COVID-19 has made us rethink the way we work, adjusting how we socialise and adapting to contact tracing regulations. With a new reliance on our mobile devices in multiple aspects of our lives, mobile security vulnerabilities, exploits, and threats have evolved significantly during the pandemic.
There have been numerous reported cases of fake, malicious versions of the Indian government's contact tracing application, Aarogya Setu. They piggybacked on the legitimate app and carried spyware that gave attackers access to smartphone data.
With mobile devices and apps becoming increasingly important in a contactless world, they have started receiving extra attention from cybercriminals. As a result, cyber threats against mobile devices have gotten more diverse. Let’s look into the types of mobile security threats and how you can protect yourself and your loved ones.
Top Mobile Security Threats
1. Malicious applications & websites
Mobile malware has evolved and grown prevalent equally alongside the increasing capabilities of our mobile devices. In India, the shift to remote work during the Covid-19 lockdowns saw a dramatic expansion of mobile-related attacks.
Like desktops, most mobile devices today have internet access. This allows threat actors to target them through malicious apps and websites, resulting in data theft, data encryption, surveillance, etc. In 2020, the mobile malware with data-stealing capabilities named “BlackRock” spurred the government to put countermeasures in place. This incident only provides a hint to the evolving mobile threat landscape.
Furthermore, these apps come in a range of different types. The most infamous among these smartphone apps are trojans that pose as popular apps only to try to obtain private login credentials illegally.
2. Mobile ransomware
In India, mobile security is a priority because of the increasing number of workers forecast to work outside the office in the near future. Among the constantly evolving mobile security threats that exploit our reliance on mobile devices, mobile ransomware, in particular, has grown to be particularly damaging. It encrypts personal data and files on your mobile device and then demands a ransom to release the decryption key that can restore access to the encrypted data.
3. Phishing
One of the most common attack vectors, phishing, enables other forms of cyberattacks. Such attacks usually begin with a phishing email that contains a malicious link or attachment containing malware. 76% of Covid-19-related cyberattacks reported in India involved the use of phishing emails. On smartphones, phishing attacks can exploit a range of media for delivering malicious links and attachments, which include email, SMS, trojan apps, and even social media platforms.
4. Man-in-the-Middle (MitM) attacks
Man-in-the-Middle (MitM) attacks revolve around attackers intercepting your network to eavesdrop and modify the data being transmitted. While this form of attack is possible on different systems, mobile devices are particularly susceptible to it. Unlike desktops, where web traffic uses encrypted HTTPS for safe communication, mobile devices do not use such encryption for services such as SMS. As a result, these messages can be easily intercepted through malicious mobile applications using unencrypted HTTP and can be used to transfer personal information.
5. Advanced jailbreaking & rooting techniques
Jailbreaking, much like rooting, is a term for gaining root (admin) access to the underlying operating system (OS) of the device. It involves taking advantage of vulnerabilities in your mobile device's OS to gain admin access to it. This increased permission enables threat actors to access more data and inflict greater damage than others with limited permissions can.
How to protect yourself from mobile threats
As the mobile landscape rapidly expands and diversifies, the scope for newer threats keeps rising too, prompting a need for mobile security solutions. This is especially true as remote working arrangements make these devices a more popular and crucial component of work. An effective mobile threat defence solution needs to be able to detect and respond to a variety of different attacks while providing a positive user experience.
For more robust mobile protection, ESET Mobile Security provides anti-malware, app-lock, and anti-theft features, along with offering a 360-degree view of security across mobile devices.
At the same time, don’t neglect to protect your desktops and laptops either. Powerful antivirus software such as ESET Smart Security Premium and ESET Internet Security can keep your devices safe from ransomware attacks and data breaches.