The Latest F-Secure News
Product and Solution Information, Press Releases, Announcements
4 threats to your mobile security and what to do about them
Mobile devices play a major part in our everyday life. Most of us have at least one smartphone and possibly a tablet, and some have separate devices for work or other purposes. The groups not using them are all the time getting fewer, as elderly people and children are adopting them as well. Even the youngest kids might be using their parents’ mobile devices – if they don’t yet have their own. It is safe to say that most of us don’t pass a day without using one.
Not only are they so common, but their importance in our lives has increased significantly in a very short time. What used to be a tool to facilitate communicating has now become a way of life. Just think about what you use your mobile for: shopping, bank services, camera, email, listening to music, messaging, sharing stuff on social media, etc. To some the device and its features are part of their style and even identity.
Since we use our mobile devices for so many things and store so much personal and sensitive data on them, it is very important to protect them. Just like we protect our tabletop and laptop computers. Despite, not nearly as many people use cyber security apps for their mobile devices as for computers. Here are a few reasons why the security of your mobile device should be taken into consideration.
- Malware for mobile
- Unsecure connections
- Data leakage
While not yet as common as on the personal computer environment, malware targeted specifically against mobile devices do exist. For example, Triada malware is only targeting mobile devices, and causes harm by using root privileges. This allows it to control all installed apps. It mainly is used to show ads to the user, but it can also send SMS messages to premium phone numbers causing financial damage. Triada is also known to have downloaded harmful applications to infected devices. It has been called the most sophisticated mobile malware so far and is quite likely a sign that there will be more similar advanced mobile malware in the future.
While possible, it is unlikely that you will download malware through App Store or Google Play Store, but every now and then malicious apps do get through to official app stores. However, the story is different with unofficial app stores or websites, where the apps might not be screened in anyway. You should be very careful if you decide to download apps through other sources.
Connecting to a public Wi-Fi can pose a major risk. Web traffic within an unsecured Wi-Fi network is not encrypted and can be easily intercepted by someone who knows what they are doing. Unsecure public Wi-Fi networks can also be used to deliver malware. Unsecure public networks should be avoided – unless you are using a VPN, but more on that later.
Hackers can also establish unsecure access points in places where people often want to use Wi-Fi, such as coffee shops, airports etc. These networks might appear just fine – except that they are unsecure and can be used to access your traffic and device, and to phish for your login credentials. This act is called network spoofing.
Phishing emails are usually more effective on mobile due to the smaller screen and apps optimized for smaller screen space. Most email apps typically show only the name of the sender and not the email address of the sender, unless tapped on. With a quick glance scam emails can pass as legitimate more easily than on desktop. Combined with the fact that mobile devices are more often used in a hurry and on the go, it’s easier to let one’s guard down and fall for phishing emails and open harmful links or attachments.
Phishers can also try to target you by SMS messages, phone calls and instant messaging apps. What goes in the tabletop world goes here as well: don’t open random links if you don’t trust them, and no reputable company or authority will ask for important personal information through email or SMS. If you are suspicious of the source, but unsure if you really need to do something, try to contact who they claim to be to verify their intention. Better safe than sorry.
Data leakage is when a third-party gains unauthorized access to data without necessarily performing any kind of attack. It can happen many ways, some of which have nothing to do with mobile devices, but in the mobile world data leakage is one of the biggest security threats. We all have a plethora of apps on our devices, and many of them require us to grant them permissions to operate in a certain manner. That way they can have access to, for example, your microphone, camera, files and contacts. Often, we also insert our personal information or login credentials and credit card information into these apps in order to use them.
All these permissions and can lead to data leakage. Your data can be sold by the service providers to marketing purposes and it can be used to steal your identity if the data ends up on malicious hands. The data leaked can be very sensitive, such as corporate files or credentials, biometric data and other health information, not to mention credit card details. Data leaks can be at least embarrassing and stressful, even if nothing is done with the data.
It is always good to stop to think if it’s really necessary to grant the required permissions to the app. For example, some apps with access to the device’s microphone can listen to you through your device even when you are not using the app. Some apps on Android can ask for access to your SMS messages and call logs, and many apps may have access to your camera. Do you trust the apps and their developers enough to grant them these permissions? It’s also good to remember that while many legitimate apps or some of their features won’t always work the right way without some given permissions, even they can use your data in ways you might not want them to. And they usually do it with your permission.
Also keep in mind, that if the location is switched on all the time, the apps that have permission to use it can transmit data about you. Similarly, if you keep your Bluetooth on your all the time, your device can be attacked through it.
How to improve your mobile security?
As with any computer, keeping your operating system up to date is very important. Not only do updates improve the performance and possibly add features, they make your devices more secure. Same goes with app updates.
While anti-virus software might not sound as necessary for mobile devices as for your laptop, it is definitely good to have. Malware targeting mobile devices is getting more common as more and more web traffic and purchases are happening on mobile devices. While apps downloaded from official app stores are unlikely to spread malware, you can get infection from other sources, such as email, SMS messages or from malicious websites.
Additionally, some cyber security programs, such as F-Secure SAFE, warn you about possible privacy issues with app permissions. This is a good way to check what permissions you have granted to apps. Based on that info you can minimize data leakage through these apps. F-Secure SAFE also comes with a safe browser for your mobile device, which grants an extra layer of protection by filtering harmful sites and links.
Another way to counter data leakage generally is to use strong passwords and not reuse them on other profiles. If your login credentials become compromised one way or another, the damage will be limited. If you reused a password on multiple sites and profiles, they might all be compromised. If you do not yet have one, getting a password manager, like F-Secure KEY, is a really easy way to safely store multiple passwords and improve your security.
A very good way to improve your security on mobile is to get VPN for your phone. VPN secures your internet connection and makes it anonymous, and you can use public Wi-Fi connections safely. In addition, tracking attempts are blocked and you can access geoblocked material.
It’s always important to remember, that a major part of cyber security is the user. Software and security measures can take you only that far. If you use weak passwords on multiple platforms, fall for phishing scams, download suspicious content or grant unnecessary permissions to access your data, there’s not always much that can be done. And it’s not difficult to make mistakes in the internet, it can happen to anyone at any time. However, in addition to giving protection against external attacks and threats, security measures such as VPN, anti-virus and password manager make it significantly harder for any user-based error to occur and you are usually warned of possible threats. F-Secure TOTAL includes multiple solutions to improve the security of your mobile devices, such as password manager, safe browser, VPN and anti-virus program. You can get TOTAL for multiple devices and it works on Windows, Mac, iOS and Android.