Reading Time: ~ 3 min.

Mobile
devices have become an indispensable part of our lives. By the time we’re
teenagers, we’re already tethered to technology that lives in our pockets and
connects us to a network far larger than we ever imagined possible. Because of
the way we interact with our phones, it knows our likes, curiosities and
vulnerabilities, in addition to our passwords, financial data and most closely
held secrets. This seemingly infinite amount of data also makes our mobile
devices highly attractive targets for malicious actors. That’s why it’s
critical to protect phones from threats.

A
successful attack on your phone could compromise your personally identifiable
information (PII), banking accounts and even your professional life or the
success of your business. Just like you lock the doors of your house when you
go away, or your storefront after business hours, you should take care to secure
the entry points that cybercriminals use to gain access to the data on your
phone.

WiFi and Mobile APP threats

The
convenience and ubiquity of public WiFi and mobile apps are also their greatest
weakness. With unsecured public WiFi, you can never be sure if you’re
connecting directly to a secure hotspot or to a hacker, who is stealing your
information and relaying it to another malicious actor. Before you connect to
an unfamiliar public WiFi network, follow these best practices to reduce the
chances of compromising yourself:

  • Use a virtual private network (VPN) instead – VPN is highly recommended for all business
    communications. VPN keeps your network and Wi-Fi communications encrypted,
    which makes it much harder for hackers to access.
  • Disable sharing on all apps – While you may be comfortable sharing your
    location with apps when you’re on a secure connection, consider disabling it in
    system preferences or settings when you’re connecting to public WiFi.
  • Verify all
    public WiFi networks –
    Hackers can
    easily set up a public WiFi that looks like it’s owned by the proprietor.
    Before you connect to “Java House Guest WiFi,” ask someone behind the counter
    the exact name of their WiFi network.
  • Plug
    Bluetooth vulnerabilities
    – Hackers often
    use Bluetooth connections to infect or steal files. This puts personal data at
    risk when using Bluetooth. These attacks involve using the device for phone
    calls or text messages, or using Bluetooth functionality to find deeper
    vulnerabilities in the phone system or to steal data stored on the phone. Similar
    exploits exist for Apple users through the AirDrop feature. The best way to
    plug theses vulnerabilities is to turn off Bluetooth or AirDrop when not in
    use, keep your software up to date, only pair with trusted devices and use a
    VPN to encrypt your data and hide your identity.
  • Disable
    auto-join for open networks
    – Public
    WiFi networks are ideal environments for a range of cybersecurity attacks,
    including rogue networks, man-in-the-middle attacks, viruses, and snooping or
    sniffing. To prevent the likelihood of these attacks, remote users should turn
    off Wi-Fi auto-connect settings for public WiFi networks.

With
more than 120 million Android users, Android malware continues to be a real and
increasingly common threat. Google has already pulled a large number of
malicious apps from the Play store. But the open nature of the Android
operating system makes it an easy play for hackers. The year 2020 has been a
particularly risky one for mobile app users. A few of the more dangerous mobile
threats in circulation include:

  • Joker – Since 2019, Joker has been stealing
    credit card information and banking credentials by simulating other legitimate
    apps.
  • CryCryptor – Based off the open-source ransomware
    CryDroid, this mobile variant has been spotted masquerading as a COVID-19
    tracing app.
  • EventBot – This malicious app abuses
    accessibility features to steal user data, and reads and steals SMS messages to
    bypass two-factor authentication.
  • Dingwe – This modified remote access tool is capable
    of controlling a device remotely. Samples have been found impersonating as
    COVID-19 tracing apps.

Many
of these malicious operators use various tricks to evade detection. Since
Android devices can come with hundreds of apps pre-installed, there’s a high
potential for security gaps that a malicious app maker could exploit.

#1 Defense Measure: Update the OS

One
of the major vulnerabilities with Android devices is outdated software. More
than 40% of Android devices are using an OS version older than v9. This makes
them more vulnerable to malicious applications.

Webroot® Mobile Security can help improve your mobile defenses without
impacting your browser speed. It allows you to browse, shop, search, bank or
use social networks, all while blocking malicious websites that try to steal
your personal information. Webroot® Mobile Security includes proactive identity
protection features, which block malicious sites that try to steal your
personal info or harm your device. With Webroot® Mobile Security, you can hide
your digital footprint and your browsing history through private browsing mode.

Steven Jurczak

About the Author

Steven Jurczak

Product Copywriter

Steven Jurczak is a Product Copywriter at Carbonite and Webroot. He blogs about backup and recovery technology, information security and IT industry trends.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: