With about 1.17 billion mobile phones and more than 500 million mobile broadband subscriptions in the country, we are rapidly advancing towards a digitally-connected environment.
In today’s rapidly-evolving world, mobile phones have become an integral part our daily life. With about 1.17 billion mobile phones and more than 500 million mobile broadband subscriptions in the country, we are rapidly advancing towards a digitally-connected environment. We use several smart Apps that help us in business, knowledge sharing, social networking, shopping, edutainment and payments, among others. It adheres to all our commands through fingertips and even through gestures and to fulfil our needs. Smart devices simplify our lives by offering connectivity through different modes such as WiFi, internet, Bluetooth, OTG dongles and even the old-school wired networks. However, if there is lack of discretion among users, malicious actors can lead to exploitation too.
Below mentioned are some mobile device App threats that every user should be cautious of:
Some Mobile Operating Systems such as Android are more vulnerable to malware that can affect users with data or personal information stealing codes or Ransomware, while many popular Apps can be the victim of malicious activities like “App cloning”. The bad actors host cloned App on the Play Store or make .apk files on their website that promises users to “preview” certain apps or get an “early access” to the latest version of some popular apps. It appears to be a legitimate App but when users install the cloned App, it forces them to grant full access to their mobiles and in effect, it can eavesdrop on everything one does on their phones. This may include photos, personal and sensitive information, keystrokes and even passwords that one uses to access various websites or Apps for personal use. These rogue apps can also take the form of Ransomware where users are forced to pay large sums of money to the bad actors in order to get their sensitive stolen data back.
There is a compelling tendency among users to download and share files such as apps & software, movies, music and games etc. through torrents, other content hosting sites and even through Bluetooth connections. But one should remember that most of such pirated materials come with their own peril. Unknown to users, some malware manages to gain access to data stored in mobile device.
Free charging slots
Attackers forever look for ingenuous ways to park their Malware into mobile phones. How would one react when communicated that their phone is vulnerable every single time they put it up for charging at “free” charging stations? Remember, what we assume to be a simple charging connector at cafeterias, shopping malls, railway stations or airports can also be used to push malicious code or data to your phone if the charging station is compromised.
Apart from these threats, there could be a possibility that even legitimate apps are not well secured or have vulnerabilities in their coding. It can let a malicious Trojan read and transmit contents of emails and SMSes to the hijackers. Imagine a situation where these bad actors are able to receive dynamic OTP sent to you by your bank! Users can be bled badly if these apps possess your card or bank account-related static information stored by you.
So how should one protect your handheld devices from being compromised?
Whenever users buy a new mobile phone, the first thing they should do is to download a reputed, paid antivirus or antimalware. Remember that there is no free lunch. There is a possibility that several so-called “free” Antivirus software apps themselves are Malware, Adware or Bloatware. It may inundate you with advertisements and sticky pop-ups or at worst, may destroy your phone and render it useless.
Users should download Apps from authentic source and never “jailbreak” or “root” your phone to install Apps from websites or transmit Apps through other means. Rooting is a process that allows you to attain root access to the Android operating system code. It may completely expose your phone and remove all privacy and protection. At worst, your mobile phone can be recruited as part of a “botnet” which can be used to stage attacks against other websites such as government websites and other establishments.
Always be aware that malware files can be disguised to look as music, movie or e-book files, among others. Before downloading any App, look for its reputation ratings on the official App stores meant for your phone — be it Android Play store or the Windows/ Apple App stores.
One should always pair their device to a trusted source via Bluetooth or through any other means.
And lastly, always connect your device to a power source that you trust! These measures should keep you reasonably safe.
(By Niranjan Kumar Upadhye, General Manager, Fraud Risk Management, Worldline India)