Your Smartphone Might Have Been Compromised?
Your Smartphone Might Have Been Compromised? Smartphones have crept their way into every aspect of our lives. No matter what you need, there is most likely an app available for it. And yet, in spite of our excessive use of smartphones, most of us are unaware of the exact extent of the threats we may face while using these devices. Mobile security threats are growing daily and now account for more than 60% of digital fraud ranging from stolen passwords to phishing attacks. Security is even more essential since we now use our phones to conduct online transactions and banking. Fortunately, mobile phones can still be used safely by keeping yourself informed and taking the necessary precautions. Let us take a look at some threats that smartphone users may face. Unsecured WiFi When wireless hot spots are available nearly everywhere, why would anyone want to use up their cellular data? However, it should be noted that free WiFi networks are generally not secured. When you connect to public WiFi networks that do not require passwords or use encryption, you can allow anyone near you to spy on your online activity. Cybercriminals can create fake WiFi hotspots to trick users into connecting to them and can then steal the user’s data. For instance, these phony networks can direct you to a webpage that looks exactly like your bank’s website and then steal your password when you attempt to log in. Public WiFi networks are not as secure as private ones as there is no way of knowing who set up the network or how it is secured if it is secured at all. There is also no way of knowing who is accessing or monitoring the network. It is best to not connect to just any network that you find. If it is absolutely necessary, ensure that you do not perform any activity (like entering passwords or banking) that may compromise you. Data Leakage Often, mobile apps are the reason behind the unintentional leakage of data. “Riskware” apps pose a real threat to mobile users as they grant them varied permissions without checking the security. Generally, these are the free apps that are found in official app stores. They usually perform as advertised, but also send personal — and even possibly corporate — data to remote servers where it is used by advertisers. If these remote servers are compromised, or if a technical error leaves them prone to attack, the collected data can be used by cybercriminals for fraud. Hostile enterprise-signed mobile apps can also lead to data leakage. Such mobile malware programs use distribution code native to famous mobile OSs like Android to transport valuable data across networks without raising suspicion. To avoid data leakage, one should only give permissions that are absolutely essential for the app to perform its functions. Adjust the security controls on your mobile so that apps only collect limited data and do not install any apps that ask for more permissions than required. A common worry of many mobile users is malware sending data to cybercriminals. However, more than malware that users should be worried about but spyware instead. Often spyware can be installed by spouses, employers, or coworkers to keep track of the victim’s activities and whereabouts. Spyware is also known as stalkerware and these apps are created to be loaded on the victim’s device without their permission or knowledge to survey or collect data. Spyware is most commonly installed on mobile phones when the user clicks on malicious advertisements or through scams that trick users into unintentionally downloading it. Spyware is designed to allow very invasive digital monitoring through smartphones and one should be wary of apps that promise to surveil the activities of your children or loved ones through their mobile devices. These apps can be used by abusers to secretly listen to conversations, take pictures, read texts and emails, and track the phone’s location amongst other things. Less insidious apps can still gather information about what you do on your phone. One should avoid mobile apps that ask for a lot of permissions or permissions that have anything to do with accessibility. Accessibility permissions give apps the power to read the text in other apps or control other apps. Phishing Cybercriminals will often use text messages, voice mails, as well as emails to trick their targets into revealing sensitive information like passwords, clicking on malicious links, or confirming transactions. This practice is called phishing, which happens to be the most successful and hence most often used method that cybercriminals use to attack their victims. As mobiles are always on, they are the most common targets for phishing attacks. As mobile users often check their email in real-time, they are more susceptible to being a target of phishing. Mobile device users are more vulnerable as email applications display less information to adjust to the smaller screen size. Even when opened, an email may only show the sender’s name unless the header information bar is expanded. This is why one should never click on unknown email links. And unless the matter is urgent, it is best to let the response wait until you can access a computer. To avoid becoming a victim of phishing, you should always confirm who is calling you for your personal information. For instance, if the caller claims to be calling from the bank, you can say that you will call back using the bank’s official number. One should also not respond to messages claiming you have won prize money or any other such scenario and delete those messages immediately as they are generally scams. Network Spoofing Hackers may set up fake access points, i.e. connections that look like WiFi networks but are bait, in public locations with high traffic like restaurants, libraries, etc. This is called network spoofing. Cybercriminals also give access points names that encourage users to connect to them such as “Coffeehouse WiFi” or “Free Airport WiFi”. Often, hackers will force users to create “accounts” to be able to
Your Smartphone Might Have Been Compromised? Read More »
Your Smartphone Might Have Been Compromised? Smartphones have crept their way into every aspect of our lives. No matter what you need, there is most likely an app available for it. And yet, in spite of our excessive use of smartphones, most of us are unaware of the exact extent of the threats we may face while using these devices. Mobile security threats are growing daily and now account for more than 60% of digital fraud ranging from stolen passwords to phishing attacks. Security is even more essential since we now use our phones to conduct online transactions and banking. Fortunately, mobile phones can still be used safely by keeping yourself informed and taking the necessary precautions. Let us take a look at some threats that smartphone users may face. Unsecured WiFi When wireless hot spots are available nearly everywhere, why would anyone want to use up their cellular data? However, it should be noted that free WiFi networks are generally not secured. When you connect to public WiFi networks that do not require passwords or use encryption, you can allow anyone near you to spy on your online activity. Cybercriminals can create fake WiFi hotspots to trick users into connecting to them and can then steal the user’s data. For instance, these phony networks can direct you to a webpage that looks exactly like your bank’s website and then steal your password when you attempt to log in. Public WiFi networks are not as secure as private ones as there is no way of knowing who set up the network or how it is secured if it is secured at all. There is also no way of knowing who is accessing or monitoring the network. It is best to not connect to just any network that you find. If it is absolutely necessary, ensure that you do not perform any activity (like entering passwords or banking) that may compromise you. Data Leakage Often, mobile apps are the reason behind the unintentional leakage of data. “Riskware” apps pose a real threat to mobile users as they grant them varied permissions without checking the security. Generally, these are the free apps that are found in official app stores. They usually perform as advertised, but also send personal — and even possibly corporate — data to remote servers where it is used by advertisers. If these remote servers are compromised, or if a technical error leaves them prone to attack, the collected data can be used by cybercriminals for fraud. Hostile enterprise-signed mobile apps can also lead to data leakage. Such mobile malware programs use distribution code native to famous mobile OSs like Android to transport valuable data across networks without raising suspicion. To avoid data leakage, one should only give permissions that are absolutely essential for the app to perform its functions. Adjust the security controls on your mobile so that apps only collect limited data and do not install any apps that ask for more permissions than required. A common worry of many mobile users is malware sending data to cybercriminals. However, more than malware that users should be worried about but spyware instead. Often spyware can be installed by spouses, employers, or coworkers to keep track of the victim’s activities and whereabouts. Spyware is also known as stalkerware and these apps are created to be loaded on the victim’s device without their permission or knowledge to survey or collect data. Spyware is most commonly installed on mobile phones when the user clicks on malicious advertisements or through scams that trick users into unintentionally downloading it. Spyware is designed to allow very invasive digital monitoring through smartphones and one should be wary of apps that promise to surveil the activities of your children or loved ones through their mobile devices. These apps can be used by abusers to secretly listen to conversations, take pictures, read texts and emails, and track the phone’s location amongst other things. Less insidious apps can still gather information about what you do on your phone. One should avoid mobile apps that ask for a lot of permissions or permissions that have anything to do with accessibility. Accessibility permissions give apps the power to read the text in other apps or control other apps. Phishing Cybercriminals will often use text messages, voice mails, as well as emails to trick their targets into revealing sensitive information like passwords, clicking on malicious links, or confirming transactions. This practice is called phishing, which happens to be the most successful and hence most often used method that cybercriminals use to attack their victims. As mobiles are always on, they are the most common targets for phishing attacks. As mobile users often check their email in real-time, they are more susceptible to being a target of phishing. Mobile device users are more vulnerable as email applications display less information to adjust to the smaller screen size. Even when opened, an email may only show the sender’s name unless the header information bar is expanded. This is why one should never click on unknown email links. And unless the matter is urgent, it is best to let the response wait until you can access a computer. To avoid becoming a victim of phishing, you should always confirm who is calling you for your personal information. For instance, if the caller claims to be calling from the bank, you can say that you will call back using the bank’s official number. One should also not respond to messages claiming you have won prize money or any other such scenario and delete those messages immediately as they are generally scams. Network Spoofing Hackers may set up fake access points, i.e. connections that look like WiFi networks but are bait, in public locations with high traffic like restaurants, libraries, etc. This is called network spoofing. Cybercriminals also give access points names that encourage users to connect to them such as “Coffeehouse WiFi” or “Free Airport WiFi”. Often, hackers will force users to create “accounts” to be able to