Learn the Nuts and Bolts of Mobile Security

Are you a computer geek? You probably own latest Galaxy S6, Google’s Nexus 6 or maybe you’re still holding on to the iPhone 6+ you bought last. Today, smartphones are important accessories of our daily lives. It is hard to live without one and even organizations have recognized the impact of smartphones on the corporate world. Nowadays, most organization have BOYD policies that allows employee to process company’s data using their mobile devices.

Although mobile devices might be helpful in managing our day to day to activities, they pose an eminent threat to our online safety. They are a tickling time bomb waiting to explode in your pocket unless we rethink key issues on mobile security. Poor personal security practices coupled with technical vulnerabilities in mobile device expose you to array of online threats.

Why mobile security?

For a long time mobile security has been taunted as the next big security threat in the IT world. Well, the time is already here if we were to consider the number of security threats targeting smartphone users today.  Kaspersky 2014 security bulletin, recorded at least 1,363,549 unique attacks targeting smartphones users. The figure was a significant increase from 335,000 similar attacks recorded in 2013.

The Russian security firm noted that there four times as many attacks on Android devices in 2014 compared with the previous year. At least 19% of android users worldwide received a mobile threat at least once a year. Contrary to popular belief, Kaspersky also noted that security threat were increasingly targeting Mac and iOS users a trend projected to worsen in 2015.

According to Kaspersky, smartphone users in Russia, Kazakhstan, Ukraine and USA were on the receiving end of over 80% of all mobile security threats in 2014.  The security bulleting identified SMS Trojan and Trojan banker malware as the most common threats to smartphones users in 2014.  Other threats include adware, mobile worms and spyware.

What is a mobile Virus?

Basically, a virus is a malicious program designed to compromise system data or damage your mobile operating system. Most viruses are in form of remotely executable files and are distributed through the internet or through portable storage devices as pen drives, USB sticks, thumb drives etc.

Most mobile viruses exploit vulnerabilities commonly found in mobile devices. The vulnerability maybe as a result of inadequate technical controls or poor security practices on the part of the smartphone users. Technical vulnerabilities arise because smartphones are composed of numerous moving parts made and distributed by different players who impact on the overall safety of your device.

Poor security practices come into play because majority of smartphone users are reluctant to secure their device or don’t know how to configure and use their devices in a manner that does not compromise their personal safety. Such poor practices include lack of strong passwords to authenticate users and control access to data, out-date operating systems and downloading compromised Applications.

Types of Mobile Viruses

  1. Trojan- this is a malicious program masquerading as a harmless application. The first recorded mobile Trojan was witnessed in smartphones running on Symbian operating system. It masqueraded as a harmless mobile gaming app. Once installed, a Trojan may gather and share your personal information with remotes databases without your knowledge or consent.
  2. Worm – a malicious program that replicates itself and distributes to other devices without your knowledge. Popular mobile worms include cabir worm which was first seen in Symbian OS mobile phone. The worm spread itself through Bluetooth. Most mobile worms are dangerous and could damage your operating system.
  3. Spyware– a malicious program designed to harvest personal information such as browsing habits, credit card information and login credentials. Most spyware are controlled remotely to send collected information to remote data bases without your consent. Unlike worms, spyware don’t replicate themselves and are popularly distributed through email attachments.  Some spyware may be legitimate mobiles App spying on your web activities behind your back.
  4. Adware– are common mobile App-based threats characterized by intrusive behaviors that compromise your internet security. Adware are not harmful on their own, but the information they collect makes them a security threat. Some adware are known to secretly collect and share user’s personal information such phone numbers, email. Others may modify your app icons or change your browsers setting including your default search engine.

What a mobile Viruses can do?

  • Spread over Bluetooth and MMS without your knowledge.
  • Secretly send SMS/MMS to third parties.
  • Collect and send personal information such as GPS coordinates, phone numbers, email address, and contact list to third parties without your consent.
  • Delete your personal information such as address book, files folders, and hard drive data
  • Take control of the infected smartphones including enabling root access to your phone.
  • Exchange file icons , modify your App icons, Change security setting and browser setting without your consent
  • Subscribe the infected phone to premium services such as publications.
  • Download and install other malicious application on the infected phone.
  • Damage devices functionality, including blocking memory card, blocking USB tethering, interfering with wireless connections among others.
  • Record phone conversation, take Screenshots and send such information to third parties.

How to secure your mobile Device.

Install mobile Antivirus Software. – An antivirus software will protect your smartphone against malware, spyware, malicious Apps and other mobile based attacks. A good mobile antivirus will also guard you from spam emails and infected attachments. Popular mobile antivirus software include Avast and MacAfee mobile antivirus.

Verify the authenticity of downloaded applications from App stores. Most mobile Trojan masquerade as legitimate App in app store. Verify that the App has a legitimate digital certificate and preferably download apps from trusted developers.  Disallow installation of Application from unknown sources from your smartphone security setting.

Install a firewall–   Creating a personal firewall on your device will block unwanted incoming and outgoing connections. A good firewall will also prevent remote access to your phone and notify you when a malicious program tries to access the internet or execute a command.

Update smartphone operating System. –  A majority of mobile threats exploits technical vulnerabilities in your smartphone OS or in poorly configured Applications. Ensure you have the last OS version to avoid Zero day vulnerabilities. Also keep up with patch releases from software developers and patch up your device as soon as humanly possible.

Remotely disable lost or stolen devices. – A lost phone takes away a huge chunk of your personal information. Such information could be used against your in future and it’s therefore important to remotely disable your lost phone or wipeout the data as soon as possible.

Develop effective mobile security policies– organizations which allow employees to handle corporate data using their mobile devices should have well defined rules, policies and best security practices for mobiles. These policies should cover area such as infrastructure security, device security, and security assessment.

Get informed about mobile security. Educated yourself on how to secure your smartphones.  Learn to configure and Use your device in a way that does not compromise on our internet security. A smart way to follow up on security news from security sites such as HackRead.com, Securitygladiators.com, CyberDefenseMagazine.com, SecurityAffairs.co, grahamcluley.com and krebsonsecurity.com to name some of the best cyber security blogs.

In a nutshell, it is evident that security threats are increasingly being targeted on smartphones users. Organization and individuals’ cannot afford to continue burying their heads in the sand when it comes to mobile security. The days when iOS devices were said to be immune to mobile threats are long gone as indicated by Kaspersky’s 2014 security. In this regard, we have discussed a few tips on mobile security to help secure your smartphone. Feel free to share more tips on the comment section below.

Leave a Reply

Your email address will not be published. Required fields are marked *