How to stop cyber attacks from ruining our mobile lifestyles

Smartphone sales passed a billion last year, a figure that could double by 2016. Three quarters of users access mobile internet services on their phones and the switch to mobile communications is transforming the global econom — transactions data suggests that mobile accounts for more than 30% of global ecommerce. All of these trends underline the growing importance of mobile computing security.

With the growth of cyber-crime and cyber-spying, the list of potential traps is growing. By joining an open Wi-Fi hotspot in a restaurant, we risk a man in the middle (MITM) attack. A downloaded app could hide malignant code that takes over our phone. A compromised website might ask us to install software to visualize its pages that carries a virus or malware.

The vast majority of these attacks blend technical trickery with social manipulation. Typically, the attacker displays some message or warning to trick his victim into performing certain actions or divulging confidential information.

Source: McAfee Mobile Threat Report, February 2015

Where the threats come from

Last month, ‘ransomware’ targeted South American and US mobile users. A fake video app, widely promoted in Android marketplaces and circulating via email and text messaging, locked a victim’s smartphone and displayed a message “from the FBI” explaining they had found illegal and/or pornographic material and the only way to unlock the phone was to wire some money.

New threats pop up every day especially on Google’s Android, which is by the dominant operating system for mobile. Unlike Apple, Android allows applications to be installed from unknown developers. But Apple’s iOS is far from perfect. In 2014, the US National Vulnerability Database reported nearly 130 vulnerabilities for iOS, 32 as “highly dangerous”.

It is common for security experts to hold back from telling software vendors about bugs and holes they discover because such intelligence is part of what makes their services valuable to customers who use the technology.

Both Android and iOS support data encryption, but developers often fail to integrate it properly in their apps. In early 2014, an app launched by Starbucks (the most widely used mobile payment app in the US) stored user names, email addresses, and passwords in clear text, allowing anyone with a PC to download all the personal data. Starbucks quickly updated its mobile app to fix the security issues.

Any system update or new release carries a threat. in 2014, the Samsung Galaxy S5 and other high-end smartphone models were hacked in competitions designed to expose security issues.

How to fix the security gap

The market does provide some solutions to deal with such threats. Manufacturers nowadays enable users to remotely locate their device and delete all data when mobiles are lost or stolen. Attack prevention apps can alert us to potential risks before each installation and provide real-time analysis and reports on attempted attacks.

Can we consider these measures good enough? Of course not. The human factor remains the weakest hole and no patch can fix it. How often do we read about a government system routinely using ‘password’ for passwords and of managers using their devices for both personal and business activities. We tend to blindly install any app suggested to us without before asking ourselves: can I trust this developer?

And who takes notice of the list of permissions that those apps are asking for before installation? Even if our anti-virus program finds no problem and the app seems secure, these permissions allow a manufacturer or developer to share our personal information with third parties without our knowledge.

Every user needs a basic level of self-defence knowledge for mobile security. Media outlets should play a major role in increasing user awareness. And government agencies and high-tech companies should step up information security for mobile devices.

Author: Andrea Stroppa, Blogger, Huffington Post Italia

Image: A woman speaks on her BlackBerry mobile phone at a shopping mall in Dubai August 2, 2010. REUTERS/Mosab Omar