Get started on your cybersecurity degree at American Military University.
By Marissa Bergen
Ten years ago, we never thought of our mobile devices as being targeted by hackers. But with our increasing reliance on smartphones and tablet computers, cyber crooks have invaded this technology as well. While no one is immune to cyber attacks, remaining aware of the newer cyber threats is an important step in mobile device cybersecurity.
Because mobile devices are often used in close proximity to valuable information in the workplace, cyber thieves look to infect mobile devices with spyware. This tactic has proven successful with mobile devices that use iOS and Android operating systems.
Pegasus spyware, for example, can conduct surveillance on a victim. Another cyber threat comes from iOS zero-day vulnerabilities (security weaknesses discovered and exploited by attackers but unknown to the system owner). Attacks on these operating system vulnerabilities were designed to form an attack chain and override Apple’s strong security environment.
When Apple fixed these vulnerabilities in its 9.3.5 software patch, the thieves switched paths. They began attacking Android with a spyware that masquerades as a normal app; the app gains access to a device to conduct broad surveillance over time.
Google responded to these attacks by including Play Protect security within the Google Play Store.
Mobile Device Botnets
Botnets are another form of malware. They can infect mobile devices and allow hackers to control the devices without the owners’ knowledge.
The first mobile botnet was Viking Horde, detected by Israeli security company Check Point in 2016. This botnet worked on rooted and non-rooted mobile devices, using Internet Protocol (IP) addresses from a proxy server to disguise the real URL behind ad clicks and generate illicit revenue for hackers.
Since then, other botnets have followed suit, working to sell users’ details and entice users to click on ads that generate fraudulent ad revenue for hackers. While the botnets were first used for adware purposes, they are now opening security backdoors and increasing the potential of stealing sensitive data.
Because mobile devices are on all the time, botnets have 24/7 access to those devices. That makes their activities even more dangerous to mobile device owners.
Ad and Click Fraud
Ad and click fraud allow thieves to gain access to a company’s internal network. An unsuspecting user will receive a text message containing a link to a malicious app, which downloads itself onto the user’s mobile device after the user taps on the link. Although this type of cyber threat is common on desktop computers, it is now being used more often on mobile devices to steal credentials and gain access to internal networks.
This threat has the potential to spread spyware into an entire botnet so that millions of mobile devices can record a mobile phone owner’s every move. It’s wise to be suspicious of any unfamiliar links sent via email or text message and to check with the sender before responding.
Google and Apple Trying to Keep Up with New Cyber Threats
Although Google and Apple have taken measures to reduce cyber crimes, they are limited in what they can do. Companies should take steps to thwart these attacks by installing security software on all employees’ mobile devices. User behavior awareness and training are also effective ways to protect sensitive information.
It’s scary to know that cybercrimes have now grown to the point where our mobile devices are being infected. But awareness is a good first step in keeping our information safe in this increasingly unpredictable cyber world.
About the Author
Marissa Bergen is a freelance writer who comes from Brooklyn, New York. Passionate about everything from fashion to technology, her writing experience has increased her awareness of digital marketing, cybersecurity and the ever-expanding World Wide Web. She now lives in Los Angeles with her husband and two children. Google her to find out more about her writing and her other life as a bass player in her family band, The CheeseBergens.