Cyber Threats to Mobile Devices
Mobile devices are increasingly used in the same way as PCs, potentially making them susceptible to similar threats affecting PCs connected to the Internet. Since mobile devices can contain vast amounts of sensitive and personal information, they are attractive targets that provide unique opportunities for criminals’ intent on exploiting them.
Mobile devices have become an integral part of society and, for some, an essential tool. However, the complex design and enhanced functionality of these devices introduce additional vulnerabilities. These vulnerabilities, coupled with the expanding market share, make mobile technology an attractive and viable target. Mobile phones share many of the vulnerabilities of PCs. However, the attributes that make mobile phones easy to carry, use, and modify open them to a range of attacks.
Perhaps most simply, the very portability of mobile phones makes them easy to steal. The owner of a stolen phone could lose all the data stored on it, from personal identifiers to financial and corporate data.
Many seemingly legitimate software applications, or apps, are malicious. Anyone can develop apps for some of the most popular mobile operating systems, and mobile service providers may offer third-party apps with little or no evaluation of their safety. Sources that are not affiliated with mobile service providers may also offer unregulated apps that access locked phone capabilities.
Even legitimate smartphone software can be exploited. Mobile phone software and network services have vulnerabilities, just like their PC counterparts do. For years, attackers have exploited mobile phone software to eavesdrop, crash phone software, or conduct other attacks. A user may trigger such an attack through some explicit action, such as clicking a maliciously designed link that exploits a vulnerability in a web browser. A user may also be exposed to attack passively, however, simply by using a device that has a vulnerable application or network service running in the background.
Email phishing is a common attack on PCs, and it is just as dangerous on email-enabled mobile phones. Mobile phone users are also vulnerable to phishing voice calls (“vishing”) and SMS/MMS messages (“smishing”).
The consequences of a compromised smartphone can be severe. If the phone is stolen, attackers could use this information to access the user’s bank account or credit card account. An attacker could also steal, publicly reveal, or sell any personal information extracted from the device, including the user’s information, information about contacts, and GPS locations. Even if the victim recovers the device, he or she may receive many spam emails and SMS/MMS messages and may become the target for future phishing attacks.
Steps To Protect Your Mobile Phone
Following the best practices regarding mobile phone security can reduce the likelihood or consequences of an attack:
- Do not follow links sent in suspicious email or text messages, such links may lead to malicious websites.
- Limit exposure of your mobile phone number.
- Think carefully before posting your mobile phone number to a public website. Attackers can use software to collect mobile phone numbers from the web and then use those numbers to target attacks.
- Carefully consider what information you want stored on the device.
- Be choosy when selecting and installing apps. If the permissions seem beyond what the app should require, do not install the app; it could be a Trojan horse, carrying malicious code in an attractive package.
- Maintain physical control of the device, especially in public or semi-public places. The portability of mobile phones makes them easy to lose or steal.
- Disable interfaces that are not currently in use, such as Bluetooth, or Wi-Fi. Attackers can exploit vulnerabilities in software that use these interfaces.
- Set Bluetooth enabled devices to non-discoverable. When in discoverable mode, your Bluetooth enabled devices are visible to other nearby devices.
- Avoid joining unknown Wi-Fi networks and using public Wi-Fi hot spots. Attackers can create phony Wi-Fi hot spots designed to attack mobile phones and may patrol public Wi-Fi networks for unsecured devices.
- Delete all information stored in a device prior to discarding it.
What is spyware?
Spyware is also known as "adware." It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes.
How do you know if there is spyware on your computer?
The following symptoms may indicate that spyware is installed on your computer:
- you are subjected to endless pop-up windows
- you are redirected to web sites other than the one you typed into your browser
- new, unexpected toolbars appear in your web browser
- new, unexpected icons appear in the task tray at the bottom of your screen
- your browser's home page suddenly changed
- the search engine your browser opens when you click "search" has been changed
- certain keys fail to work in your browser (e.g., the tab key doesn't work when you are moving to the next field within a form)
- random Windows error messages begin to appear
- your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.)
How can you prevent spyware from installing on your computer?
To avoid unintentionally installing it yourself, follow these good security practices:
- Don't click on links within pop-up windows - Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the "X" icon in the titlebar instead of a "close" link within the window.
- Choose "no" when asked unexpected questions - Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select "no" or "cancel," or close the dialog box by clicking the "X" icon in the titlebar.
- Be wary of free downloadable software - There are many sites that offer customized toolbars or other features that appeal to users. Don't download programs from sites you don't trust, and realize that you may be exposing your computer to spyware by downloading some of these programs.
- Don't follow email links claiming to offer anti-spyware software - Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating.
As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action:
- Adjust your browser preferences to limit pop-up windows and cookies - Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited. You can adjust your privacy settings to only allow cookies for the web site you are visiting.
How do you remove spyware?
- Run a full scan on your computer with your anti-virus software - Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically.
- Run a legitimate product specifically designed to remove spyware - Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft's Ad-Aware, Microsoft's Window Defender, Webroot's SpySweeper, and Spybot Search and Destroy.
- Make sure that your anti-virus and anti-spyware software are compatible - Take a phased approach to installing the software to ensure that you don't unintentionally introduce problems.
FakeAV is a virus designed to look like real anti-virus software in the hopes that the victim will click a link and download a malicious package. The malware often does not stop there. Many FakeAV packages continue the con by disabling true anti-virus packages claiming that they are harming the system they are intended to protect. These viruses come in many forms but are well crafted to present like a trusted virus prevention source such as the example above.
What to do when presented with a suspicious AV Warning?:
If your computer presents a virus warning that is not clearly part of your installed anti-virus software (Here at Middlebury that is Sophos Anti-Virus) you should power off your computer without closing any windows. A hard shutdown is the most secure way to guarantee that Fake AV will not be installed on your computer. Even closing the window has the potential of installing the most well-crafted FakeAV downloader.
Where does this FakeAV come from?:
Most of this malware comes from what are often termed drive-by attacks. In other words, you may visit a web site that has been compromised or that is hosting a third party advertisement that has been compromised. It is nothing that you have done but the active content on many of these sites provides the opportunity for these attackers to pop-up these attacks on your system. The good news is that unless you interact with the threat or the site directly there is little risk to your system from these FakeAV attacks. The down side is that some of these attacks are becoming harder to distinguish from a true Microsoft warning or other messages. Here at Middlebury we use Sophos AV. At Home you should know what kind of AV software you have installed and what the warning messages will look like.
Learn more about safe computing at: