Your smartphone is your daily companion. The chances are that
most of our activities rely on them, from ordering food to booking
medical appointments. However, the threat landscape always reminds
us how vulnerable smartphones can be.
Consider the recent discovery by Oversecured[1], a security startup.
These experts observed the dynamic code loading and its potential
dangers. Why is this a problem? Well, the Google app uses code that
does not come integrated with the app itself. Okay, this might
sound confusing, but it all works in favor of optimizing certain
processes. Thus, Google exploits code libraries pre-installed on
Android phones to reduce their download size. In fact, many Android
apps use this trick to optimize the storage space needed to
run.
As revealed by Oversecured, perpetrators could compromise this
retrieval of code from libraries. Instead of Google obtaining code
from a reliable source, it could be tricked into taking code from
malicious apps operating on the device in question. Thus, the
malicious app could gain the same permissions as Google. And the
latter giant typically gets access to your email, search history,
call history, contacts, and more.
The scariest part: everything can happen without your knowledge.
Let’s discuss other spooky threats currently daunting mobile
devices.
Top Mobile Security Threats
Data Leaks
When you download a new app on your smartphone and launch it,
you must pay attention to the pop screen that appears. It is a
permission popup, the request of providing a few permissions to the
app. Sadly, granting extensive permissions to dangerous apps can
have severe consequences[2]. Hackers can hack the
database where all this information is stored, and all your data
can be leaked.
But, with some recent development in Android 11 and IOS 14,
users can deny unnecessary permission requests or even grant them
for one time only. Never give apps all the permissions, see what
permission they need to run, and grant only those.
Therefore, it is crucial to protect the device by not using any
public Wi-Fi hotspot. Remember, never get lured by a “Free Wi-Fi”
hung hanged in any coffee shop, restaurant, or hotel.
Spyware Pretending to be an Update
Bug fixes, longevity, and overall safety boost are the three
main reasons why you should always update your OS. However, there
are cases when you must fight this instinct. If you find a random
application called System Update[3], be wary of its true
nature. As reported, this malicious Android threat pretends to be a
system update. Sadly, its true intentions are much more sinister.
Once installed (outside Google Play, which is already a dangerous
practice), the app starts stealing victims’ data. How? Well, it
connects to the perpetrators’ Firebase server, the tool used to
take remote control of the infected device.
What can this spyware steal? Basically, anything. Your messages,
contacts, browser bookmarks, and more are up for grabs. An even
more frightening reality is that it can record phone calls, monitor
your location, and steal photos.
Malware via SMS Messages
We all know the feeling of receiving bizarre SMS messages. But
sometimes, such attempts are nothing but social engineering scams.
A recently discovered TangleBot is one of the recent examples,
stepping into the mobile threat landscape.
Apparently, the malware gets distributed via fake messages sent
to users across the US and Canada. Mostly, they provide certain
COVID-19 information and urge recipients to click on embedded
links. If users click on the link, they are led into a website
urging them to install an Adobe Flash update. If you decide to
install it, TangleBot proudly enters your system. What can it do?
Many things, from stealing data and taking control over certain
apps.
How to Defend Your Device?
- Use updated operating systems. Use only the
latest operating systems like Android 11 and 12, as they have the
newest security codes. However, install updates from reliable
sources only. A random app floating online is not the right choice
to keep your device up to date. - Firewalls. Always have a firewall securing
your device. It works like a regular firewall. When your mobile
device sends a request to a network, the firewall forwards a
verification request to the network. Additionally, it contacts the
database to verify the device. - Be careful on app stores. Even if you trust
Google Play Store, do not install every app available. It is a
known fact that many applications available are far from reliable.
For instance, you could accidentally download cryptocurrency mining
malware, banking Trojans, or intrusive adware. - Use a VPN. If you are in a position where you
cannot avoid the use of public Wi-Fi, you need to download VPN[4] apps. They will hide all
your activities from hackers lurking on the network, and it will
protect your sensitive information. - Do not jailbreak your device. iPhones can be
somewhat restrictive. Thus, many might consider jailbreaking them
to get the opportunity to customize their devices. However, a
jailbroken smartphone is more vulnerable; you will likely lose your
warranty and struggle to install the necessary updates.
The mobile threats are evolving with time, and they will keep on
improving further as well. But that’s not what we have to care
about. The only thing that needs our concern is our security and
privacy. Therefore, one must take all the precautionary measures to
evade potential danger.
References
- ^
discovery by Oversecured
(blog.oversecured.com) - ^
have
severe consequences (cybernews.com) - ^
application called System Update
(techcrunch.com) - ^
download VPN
(atlasvpn.com)
Read more https://thehackernews.com/2022/06/overview-of-top-mobile-security-threats.html