The arrival of the smartphone has been both rapid and revolutionary. Nowadays, smartphones are ubiquitous and central to most people’s lives. Whilst a lot of what we do with our smartphones is purely recreational, we also run a lot of important parts of our lives on mobile devices – such as online banking. This makes smartphones prime targets for cybercrime. In this feature, we look at the threats and explain the steps you can take to avoid them.
One of the central functions of a smartphone is as a personal messaging device, and a significant portion of the potential dangers come from all the different communications you might receive. You could be the recipient of phishing text messages, illicit friend requests on Facebook and LinkedIn, or even traditional scam emails. Depending on your smartphone platform, there is a potential problem from apps containing malware as well, just as there is with desktop operating systems. Most mobile phones, smart or not, are also now regularly deluged with voice calls, some of which could be aimed at obtaining personal information.
Whilst these communications may not be aimed at compromising your device itself, they can now follow you around wherever you are, making them potentially even more intrusive. The same caveats apply as with your desktop or notebook where links within emails are concerned. Unless you have complete faith that the sender is legitimate and who they say they are, don’t click.
Even then, hackers are increasingly good at emulating the appearance of legitimacy, copying the style and appearance of real bank emails for example. Whilst you can’t hover your pointer over a link on a smartphone to preview the URL, you can usually press and hold to see it without following it. If the URL is not from the domain of the company in question, don’t click. Similarly, never reply to spam SMS messages. You can also add the number of every unsolicited call you receive to a block list, so at least you won’t ever be bothered by that number again.
An obvious more general protection against vulnerability is keeping your smartphone’s operating system up to date, as dot releases are usually aimed at plugging security gaps and bugs. However, you should also be wary of whether a new operating system has a detrimental effect on your smartphone’s performance, so keep an eye on user feedback about new updates, rather than jumping in as soon as they are released.
Smartphones are particularly vulnerable to theft, with the spate of moped-related muggings in London a recent worry. Whilst these are primarily due to the value of the device itself, you don’t want a thief to have the bonus of access to your data as well. Biometric security is effectively compulsory on many smartphones now, but it’s well worth using when available in every case, whether in the form of fingerprint or facial recognition. Whilst a thief can snoop your numerical passcode over your shoulder, they’re not going to be able to copy your fingers or face with anywhere near the same ease.
If you are the unfortunate victim of a phone theft, or loss, there are steps you can take to help retrieve it or prevent it giving away your secrets. Find My Device apps let you track a phone’s location, trigger a sound so you can hear where it is when in the vicinity, and lock, erase or show a message when your phone is truly out of your reach. You will need to keep your phone’s location services turned on all the time for these apps to work – however, while always active location services will reduce overall battery life, it’s a price worth paying for added peace of mind.
Your smartphone could also be a threat to your company, if it has a Bring Your Own Device (BYOD) policy and allows personal devices on the local network. Any mobile device that has been compromised outside the corporate LAN might then be used as a beachhead into internal business systems whilst you’re using it at work. If you access company systems remotely, or your device has this facility loaded automatically and is stolen, it could give hackers access to internal data, making the provisions described above even more essential.
You should be careful when using a smartphone on public Wi-Fi, particularly for business activities. Cybercriminals have been cloning the SSIDs of public hotspots and putting their own insecure hotspots using these SSIDs in nearby locations, in the hopes that unsuspecting users connect to these instead. This can then be used to gain direct access to your smartphone and the data held on it. Traffic across the network can be snooped. This means work-related emails and bank details that you send over Wi-Fi could be picked up and used for identity theft, or to gain access to further systems.
A very effective way to ensure this doesn’t happen is to use a Virtual Private Network (VPN). This ensures that all traffic between your device and its destination remain encrypted, so that if anyone does manage to snoop the stream of data, they won’t be able to decode it. A VPN used to be something only big corporations had the infrastructure to provide, but is now much more widely available. With Kaspersky Secure Connection, for example, anyone can have their own VPN service for a small monthly fee, or even for free. Secure Connection works with smartphones as well as PCs and tablets, and the free Basic version allows up to 200MB of data per day, or 300MB when connected to a My Kaspersky account.
The smartphone has fundamentally changed our lifestyles, but also provided plenty of new avenues for hackers to gain access to our precious personal and company data. Nevertheless, by taking the steps we have described in this article, and by using software such as Kaspersky Secure Connection, your smartphone can be just as secure as your desktop.