Leo Meyer, MD of Black Castle Technologies, gets under the covers with the mobile security denial syndrome.
A myriad of polls over the last year have confirmed what we would expect; consumers don’t want their mobile devices to fall victim to security onslaughts. However, these polls have also shown that an alarmingly small percentage of people are willing to take responsibility for the safeguard of their mobile devices.
Seemingly, a lot of consumers continue to take a head-in-the-sand approach and don’t believe it will happen to them. And the bad news is mobile security attacks will continue to spread with increased and aggressive sophistication in the coming years.
This year alone an estimated 1,5-million incidents of mobile malware have been reported. And while Apple and Android have made strides in building more secure and robust operating systems (OSs), security isn’t a top priority in app design — users continue to provide private credentials or allow access to systems that use weak encryption.
In fact, Google recently removed over 500 apps after researchers found it could spread spyware on mobile phones. Some of these apps included mobile games for teenagers, weather apps, online radio, photo editing, education, health, fitness, and home video camera apps.
Researchers said these apps had the ability to covertly siphon people’s personal data without alerting the app makers. Worryingly, many developers weren’t aware of the security flaw.
What will mobile device users face in the coming months and how can they protect their mobile devices?
Mobile botnets
Today’s sophisticated malware can quickly turn legions of mobile devices into a botnet that is controlled by hackers without the knowledge of their owners.
These mobile bots run automatically once installed and then gain complete access to the device and its contents. It then starts communicating with and receiving instructions from one or more command and control servers.
Every smartphone infected is then added to a network of mobile bots managed by a cybercriminal called the botmaster.
For example, the first mobile botnet targeting Android devices, Viking Horde went live just over a year ago. Basically, Viking Horde created a botnet that used proxied IP addresses to disguise ad clicks, generating revenue for the attacker.
Since then malware researchers have identified about a dozen more mobile botnets, including Hummingbad, which infected over 10-million Android OSs in 2016.
Ad and click fraud
Through ad and click malware, cyber criminals can gain control of your mobile device and subsequent connected networks such as your home and working environments.
Usually, it will send an SMS, prompting people to click on a link which will then download a malicious app. This method has been used for years by cyber criminals sending phishing e-mails with embedded links to gain access to important user detail such as banking credentials.
Criminals will then, through the app, gain control of your mobile device, start stealing credentials and gaining access to connected environments.
Scarily, ad and click fraud criminals can start spreading spyware through these malicious apps — eventually you will have 10-million phones recording owners’ every move.
Bury your dead apps
Consumers should check the status of their mobile apps regularly, update it to ensure it features the newest security plugs or updates or delete it if it’s no longer supported by the relevant app stores.
Manufacturers have been making a concerted effort to remove apps from their stores with, as mentioned, Google recently removing over 500 apps from the Google Play store.
However, despite the above efforts it’s still up to the consumer to manage their mobile device apps and run the necessary security software to protect them against any app vulnerability.
Emerging from the sand
From the above, it’s blatantly clear that mobile security threats are a real and ever -present danger. Like protecting your home from unwanted intruders, you must employ the same vigilance when it comes to your mobile devices.
Leading security software manufactures like Bitdefender offer products that run across multiple devices, safeguarding your PC as well as smartphones, tablets and other mobile technology.
Running security software on your mobile device protects you against the abovementioned onslaughts while also ensuring that you don’t infect other networks and users.
It is really as simple as lifting your head out of the sand and investing in robust and comprehensive security software.