Do you know what threats your mobile devices face?

Phishing and scams

When phishing occurs, cybercriminals attempt to trick victims into sharing personal information, clicking on malicious links, downloading and inadvertently executing malware on the victim's device, or handing over account details - bank, social network, email, etc.

Mobile devices are subject to phishing attacks in the same ways as PCs, including email and social networking messages. However, mobile devices are also susceptible to phishing attempts sent via SMS text messages.

When it comes to phishing, it doesn’t matter whether we are using an Android device or an iOS device. To fraudsters and cybercriminals, all mobile devices are created equal for phishing attacks.

Best defense: Don't click on links in emails or text messages unless you are 100% sure they are legitimate.

Physical Security

The most basic security measure, and the one we tend to overlook the most, is physical security: physically protecting your mobile device. Without a PIN, pattern, or biometric check, such as a fingerprint or retina scan, your phone is vulnerable to tampering. Additionally, if you leave your phone unattended, it could be at risk of theft.

Best defense: At a minimum, lock your phone with a strong password or PIN so that if it falls into the wrong hands, they won't be able to access your data.

SIM hijacking

SIM hijacking, also known as SIM swapping or SIM porting, is the abuse of a legitimate service provided by telecommunications companies when customers need to switch their SIM and phone number between carriers or phones.

Typically, customers will call their telecom provider and request to switch. Attackers will use social engineering and personal details they discover about us (including name, physical address, and contact details) to impersonate us and trick customer service representatives into giving them control of our number.

In a successful attack, cybercriminals would be able to redirect our calls and text messages to phones they own. Crucially, that means any two-factor authentication (2FA) codes used to protect our email, social media and bank accounts, etc., could also fall into their hands.

SIM hijacking is usually a targeted attack that requires data collection and effort to pull off. It can have disastrous effects on our privacy and the security of our online accounts.

Best defense: Protect data with a range of cybersecurity best practices so it can’t be used against you through social engineering.

Nuisanceware, Advanced Services Dialer, Cryptocurrency Miner

Mobile devices are also at risk for nuisance software and malware that could exploit the device to make calls or send messages to premium numbers.

Nuisanceware is malware found in apps (more common in the Android ecosystem than iOS) that causes the victim's phone to behave in an annoying way. Typically not dangerous, but still irritating and a drain on battery, nuisanceware may constantly pop up ads, interrupt normal business with promotions or survey requests, or open pages in a mobile browser without permission.

While nuisance software can generate ad impressions through users, premium service dialers are worse. Apps may contain hidden features that secretly sign up for premium paid services, send text messages or make calls, and when you end up paying for these "services", the attacker gets a commission.

Some apps may quietly steal computing resources from a user’s device to mine cryptocurrency.

The best defense: Only download apps from legitimate app stores, and carefully evaluate the permissions you allow them to have.

Wireless network

From hotel rooms to coffee shops, open and unsecured Wi-Fi hotspots are everywhere. They are intended to be a customer service, but their openness also makes them vulnerable to attack.

Best Mobile VPN

Here's how to find an effective virtual private network service for iOS-powered iPhones and Android smartphones.

Specifically, a phone or PC could be vulnerable to a man-in-the-middle (MiTM) attack over an open Wi-Fi connection. The attacker would intercept the communication stream between the phone and the browser, steal information, push malware payloads, and potentially hijack the device.

We often come across fake WIFI hotspots, which are open Wi-Fi hotspots created by cybercriminals, disguised as legitimate and free hotspots with the sole purpose of performing MiTM.

The best defense: Avoid public Wi-Fi altogether and use mobile networks instead. If you must connect to them, at least consider using a virtual private network (VPN).

Surveillance, spying and tracking software

Surveillance software, spyware and stalkerware come in many forms. Spyware is usually generic and will be used by cyber attackers to steal information including PII and financial details. However, surveillance software and stalkerware are often more personal and targeted. For example, in a domestic abuse situation, a partner may install surveillance software on your phone to track contacts, phone calls, GPS location and who you are contacting and when.

Best defense: Antivirus scans should take care of generic spyware, and while there is no silver bullet for surveillance or tracking software, you should be aware of any suspicious or unusual behavior on your device. If you believe you are being monitored, make your personal safety your top priority.

Ransomware

Ransomware affects both mobile devices and PCs. Ransomware will attempt to encrypt files and directories, lock the phone, and demand payment (usually in cryptocurrency) through a ransomware landing page. Cryptolocker and Koler are prime examples.

Ransomware is often present in third-party applications or deployed as a payload on malicious websites. For example, you might see a pop-up request to download an application - disguised as being from a software cracker, etc.

Best defense: Keep your phone on the latest firmware, turn on basic security protections for your Android or iOS phone, and don't download apps from sources other than official repositories.

Trojans, financial malware

Mobile malware variants are numerous, but basic protections from Google and Apple block many of them. Among malware families, Trojans top the list. Trojans are a form of malware developed with data theft and financial gain in mind. Mobile variants include EventBot, MaliBot, and Drinik.

In most cases, users download malware themselves, which may be packaged as seemingly legitimate apps or services. However, once they are installed on the phone, they overlay the window of the banking app and steal the credentials submitted by the user. This information is then sent to the attacker and can be used to steal data such as bank account numbers. Some variants can also intercept 2FA verification codes.

Most financial Trojans target Android phones. Although iOS variants are less common, some, including XCodeGhost, do exist.

Best defense: Keep your phone up to date with the latest firmware, turn on basic security protections for Android or iOS phones, and don’t download apps from sources other than official repositories. If you suspect your phone has been compromised, immediately stop using financial apps, disconnect from the internet, and run both personal checks and antivirus scans.

Mobile Device Management Vulnerabilities

Mobile device management (MDM) solutions are enterprise-grade tools for employees. MDM capabilities can include providing employees with a secure channel to corporate resources and software, propagating the company’s cybersecurity solutions and scans to each endpoint device, and blocking malicious links and websites.

However, if the central MDM solution is infiltrated or otherwise compromised, each mobile endpoint device is also at risk for data leakage, surveillance, or hijacking.

Best defense: The nature of MDM solutions puts end users out of control. Therefore, there is no way to protect against MDM intrusions. You can maintain basic security hygiene on the device, making sure it is up to date and that personal apps and information are kept away from work devices.

How to physically secure the device?

The lock screen is the gateway to your device, data, photos, private documents, and apps. Therefore, keeping it secure is critical.

On Android, consider the following setup:

• Screen lock types: swipe, pattern, PIN, password, and biometric checks using fingerprint or face
• Smart Lock: Keep your phone unlocked when you're with it, and you decide what situations are considered safe
• Automatic factory reset: Automatically wipe the phone after 15 incorrect unlock attempts
• Notifications: Choose which notifications appear and what content appears, even when the phone is locked
• Lockdown mode: Starting from Android 9.0, you can enable lockdown mode
• Find My Device: Find, lock, or erase a lost device

On iOS devices, view:

• Password: Set a password to unlock your device
• Face ID, Touch ID: Biometrics can be used to unlock devices, use apps, and make payments
• Find My iPhone: Find, Track and Block a Lost iPhone
• Lockdown Mode: Apple previewed its own version of Lockdown Mode in July. Described as "extreme" protection for a small subset of users, the upcoming feature will provide increased security against malicious links and connections, as well as wired connections when the iPhone is locked.

What are the characteristics of a malware infection?

If your Android or iOS device isn't functioning properly, it might be infected by malware or other threats.

It should be noted that:

• Battery life drain: Batteries degrade over time, especially if you don't often let your phone run dry or if you're constantly running high-powered mobile apps. However, if your phone suddenly heats up and loses power unusually quickly, it could mean malicious apps and software are eating up resources.
• Unexpected behavior: If your smartphone behaves differently and a new app or service was recently installed, this could be a sign that all is not well.
• Unknown apps: Software that suddenly appears on your device, especially if you allow apps from unidentified developers or have a jailbroken smartphone, could be malware or surveillance apps that were installed without your knowledge or consent.
• Browser changes: Browser hijacking, changes to different search engines, web pop-ups, and ending up on pages you unintentionally visited can all be signs of malware tampering with your device and data.
• Unexpected Bills: Premium number scams and services are operated by threat actors to generate fraudulent revenue. If you receive unexpected charges, calls, or text messages to a premium number, this may mean you have fallen victim to a threat.
• Service disruption: SIM hijacking is a serious threat. It is often a targeted attack with a specific goal, such as stealing cryptocurrency or accessing an online banking account. The first sign of an attack is a sudden loss of phone service, which indicates that the phone number has been moved somewhere else. Warnings of poor signal, inability to make calls, or only emergency calls may indicate that a SIM card swap has taken place. Additionally, you may see notifications in emails about account resets or alerts that new devices have been added to existing service.

What should I do if my phone is hacked?

If you suspect your Android or iOS device has been infected with malware or otherwise compromised, you should take urgent steps to protect your privacy and security. Consider the following steps:

• Run a malware scan: You should make sure your phone is up to date with the latest operating system and firmware, as updates often include patches for security holes that can be exploited in attacks or malware distribution. Google and Apple offer security protection for users, but it never hurts to download a dedicated antivirus app. Options include Avast, Bitdefender, and Norton. Even if you stick to the free versions of these apps, it's better than nothing.
• Delete suspicious apps: Deleting strange apps is not foolproof, and any app you don't recognize or use should be deleted. In the case of nuisance software, for example, deleting the app may be enough to restore your phone to normal. You should also avoid downloading apps you don't trust from third-party developers outside of Google Play and the Apple Store.
• Re-enable permissions: The permission levels of apps on your mobile device should be reviewed from time to time. If they seem too broad for the app's functionality or utility, consider revoking them or deleting the app entirely. Keep in mind that some developers, especially in the Android ecosystem, offer useful utilities and apps in Google Play only to turn them into malware.
• In other words, legitimate apps don’t always stay that way, and these changes can appear out of the blue. For example, in 2021, a popular barcode scanner developer pushed out a malicious update and was able to hijack millions of devices at once.
• Tighten communication channels: Open public Wi-Fi networks should not be used. Instead, stick to mobile networks; turn off Bluetooth, GPS, and anything else that broadcasts data if you don’t need it.
• Premium Service Dialer: If you have an unexpected bill, check your apps and delete anything suspicious. You can also call your telecom provider and ask them to block premium numbers and SMS messages.
• Ransomware: If you are unfortunate enough to fall victim to mobile ransomware and lose access to your device, you have several options.

If you receive a ransomware alert before your device is encrypted and displays a ransom note, cut off the internet and any other connections — including any wired links to other devices — and boot your phone in Safe Mode. You may be able to delete the offending app, run an antivirus scan, and clean up before any major damage occurs.

However, if the phone is locked, the next steps are more limited, as removing the malware will only solve part of the problem.

If you know what ransomware variant you have on your phone, you can try using a decryption tool, such as those listed by the No More Ransom project. You can also provide information to Crypto Sheriff, and researchers will try to figure out what type of malware you're dealing with, free of charge.

In the worst case, you may need to perform a factory reset. Removing the ransomware will stop it from spreading further, but it won't recover the encrypted files. If you've been backing up your data, you may be able to restore your device after the reset.

Keep in mind that paying the ransom does not guarantee that your files will be decrypted.

• Trackware, surveillance software: When you know or suspect you have been targeted by tracking software or surveillance software, this can be very difficult to deal with. If basic generic spyware has been installed on a device, Google, Apple, or a dedicated antivirus application should identify and remove it.

But let's say a partner or other close contact is monitoring you and you try to delete a tracking software app from your phone. In this case, they will be alerted directly or they will realize it because they no longer receive your information.

First, to reduce risk, consider linking important “hub” accounts, financial services, and cryptocurrency wallets to a number that is not publicly associated. A simple pay-as-you-go number will work, so if a personal or work number is compromised, the potential for theft is limited.