How hidden vulnerabilities will lead to mobile device compromises | SaltDNA

How hidden vulnerabilities will lead to mobile device compromises

26/05/2021 | Nicole Allen

Your mobile device can be hacked very easily without your knowledge. Even if an attacker can’t get into your device they can attempt to gain access to the sensitive information instead that is stored inside such as your places visited, emails and contacts.

Your mobile device can be hacked very easily without your knowledge. Even if an attacker can’t get into your device they can attempt to gain access to the sensitive information instead that is stored inside such as your places visited, emails and contacts. It's not just consumers who are targeted by cyber criminals, the rise of smartphones and tablets in the workplace and increase in remote working has resulted in hackers targeting businesses via their mobile device vulnerabilities.

Most individuals and organisations with very sensitive information, still do not take basic mobile security measures, even with the rising threats to our smartphones. According to a study by Intertrust on mobile security, the cost of mobile app hacks and violations will hit $1.5 billion by the end of 2021. Yet, network systems or even our desktop computers get more attention, with mobile device security continuing to be ignored by organisations across the globe every day.

Here are three ways in which a mobile device can be compromised

Unsecure Wi-Fi

When out and about, the free wifi sign is always something we’re looking out for, but it's best to ignore these networks the next time you come across a public Wi-Fi network that doesn't need a password. When using unsecured Wi-Fi networks, eavesdroppers will see all unencrypted traffic. Wi-Fi could be insecure in public places, such as cafes and airports, allowing malicious actors to visualise everything you do while connected.

Make sure you're connecting to websites using HTTPS. HTTPS ensures that correspondence to and from a specific website is encrypted, while a VPN service encrypts anything you send. Look at the address bar of your browser window to see if you're linked via HTTPS; you should see "HTTPS" at the start of the web address (or, on some web browsers there is a lock icon). Hackers have been able to obtain valid SSL certificates for sites with names that are slightly different from those of major financial institutions, as well as the HTTPS prefix.

Finally, using public Wi-Fi exposes you to session hijacking, which occurs when a hacker tracking your Wi-Fi traffic tries to hijack an open session you have with an online service (such as a social networking site or an email client) by stealing the browser cookies the service uses to identify who you are. Once hackers have your cookies, they can use it to impersonate you on these pages or even track you down.

Pay attention to the warning message your device is sending you to see if you're on an unsecured connection. An alert will pop up on iPhones saying that the identity of the server can not be checked and asking if you still want to connect. Before you can access Wi-Fi, you will be asked to press "continue". Despite this warning 92% of users click continue on the screen. In fact, your phone has a lot of very good technology built in to alert you when you are going to make a bad security decision. Be vigilant when connecting to free Wi-Fi, and avoid exchanging personal information, to protect yourself.

Malicious Apps

There has been a rise of 54% of mobile users who have got attacked through malicious apps over the past year. Apps add mobile functionality, but also increase the risk of a data breach, particularly if they are downloaded from websites or tweets instead of a secure app store. Malicious code that allows hackers to steal data could be hidden within apps, even ones that work.

The mobile technology ecosystem is enormous. Neither Apple nor Google will look at every single app in their store and decide whether or not it is malicious. You should restrict the number of applications you install in order to protect yourself - MDM security solutions can include computer implementations that require workers to use a VPN or a private Wi-Fi hotspot to connect to public Wi-Fi networks. Due to the increasing number of sophisticated cyber security threats. MDM is the key to a healthy, effective, and reliable mobile workforce.

What we call the attack surface on your phone increases the more applications you have. What this suggests is that there are more code lines and thus there is a greater occurrence of a security sensitive flaw in that amount of code.

Operating System Flaws

Vulnerabilities are identified as what lets attackers in, despite the best efforts of smartphone manufacturers. To protect users, device manufacturers release operating system updates frequently. All of those updates have very important security patches in them and people are concerned that maybe this will affect how they use their phone or if their phone will not be compatible with it.

As soon as the new updates are released, they need to enforce those changes. Hackers know about vulnerabilities after updates are issued and try to hack out-of-date devices. Nobody recovers from being hacked quickly. Although computers have always been vulnerable to attack, mobile devices are becoming a larger target for criminals to attack. Secure yourself by identifying the risks and making attempts to minimise them ahead of time.

You can start by protecting your most important business conversations and prevent your device from being compromised by using SaltDNA, to secure your messages and calls with your business contacts. With SaltDNA, organisations can take control back of your communications and eliminate the threats that can cause your organisation to be compromised through your employees mobile devices. SaltDNA works off the assumption that every network in the world is compromised and can work securely even on free wifis where other systems would fail. Sign up for a free trial of SaltDNA or to talk to a member of the team by contacting us on info@saltdna.com or visit our website at saltdna.com.

About SaltDNA

SaltDNA is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. SaltDNA offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. SaltDNA is headquartered in Belfast, N. Ireland, for more information visit SaltDNA.