Mobile

Mobile security threats to your iPhone and Android devices


Authored by a Symantec employee

 

According to a 2016 report published by Ponemon Institute, smartphone users often assign a higher value to the data stored on their mobile device than actual value of the smartphone itself. This logic also applies to laptops and tablets. Yet, while many people know they should secure the valuable data on their computers, they frequently don’t extend that protection to what’s on their mobile devices. Mobile technologies and apps are part of your daily life, giving you access to GPS, entertainment, storage, and more. In return, you often give these apps access to much of your personal information without taking the time to read and understand what information you’re allowing them to track, store, and share. When you choose not to protect your mobile devices, you can open yourself to various threats to your online privacy.

Why do you need mobile security?

As we store more sensitive information on our mobile devices, maintaining the security of that data becomes more crucial to our privacy. Personal photos, addresses, credit card info, passwords and phone numbers — can all be vulnerable to cyberthieves if they gain access to our unsecured phones and tablets.

OS attacks can exploit the gaps found at the operating system level. Mobile app attacks are frequently the result of bad development and coding. Malware attacks can corrupt your data or steal your passwords and other sensitive info, while ransomware can hold access to your computer, and the data stored on it, hostage. Attacks on communication networks happen when users log into an unsecured or faulty network.

Mobile security breaches are different from attacks that occur on desktops for two reasons:

  1. On mobile devices, users don’t really have to log on. And many people still don’t set up screenlocks on their smartphones. Apps, too, are often always on and running, making it easier for would-be cybercriminals to access data on many apps.
  2. Unlike desktop users, mobile users cannot easily see the entire URL of a site they are visiting, or a link they’re about to click on. This could make it easier for digital crooks to deploy successful phishing attacks.

Fortifying mobile security

There are steps that you can take to help ensure your mobile devices are secure. The first step is to know precisely what data is being collected by the mobile apps you use, including contacts, photos, internet data, and call logs. You should also understand how your sensitive data may be stored, used, or shared by these applications.

Mobile security for Android devices

The mobile threat landscape is continuously changing with new mobile malware and other threats as cybercriminals evolve their tactics for accessing your devices. It’s clear that our mobile digital data is in danger as hackers seek vulnerabilities, exploits, and more to compromise personal information. Often, much of the data stolen from mobile devices is then sold on the dark web. This part of the web is made up of hidden sites that you can’t find through a conventional search engine. Not to be confused with the dark web, the deep web is a bit different- the deep web is also hidden. It’s home to benign sites — people’s password-protected email accounts, the intranets run by businesses, the online bank account pages of consumers, government databases, and private sites that require users to type in a log-in name and password.

Here are some of the most common threats to Android devices:

Malicious mobile apps

A third-party app is a software application made by someone other than the manufacturer of the mobile device or its operating system. Malicious mobile apps are usually created to mimic the look and behaviors of popular apps, with the intent of fooling app users into thinking they are the real deal.

How to stay safe:

One way to minimize danger from third-party app stores is to avoid them. But, even if you do, it’s still possible to download an app from one of the official app stores that could expose your device to malware. Sticking to the Apple App Store or Google Play store is a safer bet.

Some mobile security products, like Norton Mobile Security can warn you of suspicious Android apps before you download them.

Mobile security for Apple devices

Different mobile device operating systems have different strengths and weaknesses. Therefore, different types of threats and mobile security solutions exist. Here are a few Apple iPhone and iOS mobile threats and security best practices for how to keep your devices, and the information stored on them, safe.

Trustjacking

Trustjacking is a fairly new threat for iPhone users. When you plug your iPhone into the USB port of an unsecured computer, iOS will ask if you want to trust the computer because it will have access to your data. Hence the name “trustjacking.” When you agree, this vulnerability can exploit an iOS feature called iTunes Wi-Fi sync, which is intended to allow iPhone users to manage their iOS device without physically connecting it to their computer.

How to stay protected:

Turn on USB Restricted Mode to make hacking more difficult.

Mobile security threats that can affect both Android and Apple devices

Spyware

Spyware is a type of malware that infiltrates your device, to damage your computer or to gain access to your sensitive information, often without your knowledge. Spyware gathers your personal information and relays it to advertisers, data firms, or external users.

How to stay safe:

Don’t open emails from unknown senders. Avoid downloading files from untrustworthy sources. Don’t click on pop-up advertisements and install and use reputable antivirus software such as Norton 360.

Public Wi-Fi

Man in the middle attacks are not operating system specific, so they are dangerous to both iPhone and Android users. Being on public Wi-Fi puts you at risk for man-in-the middle attacks, no matter what device or operating system you use. Often found on public or unsecured Wi-Fi, the “man in the middle” can capture a victim’s information as it moves from their mobile device to another device or a website. For example, a cybercriminal could intercept your emails or text messages on unsecured Wi-Fi. Most often, victims of MITM attacks aren’t aware that the attack occurred.

How to stay safe:

Use a virtual private network (VPN). A VPN creates a private network from a public internet connection. VPN services establish secure and encrypted connections to provide greater privacy than even a secured Wi-Fi hotspot.

Vulnerabilities in the operating system and built-in apps

Malware can sometimes contaminate your device via a weakness in the operating system. Software updates help combat these types of attacks. Two important reasons to update your software are to repair security holes that have been discovered and to fix or remove computer bugs.

How to stay protected:

Always perform software and app updates when they are made available by the manufacturer to ensure you have the most current protection available for your device.

Mobile phishing

A phishing scam is a type of fraud that can come in many different forms. These scams not only employ various online techniques such as fake emails and pop-up ads, but they can also include phone calls and text messages. The people behind these scams often use fear tactics to encourage victims to take the bait.

How to stay protected:

Be vigilant and aware of the communications you receive, whether by email, text, or even voice calls. Some phishing emails or texts might look unprofessional to you, using poor grammar or asking you to click links with odd-looking URLs. Never click on a URL in the message you receive. Instead, always visit the website in question by typing it into the URL bar of your web browser.

Tips to stay safe on any mobile device

  • Use different passwords for different mobile apps and sites. Make your passwords long and complicated, including letters, numbers, and symbols. To add a second layer of protection, enable two-factor authentication for each account.
  • Never use an unsecured Wi-Fi or Bluetooth connection, and turn off access when you aren’t using Wi-Fi or Bluetooth. With Bluetooth turned on, an Apple iPhone can recognize when another Bluetooth-enabled iPhone is nearby. This feature allows easy sharing of files, but could also allow someone to send malware to your phone.

It is possible to protect the data stored on your mobile device. By thoroughly understanding the risks and taking the proper precautions, you can maintain your online privacy and security. A smart solution for helping to boost your mobile security is by installing a reliable mobile security software for iPhones and Android, like Norton Mobile Security.

Victim of a data breach? LifeLock monitors for identity theft and threats.

Norton joined forces with LifeLock, we offer a comprehensive digital safety solution that helps protect your devices, connections and identity.


Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.