Arguably, the most used device by an organization’s employees is their smartphone. Ensuring that anyone, from the CEO to a newcomer being onboarded, knows how to keep this device safe should be paramount.
Globally, more than 2 million attacks on mobile devices are reported each month, according to Statista. While the number of attacks has dropped precipitously from its peak of 6.5 million in October 2020, it is still dangerously high and a favorite threat actor attack vector.
The issue for an organization is that many allow staffers to use their personal phones for work-related activities. These can range from checking email to editing web pages or even making financial transactions. This usage means that an attack on a mobile device may lead to not only a breach of valuable personal data but corporate data, as well.
Most Common Mobile Phone Attacks
A mobile phone’s sophistication makes it handy for its user but also enables a threat actor to use a wide variety of techniques during an attack. These include implanting malware, man-in-the-middle attacks, phishing/smising, social engineering attacks, SIM Card swapping, and having fake, insecure, and unnecessary apps on board.
Compromising a mobile device using any of these methods opens the user and their organization to any number of future problems. Attackers can access and steal email addresses, phone numbers, login credentials for business apps and use them to gain direct access or give the attacker the information needed to launch additional socially engineered attacks.
Let’s take a quick look at each of the most common attack vectors.
Malware – Adware, spyware, crypto mining, and ransomware are most often implemented. Adware refers to a software application wherein an advertising banner or other promotional content is exhibited or downloaded while a program operates. Spyware is malicious software that infiltrates a user’s computer, collecting data from the device and the user, and subsequently relaying this information to third parties without obtaining their consent. Crypto mining uses software that helps create certain types of cryptocurrencies, such as Bitcoin. Threat actors use ransomware to lock a device or data until the victim pays the attacker.
Phishing/Smising – Sending a socially engineered email or text that contains malware or malicious links.
Main-in-the-Middle Attacks – This variety of attack is when the assailant covertly intercepts and forwards messages between two parties under the false impression that they are directly communicating with each other. This attack constitutes a form of eavesdropping in which the attacker intercepts and subsequently gains control over the entire conversation. This can be done through a website or even over a Wi-Fi network. The best protection is never to use Wi-Fi, just cellular Internet, whenever transmitting any sensitive information.
Social Engineering – This frequently used term describes when attackers send a message in an email or text designed to elicit a specific response, such as opening an attachment or clicking a link. This can also be done through a phone call. For example, a call beginning with the caller making the opening statement “Good morning, am I speaking with [Your Name]?” and nothing else, not his name, not his company, no reason why they are calling, is almost certainly a scam call and can be discontinued at this point without providing any further information to the caller.
SIM Card Swapping – Attackers convince a service provider that they are a customer and want to activate a new phone, requesting the provider port a phone number to the new device. Attackers will achieve a copy of all messages sent to a specific phone number and can spoof outgoing messages. This methodology is not widely used, about 1,600 such attacks were reported in 2021, but one should be aware of the possibility.
Fake, Insecure, and Unnecessary Apps – Sure, that new mobile game looks fun, but is it, in fact properly secured and safe to use? The insecurity of installed apps is the most common attack surface attackers use to install malware. And remember not all apps are downloaded by the user. Many phones come in their factory setup with useless and possibly dangerous apps. It is recommended to remove all apps from your device that are not explicitly useful.
Detecting When a Phone is Infected
There are many clues even a novice cybersecurity sleuth can look for to tell if their phone has been victimized.
If a SIM card switch has been conducted, the phone may remain silent for an extended period with no incoming text messages or phone calls and logically, you can’t make calls or send texts. One odd indicator is if you open Google Maps, it may show a different location than where you actually are at the moment since your phone is not communicating with the app anymore.
Other signs include:
Strange pop-up ads appearing, the phone sending unknown texts or calls, inexplicably high data usage, general performance decline, the battery draining quickly, constant warm from heavy usage, new apps appearing, and any security software on the phone indicating detection.
If you spot any of these signs, act quickly and attempt to remove the problem.
In most cases, the infection is contained to a specific app that has been compromised. Removing the app in this situation may be sufficient. Other situations might require restoring the phone to factory condition, but first make sure to back up all the information from the device.
Some malware may hide in the recovery partition, in those situations you will have to seek the help of a phone service center to clean the device.
Keeping Employees Safe
Here are a few tips to keep safe to pass along to employees or to include during onboarding training:
Encrypt your phone
Update your operating system (OS) regularly, as well as all the apps installed on your phone
Uninstall all unnecessary apps, be careful about which apps you install
Set a strong password on your phone
Do not connect to unsecure WiFi networks, do sensitive actions only over cellular data
Do not root or jailbreak your phone
Be careful about any links or files you access on your device
Restrict the use of Bluetooth.
Use anti-malware software
Remove unnecessary permissions for apps, avoid installing apps with unjustified greed for permissions
Regularly review the list of permissions on your phone, as well as the list of installed apps and whether they are up to date