Like personal computers, cell phones are vulnerable to cyber-hacking or virus attacks, which can corrupt personal data or misuse your cell phone. At present, 96% mobile phones are vulnerable to such attacks as their operating systems lack pre-installed security software.
In 2011, cyber attackers sent an application to share mobile pictures to thousands of mobile users, and the app secretly sent premium rate text messages from users’ mobile causing them financial loss.
A cyber hacker can access personal information and sensitive data, which mobile users often store on the device or social networking site and e-commerce apps.
The mobile security company, Lookout, tracked first mobile malware, GGTracker, in the US and RuFraud in Easter European countries, which could steal money from smartphone users.
Patrick Traynor, a researcher and assistant professor at the Georgia Tech School of Computer Science, says, “IT professionals, computer scientists and engineers still need to explore the variations between mobile and traditional desktop browsers to understand how to prevent cyber attacks entirely.”
What makes smartphone vulnerable to cyber attack?
Web address bar appears for a few seconds, and SSL certificate (which ensures a secure browsing) is difficult to find due to the small screen size of a smartphone. Users don’t get much time to ensure if they are at a legitimate website.
Touch screen feature makes a smartphone prone to cyber attack. A hacker can lure a user by sharing a malicious link in the form of an attractive display content, and the user can activate it with just a touch on the screen
Conventional mobile device operating system – iOS and Linux – use techniques to secure its resources. For instance, Apple, which debuted iOS, ensures that applications available for download in the App Store are verified.
You May Also Like To Read: Growing Risk of Cyber Attacks on FinTechs
But Malware, software that can disrupt a smartphone operating system, is also evolving simultaneously. ZitMo, a type of Malware, can attack Android users’ banking application, access authentication passwords and steal money.
Experts believe that a cyber attacker can enter into a company’s network too. A cyber hacker can implant malware in a smartphone and when its user charges the phone on the company computer, the hacker, using remote-controlled wireless connectivity technology, can attack the company’s network.
As far as the android platform is concerned, Android 2.2, the latest version, has enhanced security features, which helps a user unlock the device using a password or clears the data in case the device is lost. But it lacks safety measures too. The system can’t differentiate between an authentic programme and a malicious programme.
Is the risk of a cyber attack on the rise?
In the past two years, more than 2000 types of mobile malware such as trojans, viruses, botnets, toolkits, Malvertising and Worms have been found which can play havoc on anyone’s cell phone. They majorly attack Android apps because the verification process for apps available for download on GooglePlay is weak.
Hackers distribute malware apps in the GooglePlay in an attractive manner, or sometimes they create a copy of some favourite apps which users fail to make out.
Legitimate spy software, such as FlexiSpy, help people keep track on their children, but a cyber attacker can misuse the same to obtain personal data from the smartphone. Similarly, mobile e-commerce apps and advertisement libraries apps can also be abused for malicious purposes.
The malware was first designed in early 2004 with Cabir worm which didn’t cause any damage to phones however it proved that a mobile could be attacked and this gave serious cyber attack ideas to hackers.
It was followed by the development of first Android malware by a group of security researchers who merely wanted to highlight the flaw in the Android operating system.
Mobile services such as Bluetooth, MMS, SMS, file injection and downloadable applications widen the opportunities to attack surface.
Mobile users are careless about cyber attack
Users’ ignorance or casual approach towards their cell phone security is one of the biggest reasons why mobile malware is increasing alarmingly. Zero-day exploits have also gone up. A zero-day attack takes place when attackers use the flaw in the software before a developer fixes it. In 2010, 200 million malicious apps were programmed.
Bank and credit card information is cyber attackers’ first target. Symantec’s Internet Security Threat Report says, “black market forums pay top dollars for personal credit card data. The majority of this information is stolen through extensive botnet attacks.”
Cyber attackers either create a malicious app or insert malicious logic into authentic apps and circulate them though public app store. One such instance is of Pjapps Trojan, a malicious app that pretended as a legitimate app.
A survey on 1000 smartphone and iPhone users reveal that 56% view internet browsing through mobile phone is safer than the personal computer however 44% feels otherwise. 23% use security software for protection from cyber attack while 20% don’t show any trust in such software. Interestingly, half of them have experienced malware attack on their phones.
50% of the respondents also reveal that they receive spam emails, another form of cyber threat. Another 50% say that they are careless to open emails on their cell phones. Canalys, an IT research company, believes that the risk of cyber attack on mobile phones will push up mobile security market by 44% and mobile client security will witness 54.6% annual growth.
You May Also Like To Read: IoT Security Startup
Firewall, messaging security, anti-virus, web threat security, VPN functionality and encryption constitute mobile client security.
A culture of cyber security is important
According to Canalys, Presently, the U.S. and Canada are the leaders of mobile security implementation, but the Western European market will also grow with enterprising activities and consumerism.
Canalys says, “Mobile security investment will sharply increase in developing countries such as Latin America, Asia, Africa and the Middle East, due to the instant popularity of the price-sensitive operating system, Android.” Some experts believe, by the end of 2017, the investment opportunities in mobile security business will touch about $4 billion to $ 5 billion.
Mobile security experts say that instead of security measures in the device and operating system, telecom service providers should offer network security.
The biggest problem, view experts, is that majority of people don’t acknowledge their mobile phone has a threat from the cyber security. Until a culture of cyber security sets it, mobile phones continue to carry the risk of cyber attack.
Cyber security experts say that a policy on cyber security should emerge with collaborative efforts from specialists from a variety of disciplines. The society will get the benefit from such policies only when it will be formulated through a decentralised approach.
Some experts also suggest that mobile phone has many attributes that can be used for its protection. For instance, cameras available in the mobile phone can be used for facial recognition or iris detection so that only its authentic owner can unlock all its features. Similarly, the microphone can help detect voice.
What a mobile user should do?
An individual smartphone user can take precautions while downloading applications and surfing website. One should be very careful while using the Internet through the phone. Any attractive advertisements or picture inviting users to click on it can be very dangerous for your phone.
Besides this, it’s advisable to consult a cyber security expert who can advice suggest security measures depending on the operating system of the cell-phone.