We have already asked the question of whether the mobile devices we use are safe and received the answer that there are a lot of risks that affect the security of the devices, especially those that are always online. One solution to this problem is to use anti-virus software. Here are a few frequently asked questions answered.
Are mobile devices safe to use?
They generally are, but only if care is taken of how they are used. Although mobile operating systems have implemented a fairly enviable level of user inattention security, applications in which developers have not paid attention to security or some malicious applications can make the device unsafe.
What are all the dangers that users don’t usually think about that safe mobile devices bring?
There are many obvious and hidden dangers: identity theft, money theft, documents theft. Of course, there are also malicious programs that can have very destructive behavior (for example, they can delete data from the device or damage the functioning of the device). These applications can use mobile devices as a source of revenue in many ways – they can use the processing power of bitcoin mining devices on behalf of the creator of the application; can display and automatically click on ads, and sometimes an attacker can use a network of compromised mobile devices to attack a particular site by sending a large number of requests from all those devices to that site to bring it down (DDoS attack).
Interestingly, stealing money with mobile devices has become easier than ever – it is enough that some malicious program installed on the phone sends a message to a certain number, and you are robbed. Mobile devices are also a perfect tracking tool. They can record your location, voice, take pictures or record videos at any time and monitor all your activities. This information can be used to undermine one’s reputation or to steal one’s identity.
One of the sources of danger is the environment in which the mobile device operates. Data is partly exchanged over the air, either through WiFi or the mobile network to the base station. With the appropriate equipment, this traffic can be intercepted, and after that, the data passes through a large and often unknown network of routers on the Internet. If one of the routers is compromised, the attacker can see all the data passing through it.
Another type of danger lies in the physical theft of the device. Stealing the phone itself doesn’t have to be a terrible thing, however, an attacker can thus come into possession of all the accounts you use via mobile and the matter becomes much more serious. For example, this way an attacker can access your bank account, PayPal, Facebook, and all other online accounts. This can cause you great material and non-material damage.
Tell us more about viruses that attack mobile devices. How threatening are they and what exactly happens when they reach mobile devices?
Malicious software is a very serious threat. I use the term malicious software because a virus is just one class of such programs. The virus needs a host application to which it is attached in a certain way, and with the launch of that application, the virus itself starts and replicates. The word “virus” became familiar to all programs of this type, probably because they were one of the first and most common malicious programs during the ’80s and ’90s of the last century. I must mention that viruses themselves are not common on mobile devices, but there are other classes of malware that are much more common, such as Trojans and worms.
Malicious software: viruses, trojans, and worms
A Trojan is a malicious software that looks like a useful application or game, but in some way harms the user or the phone when launched. Trojans are often copies of an application that has been redesigned to have a malicious routine that harms the user. A lot of Trojans are in mobile app stores like Google Play or AppStore. In order for a Trojan to cause damage, the user must install and run it.
Unlike Trojans, worms are malicious programs that do not require any user action. They can be spread via a network, Bluetooth, e-mail, etc. They usually use some system vulnerability to infiltrate the device and start executing it (tracking user actions, stealing accounts, etc.).
Malicious programs can do you enormous damage – steal your identity; send information about your habits, movement, location, and endanger your privacy; they can cause financial damage by calling and sending messages without your knowledge. However, there are other threats that occur at the network (data interception) or server level (insecure servers can be compromised and harm all users of that application or service).
How can we protect ourselves from malicious software and make our devices more secure?
The biggest threat to the security of mobile devices is the inattention and ignorance of users. Although mobile devices provide a number of data protection and encryption tools, they are often not used or turned off. In this way, the user is exposed to unnecessary risks. To be safer, use these protection systems.
Finally, what can be done to increase the level of security of mobile devices?
There are two sides that can and must address the issue of mobile security – developers on the one hand and users on the other. Mobile application developers are often not sufficiently familiar with the ways in which they can protect their applications, and it happens that they make a certain omission that becomes a security risk. Therefore, developers must increase the level of their knowledge about safe programming of mobile applications and be careful when programming and apply their knowledge in the right way. I would also include network and server administrators here, who must also be constantly educated and find appropriate ways to protect themselves.
On the other hand, there are users who are often uninformed about threats and risks, so they need to be educated and helped to understand the seriousness of the threats and act accordingly. I don’t want to say that you should be paranoid, but you should consider when installing a new application whether certain rights to that application are really needed. Especially in a situation when the application asks us to send an SMS, MMS, or email in order to perform an action (say, to allow us to click on a link), we should ask whether it is a legitimate request or a cyber attack with a social engineering component. It would also not be bad to avoid public and unprotected WiFi networks, because they are quite easy to eavesdrop on and attack. It is good practice to protect yourself with encryption and strong passwords. Of course
In the end: there is no perfect security, but users can do a lot to increase the level of security of their mobile devices if they use them properly. We agree with him and thank him for the time he has set aside for us.
Do you agree? Are you using your mobile devices the right way? Will you apply any of the advices?