9 Mobile Security Threats & How to Protect Yourself
Protect Your Mobile Device: iPhone/Android, You’re a Daily Target. Be Prepared with Top Phone Security & Defenses
No matter which smartphone you have, like Android from Google, Samsung, or Apple’s iPhone, there are people who want to do bad things with them.
Phones have our messages, money, and important things. Bad people want them, so be careful.
Lots of people around the world use smartphones, and it’s tough to completely avoid cyberattacks. There are problems like spam, fake emails, bad apps, and holding your phone hostage for money, & they keep getting smarter every year.
To stay safe, we need to know what problems can happen to our phones in 2023 and how to stop them. This is our guide to the most common issues, how to protect yourself, and what to do if you think your phone is not safe.
Here they are: the main problems for Android and iPhone security in 2023.
1. Phishing, smishing, & vishing
Phishing is when bad people send you fake messages, trying to trick you into sharing personal info, clicking bad links, downloading harmful stuff on your device, or giving away your account details for banks, shops, social media, email, and more.
They can also use phishing to put bad stuff on your phone.
Phones can get phished just like computers, through email and messages. But phones can also get “smished,” which means fake messages sent as texts.
Spear phishing is like advanced phishing. The bad guys spy on someone to know more about them and then try to trick them, usually someone important, for money or other reasons.
Vishing, or voice phishing, is getting more popular. Bad people use phone calls to trick you. They might leave messages, use recorded calls, change their voice, and more to get your info.
How to stay safe: Don’t click on links in messages or emails unless you’re sure they’re real. Be careful with unexpected calls or messages and treat them as suspicious unless you know they’re okay.
2. Physical security
A lot of us forget to keep our phones safe in a basic way: by locking them. If you don’t use a PIN code, pattern, fingerprint, or eye scan to unlock your phone, it could be easy for someone to mess with it. Plus, if you leave your phone alone, it might get stolen.
To keep your phone safe, at least use a strong password or PIN. That way, if someone takes your phone, they can’t get into your stuff.
You can also use Apple’s Find My service or Google’s tracking to find your phone if it’s lost or stolen. Apple’s Find My works for iPhones, iPads, and AirPods, while Google can find your phone and tablet.
3. SIM hijacking
SIM hijacking, also called SIM swapping, is when bad people take over your phone number by tricking the phone company. They do this by pretending to be you and getting your number switched to their phone.
To make it work, they gather information about you, like your name, address, and phone number. Then, they trick the phone company into giving them control of your number.
When they succeed, your calls and texts go to their phone. This is a big problem because they can also get your two-factor codes used for email, social media, and banking.
SIM hijacking is usually a targeted attack, which means they need to collect your data and put in a lot of effort. But when it works, it’s really bad for your privacy and online accounts.
To stay safe, be careful about sharing too much online. Ask your phone company to add a note saying not to switch your number, especially if your data has been leaked in a breach. You can use a tool like Have I Been Pwned to check if your info has been exposed in a data breach.
4. Apps: Nuisanceware, premium service dialers, and cryptocurrency miners
Your mobile device can be in danger from annoying software and bad software that can make it call or message premium numbers without your say-so.
Annoying software, called nuisanceware, is usually found in apps, especially on Android phones. It won’t hurt your phone, but it can be really frustrating. You might see lots of ads, get pop-ups, or be asked to do surveys. It can also open web pages with more ads.
Nuisanceware is made to make money dishonestly, like by getting more clicks on ads.
Premium service dialers are worse. Some apps can secretly sign you up for paid services and send texts or make calls to numbers that cost money. You have to pay for these, and the bad people get the cash.
Some apps can also use your phone to mine cryptocurrency, and they might sneak into official app stores like Google Play. The tricky part is that even apps that seem okay, like mobile VPNs, games/streaming apps, can have bad code.
To stay safe, only get apps from real app stores. Pay attention to what new apps want to do on your phone. If your phone gets hot and the battery drains fast after you get a new app, it could be a sign of bad stuff happening. In that case, use an antivirus and think about deleting suspicious apps.
5. Open Wi-Fi
Open and unprotected Wi-Fi networks can be found everywhere, like in hotels and coffee shops. They are there to help customers, but they can also be a way for bad people to attack.
One big problem is something called a Man-in-The-Middle attack when you connect to open Wi-Fi. It’s when someone sneaks in between your phone or computer and the internet. They can take your information, put bad stuff on your device, or even take it over.
Sometimes, you might come across fake Wi-Fi hotspots, like “honeypots.” These are made by bad people, but they look real and free. They use them to do the same kind of attacks.
To stay safe, it’s best to avoid public Wi-Fi and use your mobile data instead. If you have to use public Wi-Fi, think about using a virtual private network (VPN). And if you’re doing important stuff like banking, it’s safer to use your mobile data for added security.
6. Surveillance, spying, & stalkerware
Surveillanceware, spyware, and stalkerware come in different types. Spyware is more general & is used by bad people to steal your personal & financial info.
But surveillanceware and stalkerware are usually more personal and directed at you. For instance, in cases of domestic abuse, a partner or ex-partner might put surveillance software on your phone to watch your contacts, calls, and where you are.
Sometimes, apps that are supposed to be for parents or bosses to keep an eye on things can be used to invade your privacy.
If your device has these problems, you might notice your battery runs out fast and see strange apps. On Android phones, you might see a setting that says “allow/install unknown apps” turned on. Also, look out for weird behavior and more mobile data use.
To deal with general spyware, use an antivirus scan. But for surveillanceware or stalkerware, be careful and look for anything unusual on your device. If you think someone is watching you, stay safe first and foremost.
7. Ransomware
Ransomware is a threat for both mobile devices and computers. It locks your phone by encrypting files and asks for cryptocurrency to unlock it. Some known ransomware includes Cryptolocker, WannaCry, BadRabbit, and Ruk.
Ransomware usually comes from unofficial apps or bad websites. You might see a pop-up asking you to download something, like a game or tool, and then your phone gets locked in no time. But ransomware is less common on phones than on computers.
If someone steals your Google or Apple ID, they might use it to lock your phone and ask for money.
To protect yourself, keep your phone updated and use its security features. Only get apps from official stores and use antivirus scans. If you get hit by ransomware, you might have to restore your phone from a backup or reset it to factory settings.
8. Trojans & financial malware
There are many types of mobile malware, but Google and Apple have basic protections that catch a lot of them. However, one type you should know about is trojans, and they’re a big concern.
Trojans are a kind of malware made to steal your data and money. Some mobile versions are called Zeus, TickBot, EventBot, MaliBot, and Drinik.
Usually, people download these malware themselves, thinking it’s a harmless app or service. But once it’s on your phone, it can pretend to be a real banking app and take your login info, like your password or PIN.
This info goes to the bad person, and they can steal your money. Some trojans can even grab the codes sent to your phone for extra security. Most trojans go after Android phones. There are fewer for iPhones, but they exist.
To protect yourself, keep your phone updated and use its security features. Only get apps from official stores. If you think your phone is hacked, stop using banking apps, disconnect from the internet, and use antivirus. You might also want to contact your bank and check your credit report if you see any strange transactions.
9. Mobile device management exploits
Mobile Device Management (MDM) tools are mainly for big companies. They help workers access work stuff safely and protect the company’s network. They can block bad links and websites, too.
But if the main MDM tool gets hacked, all the work devices can be at risk. Bad people might get data, watch you, or take over your device.
You can’t really protect against MDM problems, but you can keep your device safe. Make sure it’s up-to-date and don’t mix personal and work stuff on it.
How can you physically protect your device?
Your lock screen is like the front door to your phone, protecting your data and apps. Here are some settings to keep it secure:
For Android devices:
- Screen Lock Type: Choose a way to unlock your phone like a pattern, PIN, password, or biometrics like fingerprints or your face.
- Smart Lock: Keeps your phone unlocked when it’s with you in safe situations that you choose.
- Auto Factory Resets: Wipes your phone after too many wrong unlock attempts.
- Notifications: Decide which notifications show up and what info is visible, even when your phone is locked.
- Find My Device: Helps you find, lock, or erase your lost phone.
For iOS devices:
- Passcode: Set a passcode to unlock your iPhone.
- Face ID or Touch ID: Use your face or fingerprint to unlock your device, use apps, and make payments.
- Find My iPhone: Find, track, and lock your lost iPhone.
- Lockdown Mode: Available in iOS 16 or later, this offers extra security for people who might be targeted by hackers. It protects against bad links, content, and connections. You can enable it for added safety.
What should you look out for as symptoms of malware infection?
If your Android or iOS device starts acting strangely, it could be a sign of malware or a compromise. Here’s what to look out for:
- Battery Drain: While batteries naturally degrade, if your device gets really hot and loses power very fast, it could be due to malicious apps draining your resources.
- Unexpected Behavior: If your phone starts behaving oddly, especially after installing new apps or services, something might be wrong.
- Unknown Apps: If you see apps you didn’t install, especially if you allow apps from unknown sources or have a jailbroken phone, they could be malware or spy apps.
- Browser Changes: If your browser is acting weird, like changing your search engine, showing pop-ups, or taking you to strange sites, it could be due to malicious software.
- Unexpected Bills: Fraudsters use premium numbers to make money, so if you see unexpected charges, calls, or texts to premium numbers, you might be a victim.
- Service Disruption: SIM hijacking is a severe threat. If your phone suddenly loses service, and you can’t make calls, it could mean your number has been transferred to another device. You might also get emails about account resets or alerts that a new device has been added to your services.
If you notice any of these signs, it’s essential to investigate and take action to secure your device and data.
What about government-grade mobile malware?
From time to time, there are reports of high-level malware used by governments and large organisations.
Examples include Pegasus and Hermit, which are employed by law enforcement and governments to spy on individuals like journalists, lawyers, and activists.
In June 2022, Google Threat Analysis Group researchers warned about Hermit, a sophisticated spyware that targets both iOS and Android devices. It was exploiting previously unknown security flaws and was actively being used.
US government employees abroad have been victims of such advanced mobile malware.
These kinds of malware aim to gain full control over a victim’s device, capturing calls, messages, logs, photos, and GPS location.
However, it’s essential to note that the chance of you being targeted by these expensive, government-grade malware is low unless you are a high-profile individual of interest to a government or a similar organisation willing to go to such lengths.
You are much more likely to be targeted by phishing attacks, generic malware, or, unfortunately, by friends and family using stalkerware.
What should you do if your think your Android or iOS phone is compromised?
If you suspect that your Android or iOS device has been compromised by malware, here are steps you should take to protect your privacy and security:
Run a Malware Scan: Make sure your device’s operating system and firmware are up to date, as updates often include security patches. Additionally, consider installing a dedicated antivirus app from reputable providers like Avast, Bitdefender, or Norton.
Delete Suspicious Apps: Remove any apps that you don’t recognise or no longer use. Be especially cautious of apps from third-party developers or sources outside of Google Play or the Apple App Store.
Revisit App Permissions: Periodically review the permissions granted to your apps. If you find that an app has excessive or unnecessary permissions, consider revoking them or uninstalling the app. Sometimes, legitimate apps can turn malicious, so stay vigilant.
Secure Communication Channels: Avoid using open, public Wi-Fi networks unless necessary. Stick to mobile networks, and disable features like Bluetooth and GPS when not in use to minimise data exposure.
Premium Service Dialers: If you’ve received unexpected bills, review your apps and remove anything suspicious. Contact your telecom provider to block premium numbers and SMS messages.
Ransomware: If you suspect mobile ransomware, disconnect from the internet, including wired connections. Boot your smartphone in Safe Mode to remove the offending app, run an antivirus scan, and clean up. If your device is already locked, you may need to use a decryption tool, or in the worst case, perform a factory reset.
Stalkerware and Surveillanceware: If you suspect you’re a target, antivirus apps may detect and remove basic spyware. However, be cautious about trying to remove stalkerware apps, as this may alert the person monitoring you. Prioritise your safety and reach out to organisations that can help. Consider using a burner phone if necessary.
SIM Hijacking: If you suspect a SIM swap, call your telecom provider to have your service restored. Consider linking your crucial accounts to a number that is not publicly associated with you to reduce the risk of SIM hijacking.
Remember that your safety and security should be top priorities. If you suspect any form of compromise, consider seeking professional assistance and take appropriate measures to protect your data and privacy.