Smartphones are an indispensable tool for many people, it becomes the most personal computer of all personal computers. The realization of information at your fingertips that Bill Gates was selling way back from the mid-’90s, but only came to the mainstream market in 2007 with the release of Apple’s first iPhone. Although smartphones are now considered essential to everyday computing life, there are surprisingly few people who are paying attention to its security. Most people are uninterested in the topic of security, despite the fact that there are many people who get out of their way with installing antivirus apps on Android, even though Google already bundled it with Google Play Protect by default. However, as long as smartphones are connected to the Internet, these devices are always be targeted by malicious parties.
With the advances with mobile technology, even operating systems that run on these devices became very complex as new features are added. However, beyond Google Play Protect, which automatically scans for malicious apps from the device and uninstall it as needed – there is no preventive security feature for Android that is user accessible. iOS in Apple devices, in fact, is too locked down for an end-user to do any customization. Both iOS and Android are projected to grow, both on the number of actively in-used devices in the public space, but also in terms of how large their installation footprint in gigabytes.
Unfortunately, there are no smartphone or tablet today that has the capability to warn the user automatically if the device is receiving an excessive number of pings, or queries (AKA DDoS). These devices are basically dumb when it comes to warning users that something is wrong with the Internet communication, the packets it receives from a wifi or data connection, and its incapability to interpret what it receives as malicious or not. Artificial Intelligence is needed in order to implement such “futuristic” features to our smart devices. Android and iOS claim to AI is only limited to search assistants Google Assistant and Siri, respectively. Though entertaining and cooperative, we are still very far from Science-fiction level AI-rich device.
So what can we do to secure our devices, while waiting for an actual AI doing the security job for us? The key is understanding the risks when using a smartphone when connected to the Internet, we laid-out five common pitfalls:
1. Phishing
In addition to ransomware, phishing scams are one of the threats to websites. Although the number has decreased in recent years, the amount of damage has become very large. Phishing scams are fake SMS and online banking websites that are designed to look like the real thing, for the purpose of stealing information from the unsuspecting user. Making a fake website is also a method as well, which at first glance cannot be distinguished from the real thing. While threats such as malware target devices, phishing scams do not matter devices. If you are victimized, the information will be entered through a web browser, etc., so the target will be “people”. This is different from previous threats. Phishing techniques are becoming more and more sophisticated every year. It is the fact that the measure is becoming difficult to detect, as phishers improve their language and web development skills as well as any legitimate web developer.
2. Malware-loaded Apps
Rogue apps are primarily security threats found on Android. As its name suggests, adware that displays malicious advertisements and fraudulent applications that target online banking has also appeared as malicious applications. Many rogue apps are adwares that display advertisements that users do not want. The background for this adware being developed is that you may be rewarded by app developers by letting users install rogue apps via ads. If it becomes malicious, the app may be installed without the user’s knowledge.
In addition, there are also foreign countries that try to steal Internet banking one-time passwords. By hijacking SMS that arrives on smartphones and stealing one-time passwords received from banks, criminals attempt to access Internet banking with their ID and password obtained in advance through phishing scams and the like. The purpose of such fraudulent apps is to receive money. However, it is horrible to not choose the means to achieve this purpose.
3. Ransomware and other newly developed malware
Smartphones, like PCs, have malware problems. With the spread of smartphones, this malware problem is growing. Malware is also evolving year by year, and which became a household name in recent years is Ransomware. It caused a great deal of damage on personal computers, and the encrypted files can only be unlocked by paying the ransom, some variants also infect smartphones.
There are two types of ransomware on smartphones. One is “file encryption type” and the other is “terminal lock type”. In “File encryption type”, files are encrypted after being infected by ransomware and become unreadable. It is a common phenomenon on computers, but once infected it will be almost impossible to restore files. The other is the terminal lock type, this is a common phenomenon on Android phones, but the device is locked and can not be launched.
Ransomware infection routes are mainly transmitted via a dodgy website. On computers, email attachments may cause infection, but smartphones such as Android are expected to be infected from websites. The website with embedded ransomware is at first glance indistinguishable from the usual one. It is a bothersome thing that it is difficult to take measures easily.
4. Fraudulent websites
Some fraudulent sites are like winning scams and entrance fee scams. The former pop up suddenly when you visit the site and displays a “winning message”. After that, they try to extract credit card information in the name of a questionnaire. In this way, we take advantage of the site visitors’ mood and conduct fraud.
In addition, the latter’s entrance fee fraud is mainly conducted at adult sites. When you push the age certification or image button, a message such as “Registration complete. Please pay the enrollment fee” will be displayed. In addition, the message “If you do not pay within the period, you will make a trial through a lawyer” may be added and displayed, and in some cases, you may be upset by activating the camera’s shutter sound and vibration function. If you pretend to identify an individual and call your support contact, you will be asked for a variety of information to identify you. If you give us your phone number or email, you will be very vicious, such as persistently making payment reminders.
5. Browsing Non-Encrypted Websites through Public Wifi
Public Wi-Fi used casually in public facilities such as cafes and stations. But, in fact, this is also exposed to the threat of security breaches. Therefore, the latest attention is required when using it. Public Wi-Fi is not encrypted in the communication to the access point. For example, in the case of mobile tethering, etc., the communication is encrypted, so it is impossible to steal the contents. Because of this, trying to steal data is a waste of work.
However, public Wi-Fi communication is not encrypted. Then, a malicious person can intercept communication and know the contents of the communication. If you enter an online banking site with your username or password via public Wi-Fi, there is a risk that the content will be stolen. Public Wi-Fi is very convenient, and you can also reduce the amount of data communication on your smartphone. However, on the other hand, you need to be aware of the risks. We recommend subscribing to a VPN service, in order to make public wifi as private as your home wifi.
Related Resources:
FBI Warns Against TLS-based Phishing Websites
Chrome Scrolling Bug May Expose Users To Convincing Phishing Attacks