Since the iPhone launched, in 2007, smartphones have become an essential part of everyone’s lives. Unfortunately, this also means that, while smartphones allow users and businesses to stay connected, they also store a huge amount of data, making them an attractive target for cybercriminals.
Attacks on smartphones can happen in various ways, including via what’s known as “spyware” — malwareSchadsoftwaremalware that allows someone to see everything you do on your device — as well as maliciousböswillig; hier: schädlichmalicious apps and SIM swapping scam (ifml.)Simkarten- Swapping (Identitätsdiebstahl im Zusammenhang mit einer Mobiltelefonnummer)SIM swapping scams. All of these types of attack can be extremely damaging and potentially lead to real financial losses. In addition, there are privacyDatenschutzprivacy implicationAuswirkungimplications of smartphone use, with multiple companies collecting customer data and, in some cases, selling it to advertisers.
Smartphones face a wide range of threats that can have serious consequences — including identity theft. Dr Klaus Schenk, vice president of security and threat research at the cybersecurity firm Verimatrix, told Business Spotlight: “Banking, retailEinzelhandelretail and airline apps are be vulnerable to sth.für etw. anfällig seinvulnerable to abuseMissbrauch, missbräuchliches Verfahrenabuses that can drain sth.etw. entleeren; hier: abziehendrain money from accounts.” For businesses, the consequences of smartphone attacks can span sth.etw. umfassenspan multiple vectors. The falloutnegative Konsequenzenfallout from a successful hack can include the theft of sensitive data, regulatory finebehördliches Bußgeldregulatory fines — and the (often incalculable) costs resulting from the loss of customer trust and reputational damage.
Banking, retail and airline apps are vulnerable to abuses that can drain money from accounts
Hacked accounts
Inadequate security can allow social media apps to be hacked by attackers look to do sth.hier: beabsichtigen, etw. zu tunlooking to take over accounts, spread spam or malware, and steal data. Jake Moore, adviser at the Bratislava-based cybersecurity company ESET, describes how a friend’s Instagram was hacked because she had used the same password across multiple apps. “The hackers changed the corresponding number and added two-factor authentication to lock sb. outjmdm. den Zugriff verweigernlock her out.”
The attackers even gained access to her email account, which was also protected by the same password, and set up a rule to delete sth.etw. löschendelete any correspondence from Instagram automatically. Moore removed this rule and tried to regain control of the account, which he managed to do after multiple attemptVersuch, Anlaufattempts, he explains.
Another form of attack is the SIM swapping scam. While easy to carry out, they can be very damaging. In his rolehier: Funktionrole as a security researcher, Moore has carried out SIM swap attacks (with the client’s permission) to test cyber-defences. A SIM swap attack starts with a call to the mobile-phone provider, in which the attacker claims to be the victimOpfervictim. “Attackers will use a story such as losing the phone, and the helpful person on the end of the line will only ask for a name, phone number and two digitZifferdigits of the security PIN code,” Moore explains. “I was able to guess my way through this security and was even helped by the customer service agent when I got one of the numbers wrong.” Once past security, Moore asked to have the phone number port sth.etw. portieren, übertragenported to a new SIM card, which he had installed on his spareErsatz-, Zweit-spare phone. Moore requested all SMS two-factor authentication codes associated with the accounts by clicking the “forgot password” link. “Within two hours, I had control of his phone number, his texthier: Textnachrichttexts and calls, email and social media accounts,” Moore says. “I even had access to edit sth.etw. bearbeitenedit his website.”
Android vs iOS
Most phones today are either iPhones, running on iOS, or other devices that use Google’s Android software. These two operating systemBetriebssystemoperating systems are very different, and there are security pros and consVor- und Nachteilepros and cons to each. Apple devices tend to have more secure apps, as these are part of a locked-down ecosystemhier: Umgebungecosystem. Apple’s App Store does not allow sideloadingSideloading (Möglichkeit, Anwendungen aus nicht regulierten Quellen zu installieren)sideloading and enforce sth.etw. durchsetzenenforces tight rules on apps. As a result, the apps are less likely to contain malware, Schenk explains. Google Play Store, on the other hand, allows apps to be downloaded directly from other sources. From a security standpoint, such an environmenthier: Umgebungenvironment is more difficult to control.
The advantage of the Android operating system is that it’s open-source and, therefore, more flexible and customizableindividuell anpassbarcustomizable, says N’yahh Crooks, senior IT analyst at Toro Solutions. Google bolster sth.etw. unterstützenbolsters security on Android devices by offering malware scanning, he says, while apps are scrutinize sth.etw. eingehend prüfenscrutinized for security vulnerabilityVerletzlichkeit; hier: Schwachstellevulnerabilities before being made available to users. However, Android is used on a very large number of devices made by various manufacturers, which can lead to delayed or inconsistentnicht übereinstimmendinconsistent security updates, Crooks explains.
When it comes to logging in, Android and Apple smartphones both have advanced biometric authentication methods, such as fingerprint scanning and face recognition. Privacy features are available on both types of device, allowing users to control the data that individual apps may access, Crooks says. Meanwhile, if your Android phone is ever lost or stolen, Google provides an app and website called “Find My Device”, which lets you find your device, secure it and erase sth.etw. löschenerase all data, says Crooks. Apple’s anti-theft tool is called “Find My iPhone”.
The built-in protections are sufficient if they’re configured properly
Security and privacy on smartphones
On top of these built-in features, experts offer a number of security and privacy tips to keep phones safe. Always apply the security updates when they become available, says Gaël Duval, founder of a non-profit Android operating system called /e/OS and the CEO (chief executive officer)Geschäftsführer(in)CEO of Murena, which has created a “Google-free” smartphone. “They often contain critical security updates that address new vulnerabilities,” he says.
Businesses can employ mobile-device management (MDM) tools for company phones. For certain businesses, the iPhone has a tool called Lockdown Mode, an extreme protection feature to protect those at risk from spyware. However, as this also reduces the functionality of the device to a minimum, it is a last-resort measureMittel der letzten Wahllast-resort measure.
To avoid being be caught out (ifml.)erwischt werden; hier: Opfer werdencaught out by malicious apps, install apps only from the official stores, primarily App Store or Google Play, says Schenk. “Carefully review ratings and reviews before downloading,” he adds. “Manage app permissions and monitor sth. for sth.etw. auf etw. hin kontrollierenmonitor for abnormal battery drainBatterieentladungbattery drain or overheating, which could indicate sth.auf etw. hindeutenindicate malware on your device.” You can access app permissions in your device settingEinstellungsettings. Watch out for any apps that request unusual permissions and make sure you revoke sth.etw. widerrufenrevoke any that don’t make sense. Some permissions may be simply unnecessary — a weather app doesn’t need to access your contacts, for example. Users in the DACH region should exercise additional caution with popular apps, such as free virtual private networks (VPNs) or PDF viewers, as their prevalence(weite) Verbreitungprevalence makes them targets to distribute malware, Schenk explains. “Research shows many free VPN and PDF apps contain malware, despite positive reviews.” He says that about 70 per cent of VPN apps, including those source sth.etw. beschaffen, beziehensourced from official app stores, contain “concealedverborgen, verstecktconcealed malware”. Globally, Germans rankrangieren, einen Rang einnehmenrank highly in their usage of free VPNs, he says. “The distinctausgeprägtdistinct inclinationTendenzinclination observed in the DACH region, particularly in Germany, towards the adoptionhier: Einführungadoption of seemingly benignharmlos, ungefährlichbenign software with hidden malware, amplify sth.etw. verstärkenamplifies the potential for cybersecurity risks.”
Security software is available for smartphones, which can be useful for businesses that use Android smartphones, but it’s not usually necessary for individuals, Schenk says. “The built-in protections provided by the iOS and Android platforms are sufficientausreichendsufficient if they are configured properly.”
TOP TIPS FOR SMARTPHONE SECURITY AND PRIVACY
- The easiest way to keep your smartphone secure is to keep it updated with the latest software. Automatic updates offer maximum protection. According to Pew Research, three per cent of people never update their phone’s software.
- patternMusterPattern locks are convenientkomfortabel, praktischconvenient but not very secure. If you use one, clean your screen regularly.
- Use multifactor authentication — a factor such as Face ID or Touch ID in addition to a PIN. Employers can request that workers install multifactor authentication apps to increase security on other devices, too.
- If workers use private devices for work, companies should implement MDM (mobile-device management) platforms to maximize security.
- Use a strong, uniqueeinzigartig, einmaligunique password for each online account. “Use a free password generator tool and password vaultTresor; hier: Managervault if you struggle to think of new combinations and remember them,” says Duval.
Neugierig auf mehr?
Dann nutzen Sie die Möglichkeit und stellen Sie sich Ihr optimales Abo ganz nach Ihren Wünschen zusammen.
