Businesses lean heavily on smart phones to carry out their day-to-day work. Often, staff will mix personal and work-related items which can sometimes lead to risks. Let’s go over the most common hidden threats attacking mobile devices.
Data Leakage
Both Android and Apple’s iOS have been prompting users about how data is accessed and used by mobile apps when installed. The reason behind this is that some nefarious applications (typically free) will use your contacts, photos, and other data for advertising or more malicious reasons.
Three apps targeted at kids were recently removed when it was found that they were collecting geolocation information (where you physically are). Luckily there are firms out there reviewing what apps are doing versus what they say they do.
To protect yourself, make sure you review the terms of data sharing when you install your apps. I know the legal items are boring but when your personal and business data are at risk, it’s worth the extra 30 seconds. Also review all the apps installed on your phone. If they’ve been installed for many years but you haven’t used them in a long time, remove them. They likely have permissions you aren’t even aware of.
Network Spoofing
Have you ever been in a Target or airport and noticed your phone connect to a Wi-Fi network automatically? Then, when you try to go to a website it prompts you to login with your username or password for United, Target, or others? Sometimes these are completely legit but sometimes, it’s a spoofing attack.
Malicious individuals love to create fake wireless hotspots with common names so that phones, laptops, and iPads will automatically connect to them. Those connecting are taken to fake login pages, just like you might see in a common phishing attack from emails. Once the login is given up, the attacker now has that account saved for later means.
To avoid these attacks simply avoid using free Wi-Fi altogether, when possible. Otherwise, don’t ever give up a login to use the service unless you’re completely confident you know the source.
Smishing
Yes, it’s a funny name and sounds like something a group of Smash Mouth fans might do. However, it’s a serious threat attacking mobile devices. It’s so serious that agencies are warning businesses in advance of the holiday shopping season. Smishing uses text messages to send malicious links or app installers.
You and your team have likely received some of these already. They can be messages stating that Comcast or ComEd have been trying to send you rebates. You could have a text indicating your bank is trying to return an overpayment. Regardless, if you aren’t expecting these messages, they should be discarded and reported.
Google has created a strong system for reporting and actively blocking scam and spam messages. The Android Messages app allows you to not only automatically screen the messages but also quickly report the malicious ones you may receive. Here’s how to make sure that’s configured on your phone and keep your team from “walking on the sun”.
Solutions for Mobile Devices
There’s no one single silver bullet. Your workforce needs to be mobile savvy. As part of your ongoing security training, staff need trained on the latest threats that are hitting businesses just like yours. Businesses also need to have policies and systems (MDM) in place that control what can go on company provided device and limit what’s accepted and allowed. Some are even deploying antivirus solutions as smart phones and tablets are becoming more like full scale computers.
A Zero Trust model of security will soon become the standard across many largely threatened industries. If your company wants to review mobile security or how Zero Trust can be applied, the team at 101 Digital is able to help.