In today’s connected world, our growing reliance on mobile devices and the internet is so pervasive that a simple breach can greatly impact our lives. Smartphones and IoT devices connected to the internet can make us vulnerable to bad actors who are devising ways to hack into them.
Warnings of “juice jacking” have made recent news reports after the Los Angeles district attorney’s office warned travelers to stop using public USB charging stations at airports. Malware can be installed on public USB charging points, so when an unsuspecting user charges up their phone or laptop, a virus can infect it and result in leakage of sensitive data and information.
“A free charge could end up draining your bank account,” said Luke Sisak, a LA deputy district attorney.
When it comes to security, cybersecurity training is an integral first step in knowing how to keep devices secure.
What are the biggest risks to mobile devices?
President of 24By7Security Sanjay Deo said malware is the highest risk when it comes to security of mobile devices such as smartphones, tablets and laptops. Cyber criminals continuously dupe people with phishing and spear-phishing emails, which are disguised as trustworthy, but are infected with malware designed to gain unauthorized access.
Such malicious email attacks are among the most common causes of cybersecurity breaches, according to the National Institute of Standards and Technology (NIST).
“Right up there, I also would say unprotected mobile devices that don’t have passwords, or a PIN assigned to them are a big risk,” said Sanjay Deo. “Our whole lives are stored on them. If a device gets compromised now, it can lead to identity theft because they have your name, your phone number, your social security number and your bank account.”
Not only are individuals vulnerable to theft of their personal information, but using an unprotected device also poses a risk for enterprise security, he said.
It is common that employees store work-related information on their phones such as work passwords, work emails. “Let’s say your smartphone gets stolen or hacked. Now a bad actor has access to all your personal and work information. Think about it — where is most of your confidential information stored? It is on your phone,” he said.
From a work-related perspective, once a hacker gains access to a work email, they can then start sending emails or receiving emails, without the enterprise’s knowledge.
Security risks of mobile devices have significantly increased
Since 2007, mobile phone technology has become increasingly more sophisticated and powerful. Gone are the days of using a phone to simply make a phone call.
As mobile phones developed more computing features, new security challenges have popped up and users need to be vigilant. Hackers have ramped up their efforts to target such devices in hopes of stealing sensitive data.
iOS versus Android
Not all mobile phones’ operating systems are equally secure.
Malware infections on Android phones have been making recent headlines as the media reported that thousands of Android phones have been compromised. Security researchers discovered that xHelper, a malicious Android app that alleged it was an advertising blocker, had infected more than 45,000 Android devices. The xHelper malware is extremely difficult to be removed.
According to Deo, iOS has implemented more controls making the iOS platform more inherently secure.
“With iOS, a user cannot upload an app without verification. However, Android phone users are more susceptible to several malware because there currently are no significant controls that you must meet before you can upload an app onto an Android platform,” said Deo.
That’s one reason why more hackers are using the Android platform to inject malware — because it's easier.
It’s not only phones that are a concern; any device that’s connected to Wi-Fi and the internet poses a risk of a cyberattack, including medical devices.
Mobile security best practices [Four Tips]
- User authentication. Make sure you have a password on your mobile device that basically doesn't let an unauthorized person have access.
- Avoid free Wi-Fi. Public Wi-Fi is a playground for cybercriminals.
- Install antivirus or an anti-malware product. So, if you click an email, or click any malware that comes to the email, the device will be protected.
- Regularly back up your data, just in case it gets lost or something happens. This way you can obtain any important information.
Cybersecurity is for everyone. If you have questions on how to keep your devices safe, call 24By7Security today for a consultation. Our highly skilled and trusted security advisors provide vulnerability assessment and penetration testing services and extensive Cybersecurity Services.