Businesses and individuals increasingly rely on mobile technologies and applications to do anything from transferring money between bank accounts to turning on lights in living rooms. Our increasingly mobile world also provides opportunities for nefarious actors to exploit apparent weaknesses in these devices for their own gain. In response, tech companies have developed solutions designed to close loopholes, protect personal information and encrypt viewing history. It nevertheless remains to be seen whether consumers are either able or willing to use these technologies to better protect themselves.
An Evolving Problem
It’s sometimes hard to believe that making a telephone call once depended on a person’s access to a publicly-shared phone line. Thanks to the introduction of landlines societies rapidly adopted the telephone as their preferred means of communication. However, it was only when mobile phones emerged that we witnessed a drastic transformation in how we communicate.
The mobile phones of the 1980s and 90s didn’t just reduce the ability to make calls to a few clicks, they also paved the way for more disruptive technologies. In addition to being nothing short of a revolution in their own right, smartphones offer an array of once-unimaginable technological ‘luxuries’ that we now take for granted. The same is also true of the tablets, global positioning systems, wireless payment terminals and other devices that have made life increasingly mobile.
Much like telecommunications, the security challenges facing mobile technologies are also constantly evolving. Currently one of the easiest ways for criminals to obtain confidential information is through public WI-FI networks. These are rarely well-protected and often completely expose all data that users transmit and receive. A range of fake and malicious applications ‘virtually’ provide attackers with full access to the victim’s device. Once secured, the perpetrators can basically do anything they want, from stealing information to activating microphones and cameras to record and capture real time streams.
Cryptojacking represents a growing threat to mobile technologies. This occurs when an attacker takes over (ie hijacks) a victim’s device and utilises its resources to mine cryptocurrency. While the process might not have a direct impact in terms of privacy and personal security, cryptojacking nevertheless degrades the performance of mobile phones, drains batteries and may lead to overheating and physical damage.
It isn’t just users who fall victim to these types of attacks. SIM swapping is a relatively common practice that primarily targets carriers. This involves an attacker calling up a carrier and convincing them to transfer the number of a mobile phone to a SIM in their possession. Such an attack breaks the extra layer of authentication some systems offer their users by requesting a One Time Password be sent to the malicious actor. Once this happens, the attacker essentially gets full access to a victim’s phone and can start receiving calls and sending text messages free of charge.
Tech Responses
An evolving set of challenges require suitably robust and stealthy countermeasures. Virtual Private Networks (VPN) have rapidly become the frontline choice for securing confidential data on public networks. These basically create an encrypted channel through a network that prevents malicious actors from eavesdropping and obtaining ‘useful’ information. Initially the preserve of businesses, VPNs are now widely used by individuals that regularly access WI-FI networks, particularly when travelling overseas.
For their part, private sector organisations are increasingly looking to solutions that separate personal and business data. Mobile Device Management (MDM), for example, provides businesses with more granular control over the data employees process and store on their personal mobile devices. Mobile Threat Defence (MTD) applications take security a step further by not only protecting against known attacks but also using behaviour-based detection to anticipate threats.
Tackling Human Errors
Despite the best efforts of developers no software is permanently bulletproof and new vulnerabilities will be discovered in mobile applications. The common response entails rolling out patches and upgrades to fix these vulnerabilities. Unfortunately, users often ignore updates meaning that their mobile technologies remain susceptible to serious threats. This is ultimately why hijacking mobile technologies remains such a lucrative activity: humans are a platform’s Achilles heel.
The general - and most obvious - solution to most of these threats is awareness. Users need to regularly review both the applications they have installed and permissions granted. It is not uncommon for an application to request more permissions on a mobile phone than it needs to function. Consequently, users should determine whether applications really need access to cameras or microphones. Similarly, users should regularly review installed applications and remove those that are no longer needed. Put simply, old applications are not usually maintained and thus prone to vulnerabilities.
Users should be adequately educated on such threats and encouraged to follow best practices to prevent them. They should stay vigilant at all times and only interact with trusted sources.
(This article is submitted on behalf of the author by the HBKU Communications Directorate. The views expressed are the author’s own and do not necessarily reflect the University’s official stance).
