Our mobile devices in-arguably make daily transactions easier and more convenient. From paying bills on our smartphones to banking on our tablet, we are living more and more of our lives on our mobile devices. However, with all of this agility comes a measure of concern.
Hackers are also taking notice of our mobile transactions and creating virus and malware that target mobile users specifically. Let’s be honest, we aren’t going to give up our on-the-go lives anytime soon, so what can we do to protect and combat mobile malware?
Review Central speaks to Mohammad Ismail, the Identity and Access Solution Manager for Middle East and Africa at Gemalto, about the increasing threats of malware on mobile devices and the ways to combat the problem
What are hackers and other malicious elements looking for in regard to attacks on mobile devices – what are the motivating factors?
Hackers’ motivations can be driven by various factors. While only few hackers are looking for pure technical exploit, the vast majority of them will be looking for information, data they can monetize.
This could either be through the information stored on the mobile device or through gaining access to the corporate network through the device to steal financial or customer data.Making money is the main driver; this is why protecting your credentials such as banking details, corporate login passwords to access network is clearly a priority.
Currently, what are the biggest threats to our mobile devices?
The rise of mobility and the increase of data and information stored on mobile devices make them a prime target for criminals. Much like the early days of the Internet or PCs, new mobile technologies are introducing new security risks.
Hackers are now also targeting mobile phone devices, and mobile malware more than doubled. Hackers are targeting the mobile OS, the web browser, the means of communications, the client applications and the user behaviour. Mobile malware uses all of the same techniques as with desktops or laptops:
Trojans, dialers, phishing, malicious sites, spoofing, and man-in-the-middle. The malicious attacks may result in identity theft, unauthorised access to confidential data, altered data, unwanted phone calls or denial of service, and so on.
Some of the data retrieved by hackers are of no immediate interest whilst some other can give important profiling information such as banking details, preferences, location, personal address, sensitive corporate information in the event the device is either a corporate one or part of a BYOD policy, and the list is endless.
Apple users often think that they are immune to mobile malware attacks – is this true, how much does the OS affect our privacy and security?
Mobile malware is a big market where nobody is really immune, even if by having a tight control and a limitation in the number of handset models and OS versions, it is easier to deploy countermeasures.
Security needs to be taken seriously at all stages and never be taken for granted. Apple users are no exception to this and the rise of mobility and the increase of data and information stored on mobile devices make them a prime target for criminals. According to Juniper Research, it grew by 155% across all platforms—Apple’s iOS, Research In Motion’s BlackBerry and Symbian. Making sure that your device is always updated with the latest software versions and security patches is important.
What can we, as consumers, do to combat mobile malware?
Consumers can respect simple security rules when communicating important personal information using their mobile. They can also make sure that a reliable identification is taking place between them and the network, using strong authentication technology.
It is also important to ensure your mobile manufacturer or your mobile network operator is providing you with a handset or a SIM card which features and offers a secure spot or a security vault inside the mobile (either at handset level or on the secure element in the SIM) where the most important and sensitive personal data and credentials can be securely stored and protected.
In addition, and because nowadays many mobile phones are actually corporate phones provided by employers, CIOs can also have a strategy on how to address these issues to first limit access to a lost or stolen device through embedded mobile security and also ensure that mobile devices are segmented from access to sensitive data.
How are mobile malware and other malicious attacks different from traditional threats?
The attacks themselves are not different from the ones which could be targeting a PC but their impact and the consequences of the attack can actually be much more significant and damageable because the mobile phone is increasingly becoming one of the most important connected device of one’s life and therefore carries all kind of personal data including payment, corporate/private sensitive information.