Mobile security is a growing trend. Most of us have at least one smartphone and possibly a tablet. Some have separate devices for work or other purposes. People who don’t have mobile devices are getting all the time fewer, as elderly people and children are adopting them as well. Even the youngest kids might be using their parents’ mobile devices. If they don’t already have their own, that is. It is safe to say that most of us don’t pass a day without using one.
Not only are they common. Their importance in our lives has increased significantly. What used to be a tool to facilitate communicating has now become a way of life. Just think about what you use your mobile for. Shopping, online bank services, taking photos, sending emails, listening to music, messaging, sharing stuff on social media, etc. To many, the device and its features are part of their style – even identity.
Because we store much personal and sensitive data on our devices, mobile security is important. Just like it’s important to protect our tabletop and laptop computers. Despite, not nearly as many people use cybersecurity apps for their mobile devices as for computers. Here are a few reasons why the security of your mobile device should be taken into consideration.
1. Malware for mobile devices is a thing
Malware targeted specifically against mobile devices does exist, especially against Android operating system. Web criminals are where the users and the money are. And a growing number of people access internet services through mobile devices. While traditional computer viruses aren’t a threat to mobile devices, other kinds of malware are.
For example, Triada malware is only targeting mobile devices. It causes harm by using root privileges. This allows it to control all installed apps. It mainly is used to show ads to the user, but it can also send SMS messages to premium phone numbers causing financial damage. Triada is also known to have downloaded harmful applications to infected devices. It has been called the most sophisticated mobile malware so far. It serves as a sign that there will be more similar advanced mobile malware in the future.
Some apps exist only to get your data while offering little benefit, blurring the line between malware and application. Accepting their terms and conditions allows them to get your data with your permission. While possible, it is unlikely that you will download malware through App Store or Google Play Store. Still, every now and then malicious apps do get through to official app stores.
However, the story is different with unofficial app stores or websites. The apps might not be screened in anyway and can’t be trusted. You should be very careful if you decide to download apps through unofficial sources. Apps from unofficial app stores are a security risk. They are not screened and can be basically anything. Jailbreaking your iPhone is not a good idea, even if you know what you are doing. Android being the more common operating system, web criminals target it more. Antivirus for Android is definitely recommended.
2. Unsecure Wi-Fi connections
Connecting to a public Wi-Fi can pose a major risk. Web traffic within an unsecured Wi-Fi network may not be encrypted. It can be easily intercepted by someone who knows what they are doing. Unsecure public Wi-Fi networks can also be used to deliver malware. Unsecure public networks should be avoided – unless you are using a VPN. More on that later.
Hackers can also establish unsecure access points in places where people often want to use Wi-Fi, such as coffee shops, airports etc. These networks might appear just fine – except that they are unsecure. They can be used to access your traffic and device, and to phish for your login credentials. This act is called network spoofing.
3. Phishing attempts are more effective on mobile devices
Phishing emails are usually more effective on mobile due to the smaller screen and apps optimized for smaller screen space. Most email apps typically show only the name of the sender. The email address of the sender becomes visible only when tapped on. With a quick glance scam emails can pass as legitimate more easily than on desktop. Mobile devices are also more often used in a hurry, and on the go. It’s easier to fall for phishing emails and open harmful links or attachments when not paying enough attention.
Phishers can also try to target you by SMS messages, phone calls and instant messaging apps. What goes in the tabletop world goes here as well: don’t open random links if you don’t trust them. No reputable company or authority will ask for important personal information through email or SMS. If you are unsure if you really need to do something, try to contact the sender to verify their intention. Better safe than sorry.
4. Apps can leak your data
Data leakage means unauthorized access to data without any kind of attack taking place. In the mobile world data leakage is one of the biggest security threats. We all have tons of apps on our devices. Many of them require permissions to operate in a certain manner. That way they can have access to, for example, your microphone, camera, files and contacts. We also fill in our personal information, login credentials and credit card information into these apps.
All these permissions can lead to data leakage. The services can also be breached, which means your data can be compromised. Your data can be sold by the service providers to marketing purposes. It can also be used to steal your identity if the data ends up on malicious hands. The leaked data can be very sensitive. Corporate files or credentials, biometric data, and other health information, credit card details, you name it. Data leaks can be at least embarrassing and stressful, even if nothing is done with the data.
It’s always good to think if it’s really necessary to grant the app the required permissions. Some apps with access to the device’s microphone can listen to you through your device even when you are not using the app. Some apps on Android can ask for access to your SMS messages and call logs. Many apps may have access to your camera. Do you trust the apps and their developers enough to grant them these permissions?
It’s also good to remember that while many legitimate apps or some of their features won’t always work the right way without some given permissions, even they can use your data in ways you might not want them to. And they usually do it with your permission.
If the location is switched on all the time, the apps with access to it can transmit data about you. Similarly, if you keep your Bluetooth on your all the time, your device can be attacked through it.
Steps to improve your mobile security
As with any computer, keeping your operating system up to date is very important. Not only do updates improve the performance, they make your devices more secure. Same goes with app updates.
While anti-virus software might not sound as necessary for mobile devices as for your laptop, it is definitely good to have. Malware targeting mobile devices is getting more common. While official app stores are unlikely to spread malware, you can get infection from other sources.
Some cybersecurity programs, such as F-Secure SAFE, warn you about possible privacy issues with app permissions. This is a good way to monitor what permissions you have granted to apps. Based on that info you can minimize data leakage through these apps. F-Secure SAFE also comes with a safe browser for your mobile device, which grants an extra layer of protection by filtering harmful sites and links. SAFE is more than antivirus software that keeps your Android and iPhone safe.
Another way to counter data leakage is to use strong passwords, and not reuse them on other profiles. If your login credentials get compromised, the damage will be limited. If you reused a password on multiple profiles, they might all be compromised. A password manager, like F-Secure KEY, is a really easy way to safely store multiple passwords and improve your security.
A very good way to improve your mobile security is to get VPN for your phone. With VPN you can use public Wi-Fi connections safely. In addition, tracking attempts are decreased and you can access geo-blocked material.
Mobile security also depends on the user
A major part of cybersecurity is the user. Software and security measures can take you only that far. With your own actions, you can either improve your mobile security or weaken it. Weak passwords on multiple platforms, falling for phishing scams, downloading suspicious content and unnecessary permissions to access your data are things you can influence. And it’s not difficult to make mistakes in the internet. It can happen to anyone at any time.
Security measures such as VPN, anti-virus and password manager don’t only protect against external attacks and threats. They also make user-based error harder to take place. F-Secure TOTAL includes multiple solutions to improve your mobile security, such as password manager, safe browser, VPN, and anti-virus program.
Source: By Luciano Hernández | F Secure