Mobile devices need as much protection as laptops and desktops and therefore users and organisations should put in place proper protective measures including authentic antivirus for this.
In 2011, there were only one billion WhatsApp messages sent out. By May 2018, such messages had hit 65 billion, according to data from Check Point Software Technologies. As these millions of messages are swapped between phones, the risks of spreading malware have tremendously grown.
“With so much chatter, the potential for online scams, rumours and fake news is huge,” says the report.
The threat on mobile is expected to grow as the number of smartphones continues to grow.
According to Gartner’s market guide for mobile threat solutions 2017, by 2019, mobile malware will amount to one-third of total malware.
The world today no longer views the mobile device as just a communication tool; it is an extension of the user. It has sensitive data such as on health and it is also a mobile office. This makes it a gateway for threats.
“The last you downloaded an app on the Playstore, did you look at the permissions the app was requesting?” asks Jeremey Kaye, head of security at CheckPoint.
The apps on the Android Playstore are the largest threats to the mobile user. This includes FakesApp which are designed to look like popular messaging up but are embedded with malware or phishing codes designed to intercept and alter messages sent through the app.
The Flashlight apps, says Mr Kaye are some of the leading malicious applications in the various app stores. The fake apps will request permissions to access messaging, email, call records, photos and even memory, all of which are not needed for the running of the app.
“Ninety per cent of mobile attacks begin with phishing,” explains Kaye.
The unnecessary permissions are the beginning of the compromised devices resulting in compromised data.
Ironically, antivirus applications are on top of the list of malicious applications — the Gartner report indicates that 70 per cent, meaning seven out of 10 apps on the playstore are malicious.
Pay apps are susceptible to key loggers which store anything typed on the phone and they are scraped and used to divert funds or make dummy purchases remotely.
“Most people ignore the red flags when downloading applications because the motivation to download is now very high,” explains Mr Kaye. This is especially common with popular gaming or messaging apps because users are reliant on referrals from friends or colleagues on whether or not to download the app, throwing caution to the wind.
“This includes overextension on privileges on the application which request for access to things not needed to run the app,” says Mr Kaye.
This can also include location of the device which is used for generating ads based on location and in some instances, the application may install adware on the device. Adware results in adverts popping up while the user is online, including while attempting to make a call, use a different application, or even read a message.
After apps downloaded on the mobile device, networks — mainly Wi-Fi — and the device being usedare the top three traditional risk factors for device users.
Open unencrypted Wi-Fi allows for a man-in-the-middle attack which is where any data sent or accessed on the network is intercepted by a third party. This is why users are advised to vet a Wi-Fi network before they connect to it. This is for most public networks at hotels, airports, parks and coffee houses. Confirm what the official Wi-Fi is before connecting. Android has the lowest number of up-to-date devices in terms of having the latest operating system.
“An old OS cannot protect you from an attack created today,” says Mr Kaye.
Data from the Android Developer Dashboard indicates that less that 15 per cent of active android users are on the latest Oreo OS while Apple’s iOS 11 is on the 85 per cent mark. Nougat has a 30 per cent usage and more than 30 per cent still using Android Lollipop and older. With more than 1.4 billion devices on Android, nearly half a billion are vulnerable to attacks as the operating systems are not up to date, with some no longer receiving security updates.
Targets for malicious applications on the device include call tapping, tracking location, emails, contacts, microphone recording, photos, account credentials and messaging applications. This poses a major risk to organisations that have a bring-your-own-device (BYOD) policy allowing employees to connect their devices on the network without proper security caveats in place.
Once on the network, a compromised device is a security breach for the entire organisation. While most equip their senior management with safe devices to access the emails and networks, the rest of employees still have un-vetted devices posing a major risk.
Mobile devices need as much protection as laptops and desktops and therefore users and organisations should put in place proper protective measures including authentic antivirus for this.
PAYE Tax Calculator
Note: The results are not exact but very close to the actual.
