The inexorable cyber hackers are always on the hunt for their next big coup, and now the next target seems to be that small rock in the pocket called ‘smartphone’. This small rock has become the universe and hope it doesn’t end up being the graveyard for all.
‘Every passing minute, we are witnessing about half a million attack attempts that are happening in cyberspace’ says Derek Manky, Fortinet global security strategist.
As the number of mobile devices are soaring high so is finding the weakest link in the chain also increasing. What threats to mobile are most trending?
Apps that dig Corporate Information
Enterprises face a huge threat from the apps that dig corporate information beyond realization. The users and employees give away super sensitive information to these apps without thinking twice that they can give away their personal and corporate data. The same data can be sent to remote servers and other advertising networks, which are potentially exposed and easily accessible to the cyber criminals and mined by the hostile governments seeking access to confidential corporate information via hacking their networks.
Gartner says: By 2017, 75% of the attacks would be via apps and not through critical technical attacks on the OS.
Mobile payment Services
Mobile payment is no more a new term, in fact it has become as common as paying via cash or using your cards. Convenient, easy to use but have you forgot that a coin has two faces? With this endless advantages of being lucid and user friendly and on the go mobile cash there are severe risks associated with this system as well. The black hat hackers will not do it by breaching the payment processing algorithms but via analysis of the entire payment workflow and figure out the loophole. They will identify the bypass measures and vulnerabilities mostly leading to credit card information fraud, unauthorized use and extortion.
Using Infected Mobile device to infiltrate other devices
An infected mobile device allows the cybercriminals to easily breach an organization’s perimeter and directly attack all the devices on that particular network. It easier and much more faster for the hackers than penetrating a network through some other way. If the hacker anyhow manages to infect a mobile device and take control over it he can take two paths. Either he chooses the traditional path of stealing his contacts and sending texts or if the device is connected to a Wifi he can attack the additional systems on that network. So no matter whether you are connected to home Wifi, work Wifi or any Coffee shop with Wifi a single infected device in that entire network makes you vulnerable to the limit beyond imagination.
Mobile phishing / Device Hijacking
There has been a volcanic eruption of mobile devices and it seems no one is able to save themselves from the surge of its magma. Most of these handsets have preloaded applications and a slight negligence in the part of the validation team can lead to remote device hijacking. So we will expect to see quite frequent OEM security updates or patches. The man in the middle attack will also reach a new level with every new smartphone. New smartphone owners are usually not used to the security concerns, and may connect to unsecured AP/Wifi connections which don’t encrypt data communicating through that network. It is this time when the evil fingers penetrate the one who thought was unsusceptible to attacks! This may lead to severe data leakage like user credentials, etc through insecure apps which the hackers can eavesdrop, over a period of time.
Mobile web based Hacking
We will witness a tremendous increase in the rate of mobile web browser hacking in the coming months. Mobile based browser hacking is one of the most efficient ways to compromise the entire mobile device. Because exploiting the browser vulnerability enables the hacker to bypass myriad system level security measures. Like webkit based exploits enable the hacker to bypass a browser’s sandbox and this would be followed by the OS or kernel level exploits to access the crux of the system and gain full control over the device.
Malware has a clear progression these days they start with indulging the unsuspecting users who are more viable to open unknown attachments or install not known applications and they harness the user’s crucial information from that. Mobile malware follows the same footstep. Hackers use malicious apps to send premium SMS or other lucrative offers getting the users to install the malicious app and then the malware starts hunting for the bank credentials. The SlemBunk attack is one of the glaring examples of this type of attack. And these attacks time and again ensure that your mobile device need a complete security solution for the coming years.
THE ENEMY IS US… despite 24*7 reliance on mobile phone we don’t seem to get any smarter. And according to survey and stats the percentage of adults oblivious of the mobile security solutions has been constantly increasing. Experts agree that malware and mobile attacks will keep on increasing as more and more people keep packing their phones with rich and sensitive data. And the implications will be greater than ever coz there is already so much data out there that you just can’t go and get it back!
Or can you?
Relared Post: Cyber Threats You Should Watch Out For This Year
References: eSecurity Planet, Venture Beat, csoonline article.