Smart Phone security: the new frontier for cyber security.

In an age of inter-connected network and devices, cyber security has emerged as one of the foremost challenges for tech experts and lay people alike. However, for a long time until smart phones made their presence, the threat was widely conceived in terms of data and information on desktop and laptop computers possibly being susceptible to mischief by hackers and cyber criminals. And mobile devices were considered to be immune to those cyber threats. Given that the earliest feature phones were not internet-enabled, cyber security was hardly a matter of concern with respect to them. However, with the advent of internet-enabled smart phones based on complex technologies, third party operating systems and third party software complete with wide-ranging features allowing a whole lot of multimedia communication, the cyber security threat to mobile devices has become very real. As such, mobile security has emerged as the new frontier for cyber security in recent years.

Smart phones, a handheld mobile computer

For all intents and purposes, smart phones are essentially a hand-held mobile computer which allows a user to perform all tasks and functions on a mobile device just as he would do the same on a desktop computer or a laptop. With internet thrown in, the device as well as all the other devices connected to it through the internet network, wirelessly or otherwise, automatically becomes vulnerable to cyber security threats and attacks. In a wireless world of Internet of things (IoT), the risks escalate to a new level altogether.?????

What is mobile security?

Cisco defines mobile device security as the full protection of data on portable devices and the network connected to the devices. Common portable devices within a network include smartphones, tablets, and personal computers.

The Indian mobile phone threat landscape

According to Quick Heal, a popular anti-virus solutions provider, over 3,000 Android malware are reported per day based on data which was mostly India-specific.?In another estimate published at the beginning of last year, about 60-70% of the mobile attacks are made on Indian targets.?Therefore, there has been repeated reporting of how Indian mobile users have been one of the worst victims of cyber security incidents and attacks. Sometime in the middle of last year, the Computer Emergency Response Team (CERT-In) had to issue an advisory for those?

android users who were using their phones without running the latest Androd-10 OS. In this, the microphone, camera and the GPS systems of the phone could have been compromised allowing the hackers to snoop on the phone users and get access to passwords, personal messages, photos and even keep a tab on the physical location of the user.?About a month before this incident, the CERT-In had to issue a warning to android users cautioning them against an imminent mobile banking malware called EvanBot. This malware could masquerade as a genuine app, infiltrate the smart phone, bypass the two-factor authentication process involving OTP usage and override Android’s in-built accessibility features, attack the financial applications and steal valuable financial data of the user.

The nature of potential threats to a smart phone

Just as desktops and other computing devices connected through the internet are amenable to be exploited by cyber criminals, so are mobile devices. Whether through browsing a malicious website, or downloading a dubious application, or downloading a suspect attachment, or accessing an unreliable WiFi network, it is essentially malware which impact the defences of a smart phone. Some of the malware which could ‘cast an evil eye’ on the data as well as functioning of a smart phone are as follows.

One,?trojans?are the biggest threats to mobile device security comprising over 95% of mobile malware, according to Kaspersky, a leading anti-virus solutions provider.?This legitimate-looking fake software spreads through user interaction and can harm in a number of ways such as mildly disrupting user experience by changing the mobile screen displays, deleting or stealing data or even taking control of the device by creating backdoors and getting illegitimate access to the device and data. The same company also estimates that over 98% of?attacks involving?mobile banking attack Android devices.?A trojan called Switcher Trojan has been known to affect android devices particularly by attacking the routers on their wireless networks and redirecting traffic.

Two, another malware is?madware?or what is called mobile adware, a programme that installs itself on the phone without the user knowledge and consent for better targeting with advertisements. It teams up with?spyware?to illegally collect data on the user’s location, buying habits and preferences and sell that data to relevant companies.

Three,?virus?is another frequently found malware that impacts systems and files by replicating itself and attaching itself to another file. Like a Trojan, its effects can variously range from minor disruptions to serious denial-of-service (DoS) to mobile users.

Four,?ransomware?is another malware that involves ‘holding the user to ransom’ by illegitimately encrypting the user data, files, photos and videos on his device and not allowing him to access that data unless he pays a ransom for it.??????

Five,?mobile banking malware?is another prominent weapon increasingly used by cyber attackers to steal financial details and money through online channels.

Six,?MMS malware?have also been used to attack mobile phones. What is really scary about some of them is that they can be activated on a phone without any user activity or interaction by sending a simple-looking MMS to the phone.

Seven,?SMS malware?has been used to mischievously send messages to premium rate numbers from the affected user phone leading to an extraordinary spike in the user’s phone bills.

What should mobile device users do?

First, create a strong and difficult-to-crack password. Preferably, use biometrics authentication methods by setting up fingerprint pr facial recognition modes.?

Second, go for a full-device encryption on your phone. This would mean that not only regular data is encrypted but even application data in temporary locations such as cache too.

Third, avoid financial and any private transactions on public WiFi network. Also, stay vigilant against any incoming but unverifiable app, message, attachment or a URL.

Fourth, scrutinize app permissions on phone very closely.

Fifth, set up remote wipe capabilities which serve as a shield in the event of a device getting lost.??

Six, get anti-virus security software for mobile phone. Don’t forget to continually updating it.?

And finally for the companies, they should opt for a proper Enterprise Mobility Management (EMM) solution. They could also consider advanced e-mail security, endpoint protection, VPN

secure web gateway and cloud access security broker for the mobile device use of their employees.