How to stop mobile Malware before the damage is done
The proliferation of mobile devices has given cybercriminals a vast and
growing new ecosystem to work with. And they’re starting to take
advantage of that opportunity. According to McAfee’s Threats Report:
Fourth Quarter 2011, the number of mobile malware samples jumped from
less than 150 in the third quarter of 2011 to well over 400 in the
fourth quarter.
“Cybercriminals are going for [mobile] because
people put a lot of identifying information on their devices,” says
Karim Hijazi, Founder and CEO of Unveillance, an IT security
intelligence provider. “But that’s a scary mistake because devices are
actually more vulnerable.”
Between the characteristics of
mobile devices that make them easy targets to the careless way that most
users handle security on them, the mobile landscape presents a vast,
simplified attack surface for cybercriminals to exploit. Here’s what you
need to know to avoid being a victim.
The soft underbelly of mobility
The relative newness of the mobile market combined with its rapid
growth has created two distinct vulnerabilities. The first is that
neither security awareness nor available technologies have caught up to
the market to protect devices. Second, apps are being developed at
record speed to feed voracious user demand, and hastily written code is
typically fraught with security holes.
On top of that, an
increasing number of apps rely on access to browsers in order to run,
but mobile browser platforms aren’t as hardened yet through use, trial
and error. So security isn’t being built into the apps or the browsers
on which they run (yet).
Small screen sizes are another factor.
Users may accidentally click on links or emails they intended to delete
due to the finger-to-text-size differential, a phenomenon known as “fat
fingering.” Also, small screen sizes may hide some of the signs that
might typically signify a lurking danger, like overly long URLs or a
lack of identifying credentials on a site.
Types of mobile attacks
The methods for attacking mobile devices are surprisingly run-of-the
mill. But this makes sense if you accept the prevailing theory that the
lines between smartphones, mobile devices and traditional computers are
blurring more and more.
- Email: The same rules apply to email on mobile devices as on laptops and desktop computers. Don’t open unknown emails and click links in them. You could end up on an infected website that loads malware onto your device.
- Browsing: Surfing the unknown Web can infect your device. Known as a “drive-by infection,” malicious sites lie in wait for web traffic to come cruising by, then load malware onto their visitors’ devices. You could end up on an infected site by clicking an unknown link in a display ad or even from a list of search results.
- Apps: Some innocent-looking apps may appear to be providing a simple convenience, but have insidious intent beneath the surface. Tricky coding in malicious apps can open a backdoor to your device and transmit your data back to another location. A more sophisticated app may even open a reverse proxy and gain access to your device’s file system.
You can better secure your device using a number of strategies—and most of them have to do with your own habits around how you treat your device.
“If you can get in the mindset that your device is just as subject to infection as anything else, that’s step one,” advices Hijazi. With that in mind, Hijazi offers the following advice:
- Do unto your device as you would unto your laptop: Basically, follow the same precautions around unknown emails, links or websites as you would when using your laptop or any other computer.
- Avoid unfamiliar wireless networks: Many people log into the nearest Wi-Fi connection to avoid racking up data minutes on their plan. But this behavior exposes your device to a murky pool of unknown users. Broad public connections, such as at an airport waiting lounge for example, have no security protocols in place, so it would be very easy for anyone lurking nearby with a device to spy on your activities and maybe even harvest some data.
- Don’t plug your device into any old computer (and vice versa): Keep in mind that many mobile devices are also storage devices. The same precautions that apply to unknown USB sticks apply to devices. You could unknowingly infect a computer even though you were just plugging in for a quick charge.
- Don’t download any old app: Look into prospective apps before downloading them to your device. User reviews are a good starting point. Conduct a web search on the app developer to be extra cautious.
- Turn on installation password protection: Don’t allow your device to download anything without your permission. Turn on download alerts and designate a password for all installations.
4 Comments
Be the first to comment!
Don't just read and walk away, Your Feedback Is Always Appreciated. I will always reply to your queries.
Regards:
Noble J Ozogbuda
Back To Home