We need to talk about smartphone security 5

We need to talk about smartphone security

Scammers, phishers and fraudsters regularly target PCs and laptops, but now they’re coming after our our smartphone security.

Alarmingly, new research shows we are less likely to know the dangers of smartphone attacks and are also less likely to secure our smaller devices against criminal scams.

As smartphones become ever more vital to daily life the risks associated with them have increased dramatically.

Everything everywhere except secure files

These pocket computers contain data on all the people we know, our social media profiles, online banking details and possibly work files and passwords too.

And yet it seems most owners remain blissfully unaware of the dangers.

A recent 360 Security survey exposed the fact that 81 percent of UK consumers did not consider mobile phones to be a target for cybercriminals.

And while 92 percent said they had antivirus systems on their PCs and laptops, more than half admitted they had not done the same for their phone.

Top tips to keep your phone safe

Fake apps are a big problem

Hackers are practical people; they follow the money. And we can tell you now, the money is in apps.

One of the key threats against mobile phones is the massive proliferation these apps.

Google Play recently announced downloads had reached 65 billion since the it was established.

Google’s rival Apple App Store was created in 2008 and since then 140 billion apps have been downloaded.

Any self-respecting cybercriminal will see this as a goldmine for exploitation.

Add in the fact that we as users remain wilfully ignorant about the dangers, then we’re not only drawing a big target on our backs, we’re inviting hackers to shoot, too. We need to talk about smartphone security 3

Avast’s security blog found that despite protections, malicious developers can still slip past Google Play security and get their fake app onto the platform.

All they need is a plausible-sounding name that references a well-known product like the traffic app Waze, pack it out with a few fake reviews, and they’re away.

How to spot a fake app

Check the number of ratings the app has. Normally mainstream apps will have thousands of ratings.

Keep an eye on the developer’s name – if it sounds unofficial or dodgy then steer well clear.

Pokémon Don’t: Fake apps mess with your smartphone security

Last year researchers discovered more than 215 fake Pokémon Go apps designed to cull users’ data once installed. We need to talk about smartphone security 4

One such spoof app was downloaded 500,000 times before it was discovered and warnings plastered across the net – but despite the alarm it was eventually downloaded 10 million times.

One fallout from the fake Pokémon apps was phones being infected with what are known as scareware adverts.

These lock up your device or browser temporarily, fooling users into thinking their phone is infected and getting them to pay for unwanted services.

We need to talk about smartphone security

Scareware hijackers targeted a JavaScript vulnerability in iPhone Safari browsers last month, prompting Apple to issue iOS update 10.3.

At the time malware researcher Lukas Stefano said: “The virus removal masquerade is only one example of the apps’ scareware techniques.

“They can also download other applications, create surveys and display scam ads where the user
allegedly won prizes, such as the new iPhone, Samsung Galaxy or even large amounts of money.”

Malware in games is a big issue

Malware embedded in gaming apps is so endemic that back in 2013 research suggested 90 percent of popular games like World of Warcraft, Minecraft, Runescape and League of Legends were infected.

That is a sobering thought.

We need to talk about smartphone security 2

This year saw the iconic Super Mario targeted by hackers. Jordan Pan from Trend Micro said: “Since 2012 we have found more than 9,000 apps using the Mario name on various sources online.

“About two-thirds of those apps show some kind of malicious behaviour, including displaying ads and downloading apps without the users’ consent. Since the start of the year we have detected these malicious apps approximately 90,000 times.”

Protecting your phone

The pace of mobile app development is, to say the least, frenetic. And for users sometimes bewildering. But there are a number of rules that if followed will greatly reduce the chance of becoming a crime statistic.

  • Just as you have with your PC, get security software for your phone. Your phone needs it. The most basic ones will scan your apps for anything amiss. Others are able to lockdown your phone remotely if lost and some can wipe data remotely.
  • Be careful of apps that are websites, especially if littered with ads.
  • Avoid third-party app sites or allowing your phone to install third-party apps. Instead use Google Play and Apple Store. While you might miss out on smaller developers it is relatively safer in the long-run.
  • Pay close attention to ratings and reviews. Especially other customer reviews. If a large majority were all written on the same day, or they are all glowing reviews be suspicious. Cybercriminals do employ people simply to write fake reviews of their apps.
  • Fake apps may also demand the user gives them a five-star review before they can download and use the app.
  • Examine the permissions that apps ask for. If there are too many requests or they don’t seem appropriate to the function of the app, be suspicious. Especially be wary if the app seeks access to your Device Manager.
  • Good housekeeping of your phone: it is estimated that 25 percent of all apps downloaded by users were only used once so maybe it’s time to go to your Application Settings and remove them.

It’s a sad fact of our connected lives but to stay safe you have to have a little natural suspicion.

Just because you’re paranoid doesn’t mean they’re not after you.

MAIN IMAGE: Bokeh composite


A veteran freelance journalist writing extensively on internet news and cybersecurity.
Back To Top