Your handset is always at risk of being exploited. Here’s what to look out for.
Our mobile devices are now the keys to our communication, finances, and social lives — and because of this, they are lucrative targets for cybercriminals.
Whether or not you use a Google Android or Apple iOS smartphone, threat actors are constantly evolving their tactics to break into them.
This includes everything from basic spam and malicious links sent over social media to malware capable of spying on you, compromising your banking apps, or deploying ransomware on your device.
The top threats to Android and iOS smartphone security in 2022
Phishing and smishing
Phishing occurs when attackers send you fake and fraudulent messages. Cybercriminals attempt to lure you into sharing personal information, clicking malicious links, downloading and unwittingly executing malware on your device, or handing over your account details — for a bank, PayPal, social network, email, and more.
Mobile devices are subject to phishing through every avenue PCs are, including email and social network messages. However, mobile devices are also vulnerable to smishing, which are phishing attempts sent over SMS texts.
Regarding phishing, it doesn’t matter if you are using an Android or an iOS device. To fraudsters and cybercriminals, all mobile devices are created equally.
Many of us forget an essential security measure: physically securing our mobile devices. We may not use a PIN, pattern, or a biometric check such as a fingerprint or retina scan — and if so, we are making our handset vulnerable to tampering. In addition, if you leave your phone unattended, it may be at risk of theft.
Your best defense: Lock down your phone with a strong password or PIN number, at a minimum, so that if it ends up in the wrong hands, your data and accounts can’t be accessed.
SIM hijacking, also known as SIM swapping or SIM porting, is the abuse of a legitimate service offered by telecom firms when customers need to switch their SIM and telephone numbers between operators or handsets.
Usually, a customer would call their telecom provider and request a switch. An attacker, however, will use social engineering and the personal details they discover about you — including your name, physical address, and contact details — to assume your identity and to dupe customer service representatives into giving them control of your number.
In successful attacks, a cybercriminal will be able to redirect your phone calls and texts to a handset they own. Importantly, this also means any two-factor authentication (2FA) codes used to protect your email, social media, and banking accounts, among others, will also end up in their hands.
SIM hijacking usually is a targeted attack as it takes data collection and physical effort to pull off. However, when successful, they can be disastrous for your privacy and the security of your online accounts.
Your best defense: Protect your data through an array of cybersecurity best practices so that it can’t be used against you via social engineering. Consider asking your telecom provider to add a “Do not port” note to your file (unless you visit in person).
Nuisanceware, premium service dialers, cryptocurrency miners
Your mobile device is also at risk of nuisanceware and malicious software that will force the device to either make calls or send messages to premium numbers.
Nuisanceware is malware found in apps (more commonly in the Android ecosystem in comparison to iOS) which makes your handset act annoyingly. Usually not dangerous but still irritating and a drain on your power, nuisanceware may show you pop-up adverts, interrupt your tasks with promotions or survey requests, or open up pages in your mobile browser without permission.
While nuisanceware can generate ad impressions through users, premium service dialers are worse. Apps may contain hidden functions that will covertly sign you up to premium, paid services, send texts, or make calls — and while you end up paying for these ‘services,’ the attacker gets paid.
Some apps may quietly steal your device’s computing resources to mine for cryptocurrency.
Your best defense: Only download apps from legitimate app stores and carefully evaluate what permissions you’re allowing them to have.
Open and unsecured Wi-Fi hotspots are everywhere, from hotel rooms to coffee shops. They are intended to be a customer service, but their open nature also opens them up to attack.
Specifically, your handset or PC could become susceptible to Man-in-The-Middle (MiTM) attacks through open Wi-Fi connections. An attacker will intercept the communication flow between your handset and browser, stealing your information, pushing malware payloads, and potentially allowing your device to be hijacked.
You also come across ‘honeypot’ Wi-Fi hotspots every so often. These are open Wi-Fi hotspots created by cybercriminals, disguised as legitimate and free spots, for the sole purpose of performing MiTM.
Your best defense: Avoid using public Wi-Fi altogether and use mobile networks instead. If you must connect to them, at least consider using a virtual private network (VPN).