Published: June 2, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
It’s pretty common knowledge that computers have vulnerabilities. Whether you are on a laptop or a desktop, use Mac or Windows, ultimately any of these devices can be compromised. Because of this, most people try to be cautious with how they access the Internet. However, when it comes to mobile devices, people have a bit of a different opinion. The reality is that mobile devices are far more secure than your basic computers and the risk of a common virus spreading on a mobile device is extremely low. That said, low risk does not mean no risk and like a regular computer, your mobile device can be compromised too.
The most important thing to understand about mobile devices is that the vast majority of the risk comes from the apps that you install. This is because unlike a PC, it's very difficult for a virus to simply spread from one mobile device to the next. The problem is that it’s not so simple to understand which apps are safe and which can put your device at risk. Over the years thousands of mobile apps have been discovered to actually be malicious. What makes this even worse is that the apps were being offered through the Apple App Store and through the Google Play Store for Android.
It turns out that while both Apple and Google do their very best to try and monitor the apps being offered through their stores, criminals continue to find new ways to trick Apple and Google, which allows the criminals to make their not-so-friendly apps available. This means that in some circumstances, you can literally go to one of the app stores and download an app that could ultimately lead to your phone being compromised.
Once a mobile device has been compromised via a malicious app, the damage that can be done can range drastically. For example, some malicious mobile apps are designed to simply gather information. This can be in the form of stealing your contacts, your photos, accessing your emails, tracking your location and in some cases even tricking users into providing login credentials for their online accounts which of course are passed back to the cybercriminals.
Another way in which cybercriminals attack with malicious mobile apps is through ransomware. Most people don’t realize that ransomware can target mobile devices just like it targets regular computers. Criminals have found a way. You see, instead of locking files on a phone and making people pay a ransom to gain access to those files, with mobile ransomware, the criminal actually locks the user from accessing the phone itself. With these attacks, the victim either pays the ransomware fee and is given access back into their phone or else they are required to wipe the phone and start over.
While ransomware and information gathering from malicious apps can cause serious problems, where things get really dangerous is when it comes to mobile apps being used to attack personal and corporate networks. If your mobile device is connected to your home or corporate network via Wi-Fi. That means that apps on your phone can also communicate with computers on that network and criminals have created malware designed to specifically attack those computers. For example, a malicious app is installed on your phone and one day you are at work and connect to the Wi-Fi access point. That mobile app can begin scanning for computers on that network and when it finds them, it will attempt to exploit vulnerabilities on those computers. Now keep in mind, that you are on the network and you have bypassed any firewall or other security devices that would generally block criminals from outside the network from gaining access to those computers that are protected on the internal network. So ultimately what this means is that your phone can become a launching point for hackers to attack both personal and corporate networks without you having any idea the attack is taking place.
Unfortunately, the only way to avoid these types of attacks is to avoid installing malicious apps. Downloading from the authorized app stores like Google Play and Apple Store is a great start. Most malicious apps are downloaded from third-party sites. Of course, no one chooses to install a malicious app so how can we tell the good ones from the bad ones?
First, don’t just assume that because an app has been downloaded thousands of times, that makes it safe. There have been numerous apps with 50,000 or more downloads that have turned out to be malicious. Instead, start by paying attention to who created the app. Obviously if it is a well-known company, you can feel better about installing it. Do research on the creator. Have they made other apps? How long have the apps been around and how are their reviews?
Another important thing to pay close attention to is the permissions that you are required to give to the app. For example, if you are installing a game, but it wants access to your contacts, this should be a red flag. The fewer permissions you have to give to the app, the more secure your information will remain. In many cases, you will have a choice between multiple similar apps. It’s best to look at each one and find out which will require the least amount of permissions to install and try to find apps that have been around for a longer period of time. While this is not a guarantee that it is safe, generally apps that are one or more years old, will be a safer choice than a brand-new app.
Mobile devices are far more secure than your regular PC, but the simple mistake of installing the wrong app can actually lead to a complete and total compromise of a corporate network. Remember to take your time and do you research before ever installing an app. When in doubt, talk to others who can give security insight before you choose to install a questionable app.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org