In this article, we start a series on the top threats to smartphones. There are a number of them, and we will be examining them in detail. We start off with data leakage and unsecured Wi-Fi hotspots.
This is not a direct attack by a cyber attacker per se, but rather it is a flaw in the mobile app itself. Other than communicating with one another, we also use our smartphone extensively in order to download mobile apps. These are small software packages which can be downloaded from either the Apple Store or Google Play.
In these instances, the top threat for smartphones is what is known specifically as “riskware”. These are mobile apps which are free to download, and it usually has been advertised somewhere on a mobile ad. But the customer does not know that these kinds of mobile apps have actually not been tested for any kind of security. Apple and Google usually scrutinise every mobile app they receive from software developers before they are uploaded onto their respective stores.
Because these free apps have not been tested, they very often contain malicious code which makes its way into the smartphone of the customer, and from there, the cyber attacker can then get to all the stuff they want to in order to launch an identity theft attack, without you even realising it. For example, “. . . these free apps perform as advertised, but also send personal – and potentially corporate – data to a remote server, where it is mined by advertisers or even cybercriminals.” (SOURCE: 1)
Unsecured Wi-Fi hotspots
When we initially purchase our smartphone, we normally get a certain amount of data in our plan. This simply means that we have an assigned number of gigabits of data we can use to access the Internet before we have to pay any overage charges if we go over. Typically, this is the range of:
- 2-5 gigabytes for an individual plan;
- 15-20 gigabytes for a family plan;
The average consumer actually consumes about 12 gigabytes per month.
Truth be told, just as much as our smartphone is our most prized possession, second in line from that is the data plan that we have it. It can be likened to that of fuel which drives our smartphone consumption, and of course, wherever we at, we always want to try to conserve the amount of data so that we do not go over and pay extra.
So as a result, whenever we can, we always try to make use of free data whenever and wherever it is possible, such as that in a public place like Starbuck’s or Panera Bread. These places provide what is known as a “Wi-Fi hotspot”.
The cyber attacker is fully aware of this approach in human thinking (which is actually a huge vulnerability), and thus this is where they try to capture the actual transmission of information and data from your smartphone to the free data “hotspot” at the public location. Believe it or not, this line of communications is not secure by any means, so it is extremely easy for the cyber attacker to easily capture your passwords and financial account information (such as credit card numbers, etc). These are also known technically as “man in the middle attacks”, because the cyber attacker is literally in between the line of unsecured communications between your smartphone, and the public Wi-Fi hotspot.
Our next article will continue to examine the top threats to smartphones, focusing upon network spoofing and phishing emails. We will finish this series by examining various methods you can take to avoid these threats, and to protect your smartphone.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.