank accounts, they also know where we’ve been, who we’ve talked to and what we’ve said. Imagine if your phone landed in the wrong hands. They could find out virtually everything they needed to know about you.

Apply PC Wisdom to Smartphones

For your phone to land in hands of a criminal, it doesn’t need to be physically stolen. Even more alarming, it can be hacked. Many of us don’t immediately think of our phones as targets for hacking. We take strong protective measures at work to protect our company’s intellectual property but often forget about our own personal cybersecurity. Anything with access to the internet can create vulnerabilities. The more information stored on any one device makes it even more attractive for hackers. As consumers favor smartphones over personal computers globally, the conventional wisdom we apply toward computer security needs to switch to phones.

Dark Caracal

A recent CNET article outlines the findings of the Dark Caracal malware attack that attacked thousands of smartphones in over 20 countries. Researchers believe the campaign initiated as early as 2012. The attack deployed fake applications resembling real ones that tricked users into downloading them. Once installed, the hackers had access to everything on the victim’s phone. Data stolen in these attacks included documents, text messages, browsing history and photos.

According to the Electronic Frontier Foundation (EEF), some of these so-called trojanized apps function like popular messaging apps such as WhatAapp and Signal. They also contain the capability to take photos and obtain location information. The origins of Dark Caracal are actually believed to be nation-state actors. Not all hackers are teenagers or criminals hiding out in basements but can also originate from foreign governments or spy agencies. In the case of Dark Caracal, targets included military personnel, journalists and lawyers. The ramifications of these hacks extend far beyond minor identity theft but can also gravely compromise national security.

Protecting your Personal Devices

CNET emphasizes that while Google and Apple deploy security measures to their devices that protect from the latest vulnerabilities, they can’t stop you from getting tricked.

In the case of the malware attack in Dark Caracal, victims simply mistook the app for a legitimate mainstream app. In some cases, launching a malware app is easier for hackers than writing exploit codes and circumventing vulnerabilities.

One of the best practices is to never download any apps to your phone outside the traditional app store. These apps are vetted by the providers like Apple and Google. However, CNET points out that in certain countries, not all apps are available in app stores due to government restrictions. This is especially the case in China where the Google Play store isn’t even legally available. The lack of access often leads users to find alternative sites where they can download apps.

The primary smartphone manufacturers do a pretty good job developing and deploying security measures for phones. That’s why the FBI was willing to shell out nearly $1 million to Apple to unlock the iPhones of the San Bernadino shooters. However, the Federal Trade Commission still believes too little is being done about smartphone security. Part of this is due to a large share of devices not receiving any updates at all. Keeping up with operating system updates does more than simply make your user experience better, you’re also beefing up your phone’s security with the latest defense rollouts. According to the FTC report, 42% of the world’s Android users don’t currently maintain the latest updates. This subjects them to any vulnerabilities addressed by the latest updates.

The Guardian also published an article outlining twelve ways to protect your smartphone. Tip number one? Keep your updates current. While some of us may find the operating system and app updates bothersome, it’s important to keep pace as these updates address the latest threats.

In closing here are some additional tips on how to protect your mobile device and your identity:

• Be cognizant of what you download and where you download it from. Try to only download apps from your phone’s designated app store.
• Be cautious of open Wifi connections. Unless it’s specifically endorsed by the location where you are located, it could lead directly to the hands of a hacker.
• Password protect your phone and keep it locked.
• Lock individual apps with different passwords or security measures than your phone. This is especially crucial for banking apps or work email accounts.
• Add tracking capabilities such as Find My iPhone to your device.

As we rely more and more on our smartphones, we must also increasingly apply security measures to protect ourselves. Apply the same philosophies to your beloved handheld computer as you would to your work desktop. Technology is making our lives more efficient and enriching daily but also increasing our vulnerabilities and exposure to hackers globally.