Surveillance software maker NSO Group has successfully exploited vulnerabilities in iOS. Purposes: read text messages and emails, record sounds, collect passwords, and even track calls and user location. Apple has released a security patch for this flaw.
Meanwhile, a Linux bug first introduced in Android (and present in all future releases) has left 1.4 billion users vulnerable to hacking. Google representatives said they are aware of this vulnerability and are taking appropriate action.
According to a report by the Pew Research Center, nearly two-thirds of Americans own a smartphone. About one in five users browse online primarily using their phone. In fact, more and more people are using their phones to connect to the Internet and more and more cybercriminals are using this medium.
Mobile malware on the rise
Mobile malware has grown tremendously in recent years, from installing backdoors to steal personal information to ransoming you by locking your phone. And their number is worrying.
While more and more people are turning to their phones to connect to the Internet, the use of mobile for storing and transmitting sensitive data is also increasing. A report shows that 57% of smartphone users do their online banking on their phone.
But online banking is just the tip of the iceberg. For example, GPS programs can detect your location and mobile applications access your personal data stored in your phone or in the cloud with your consent. By receiving digital boarding passes by text message or verification codes to log in to sites, you potentially open up parts of your privacy to cybercriminals. And the risk is the same when using social media or health apps.
Security issues with phones
Let’s be clear: your phone can hold and transmit more sensitive information than your computers, but it’s not always as secure. We thus identify 5 main risks.
1 Loss or theft
A number of factors contribute to weak mobile phone security, but the main concern is not technological. A smartphone is easily lost. And it is prime prey for thieves who may later control your personal data. This is the first risk.
2 The validity of third-party applications
The second concern is the validity of third-party apps, which is not verified by major app stores iTunes and Google Play. Apple iPhone has strict rules regarding apps: they can only be downloaded from iTunes, so they are more secure. But by preventing users from leaving the brand’s ecosystem, Apple ends up convincing some users to jailbreak their phones, leaving them without any security. Highly customizable and open to innovation by its users, Android allows third-party applications to be downloaded. Although Google strongly recommends installing apps only from the Google Play store,
3 Updating the operating system
Another risk: users do not update the operating system of their mobile as often as that of their computers. Updating phone software requires a lot of memory and energy, and users often run out of resources. Whenever a software update is delayed on a mobile phone, a cybercriminal has the opportunity to exploit security vulnerabilities in the operating system.
4 Classic traps
Of course, mobile phones are also subject to the same pitfalls as desktop and laptop computers. And users who don’t practice safe browsing are the most vulnerable. Social engineering, in the form of social media scams and phishing, can trap mobile users who regularly check their email, Facebook, Twitter, and other social networking sites. Phishing in the form of SMS or smishing has also become a popular attack vector, especially for criminals looking to take advantage of the popularity of mobile banking.
5 Insufficient security measures
All of these risks are compounded by the fact that technical security measures are not common in phones. While computers are often equipped with firewalls, antivirus and/or anti-malware software, mobile devices usually only have their operating system and applications to protect themselves.
10 tips to keep your smartphone safe
In this context, mobile phone users must be particularly vigilant in terms of cybersecurity. Discover 10 tips to protect your data and your phone.
1 Activate your phone lock
Lock your phone with password or fingerprint detection. If you leave your phone on a coffee shop counter or if it gets stolen, cybercriminals will have to come through that first door. Also set the duration of your password lock to a maximum of 30 seconds.
2 Encrypt your data
If your smartphone does not offer this option by default, consider encrypting your data. The approach is particularly useful for protecting your sensitive data, whether it is work emails or investment or banking applications.
3 Configure Remote Wipe
If your phone is lost or stolen, you can erase all its data remotely (and thus keep it out of the reach of criminals) with your iCloud account on iPhone and your Google account on Android. You can also often use the remote location (“Locate-ser” function in the settings) to find the location of your phone.
4 Back up your phone data
Consider connecting your device to its associated cloud service to automatically back up data (and encrypt it). However, if you don’t trust the cloud, be sure to connect to a PC or Mac to sync data regularly to preserve photos, videos, apps, and other files.
5 Avoid third-party apps
If you’re using an iPhone, you don’t really have a choice. Android users are advised to stay on Google Play and not allow apps from unknown sources. If you decide to use third-party apps, take the time to educate yourself before installing them. If the app requests access to too much personal data, don’t download it.
6 Avoid jailbreaking your iPhone or modding your Android
Although the processes are different, the approach is contrary to the rules and recommendations set by telephone manufacturers and ends up weakening the security of your device.
7 Regularly update your operating system
Update operating systems often. When the reminder appears, do not ignore it. Charge your phone, free up space and install the update immediately.
8 Beware of social engineering scams
Cyber criminals love to spoof your banking apps, collect your personal details by sending you fake messages and spreading malicious links and attachments through email. As you do on your computer, carefully observe all communications from unknown sources. If in doubt, move on.
9 Use public wifi with care.
No question of consuming your entire data plan on the first outing. While public wifi offers a great opportunity, it is inherently insecure. Avoid transactions or transmissions of sensitive data. And consider using a VPN service to encrypt uploaded data.
10 Download anti-malware for your mobile device
If you happen to download a malicious app or open a malicious attachment, Mobile Malware Protection can prevent the infection.
Banking, mail, entertainment, health, television, social media… more and more of us are using the Internet on our smartphones. And if uses evolve, so do the risks. To protect yourself from a growing wave of mobile malware, don’t just make phone calls: be proactive about mobile security.