Mobile devices have become an indispensable part of our lives. By the time we’re teenagers, we’re already tethered to technology that lives in our pockets and connects us to a network far larger than we ever imagined possible. Because of the way we interact with our phones, it knows our likes, curiosities and vulnerabilities, in addition to our passwords, financial data and most closely held secrets. This seemingly infinite amount of data also makes our mobile devices highly attractive targets for malicious actors. That’s why it’s critical to protect phones from threats.
A successful attack on your phone could compromise your personally identifiable information (PII), banking accounts and even your professional life or the success of your business. Just like you lock the doors of your house when you go away, or your storefront after business hours, you should take care to secure the entry points that cybercriminals use to gain access to the data on your phone.
WiFi and Mobile App threats
The convenience and ubiquity of public WiFi and mobile apps are also their greatest weakness. With unsecured public WiFi, you can never be sure if you’re connecting directly to a secure hotspot or to a hacker, who is stealing your information and relaying it to another malicious actor. Before you connect to an unfamiliar public WiFi network, follow these best practices to reduce the chances of compromising yourself:
- Use a virtual private network (VPN) instead – VPN is highly recommended for all business communications. VPN keeps your network and Wi-Fi communications encrypted, which makes it much harder for hackers to access.
- Disable sharing on all apps – While you may be comfortable sharing your location with apps when you’re on a secure connection, consider disabling it in system preferences or settings when you’re connecting to public WiFi.
- Verify all public WiFi networks – Hackers can easily set up a public WiFi that looks like it’s owned by the proprietor. Before you connect to “Java House Guest WiFi,” ask someone behind the counter the exact name of their WiFi network.
- Plug Bluetooth vulnerabilities – Hackers often use Bluetooth connections to infect or steal files. This puts personal data at risk when using Bluetooth. These attacks involve using the device for phone calls or text messages, or using Bluetooth functionality to find deeper vulnerabilities in the phone system or to steal data stored on the phone. Similar exploits exist for Apple users through the AirDrop feature. The best way to plug theses vulnerabilities is to turn off Bluetooth or AirDrop when not in use, keep your software up to date, only pair with trusted devices and use a VPN to encrypt your data and hide your identity.
- Disable auto-join for open networks – Public WiFi networks are ideal environments for a range of cybersecurity attacks, including rogue networks, man-in-the-middle attacks, viruses, and snooping or sniffing. To prevent the likelihood of these attacks, remote users should turn off Wi-Fi auto-connect settings for public WiFi networks.
With more than 120 million Android users, Android malware continues to be a real and increasingly common threat. Google has already pulled a large number of malicious apps from the Play store. But the open nature of the Android operating system makes it an easy play for hackers. The year 2020 has been a particularly risky one for mobile app users. A few of the more dangerous mobile threats in circulation include:
- Joker – Since 2019, Joker has been stealing credit card information and banking credentials by simulating other legitimate apps.
- CryCryptor – Based off the open-source ransomware CryDroid, this mobile variant has been spotted masquerading as a COVID-19 tracing app.
- EventBot – This malicious app abuses accessibility features to steal user data, and reads and steals SMS messages to bypass two-factor authentication.
- Dingwe – This modified remote access tool is capable of controlling a device remotely. Samples have been found impersonating as COVID-19 tracing apps.
Many of these malicious operators use various tricks to evade detection. Since Android devices can come with hundreds of apps pre-installed, there’s a high potential for security gaps that a malicious app maker could exploit.
Number-One Defense Measure: Update the OS
One of the major vulnerabilities with Android devices is outdated software. More than 40% of Android devices are using an OS version older than v9. This makes them more vulnerable to malicious applications.
Webroot Mobile Security can help improve your mobile defenses without impacting your browser speed. It allows you to browse, shop, search, bank or use social networks, all while blocking malicious websites that try to steal your personal information. Webroot Mobile Security includes proactive identity protection features, which block malicious sites that try to steal your personal info or harm your device. With Webroot Mobile Security, you can hide your digital footprint and your browsing history through private browsing mode.
Author Steven Jurczak is a product copywriter at Webroot, an OpenText company. Read more Webroot guest blogs here.