The A-LIGN Blog

Back to Blog

The Connected World: A Look At Mobile Security?

Smartphones are a truly extraordinary technology.  Like an electronic Swiss Armor Knife, they are seemingly magical devices that provide a ton of services in the palms of our hands.  Each day, it seems, a new feature emerges enabling them to do even more.  Using a smartphone a person can video conference, navigate through the perils of rush hour traffic, and download a new recipe for beef stroganoff, just hopefully not at the same time!

Easier For Us

Smartphones definitely make a lot of tasks and chores easier, and as humans we have a desire for things that make our lives less complicated.  I find it amazing how a little more than a decade ago people were using maps to navigate when traveling.  When portable GPS units were made available, many people abandoned their use of maps. Now people are abandoning their GPS units for their smartphone which accomplishes the role of GPS navigation.  Another example is email communication.  While email is still popular today, texting seems to be more predominant.  In our world of instant gratification, why wait for someone to respond when they are most likely near their phone, and can respond more quickly?

We are the Weakest Link

It is true; we have definitely reached the status of an instant gratification society.  Smartphones and other types of technology make this possible for us.  While smartphones and mobile technology are not evil in themselves, it is our blind trust and reliance upon technology which makes us perfect targets.  While they often prove to be valuable tools, mobile devices can also be a great source of trouble.  If precaution is not taken, our dependence and trust in these devices can be used against us.

Theft of Personally Identifiable Information

It is becoming more common to store personal information on smartphones.  Information such as credit cards, social security numbers, contact information, birthdays, etc. are commonly found stored in the device.  As smartphones are continually integrated into daily life, this information will continue to be more commonly found on mobile devices.  This makes them excellent targets for physical theft.  Theft of smartphones, and other types of technology, is not a new thing.  If a device cannot be broken into, it can easily be wiped and sold for a good amount of money.

For the craftier criminal, selling the device may not be the primary objective.  Instead, they might choose to extract information.  Earlier smartphones had far less protection against these types of attacks.  They were easy to break into and gather personal information.  Now, thankfully, more technology is in place to help prevent this kind of theft.  Devices come equipped with password protection, personal patterns, and even fingerprint authentication.

To prevent brute forcing, devices now have security policies in place that detect automated password guessing activity.  After so many incorrect tries the device will wipe its memory restoring it back to its default factory setting.  While information is lost, at least the personal information is protected as it is removed from the device.

Digital Thieves

Devices need not be physically taken to have their information extracted.  Malicious apps can do this job remotely.  There are many applications available for download, which pose as legitimate applications only to hide a more mischievous purpose.  After downloading the application they secretly go to work behind the scenes and capture your information.  This information is later sent to the attacker or a specific area where it can be collected.  The information is then typically used by the attacker, or sold on black markets.

Device Destruction

Theft is not the only objective of attackers; they might choose to destroy the data on your device instead.  During the last few years smartphones that have been infected have had their data wiped, and even ransomed back to their owners for money.

What Can Be Done?

How can mobile device users protect themselves against these types of attacks?  Below is a list of items recommended by McAfee to help protect you from these types of threats:

  • Only download applications from a reputable app store, and read other users' reviews before you download an app to make sure that it is safe.
  • Before downloading an app, read through its privacy policy to make sure that it will not share your personal information.
  • Regularly review your mobile statements to check for any suspicious charges. If you do see charges you have not made, contact your service provider immediately.
  • Only browse and download applications using a secure wireless network.
  • Never respond to text or voicemail with personal information. If you're contacted by someone who says they are from your bank, or a major retailer or service provider, call them back directly on their legitimate phone number to verify their identity.
  • When searching on the web, always double-check that the domain name of the site you're visiting is legitimate.
  • Never click on a link in an email, social networking site or message from someone you do not know.
  • Use a product such as McAfee® Mobile Security, which provides mobile antivirus, antimalware and safe search protection, as well as giving you the ability to locate your phone in the case of loss, remotely lock and wipe the information you have stored on it, and restore your data.

Best Defense is a Good Offense

It is unfortunate that some wish to abuse technology for their own personal gain.  As time moves forward, this trend will continue to grow.  Thankfully, we can take steps to help prevent us from becoming the next victims. By staying on top of the latest threats, and educating ourselves about their tactics, we can be better prepared to recognize threats and malicious activity.  Forewarned is forearmed, and by arming ourselves with the knowledge on how to prevent these types of attacks we can make their job that much harder.

Author:  Stuart Rorer, Senior Consultant at A-LIGN

Source:  McAfee Security Advice Center

We Are Qualified