“Mobile malware has been on the rise drastically in last couple of years,” Nathan Collier, Senior Malware Intelligence Analyst at Malwarebytes.
There is an increase in the use of mobile devices for storing and transmitting larger volume of more sensitive data, personal and business information such as account details, location, online banking and shopping etc. more than our personal computers.
Through our mobile devices we use apps that needs our location which is done through GPS, receive digital passes via text message or verification codes for logging into sites, social media apps publish photos and personal data, fitness and health apps track steps, heartrate, and food intake. Therefore, a breach into our mobile devices can give a very full detail about our personal life to the attacker.
In companies today, smartphones apps are used to communicate, plan and organize work and information about the company thereby become a major source of risk to the company’s privacy and intellectual properties.
A smartphone user is exposed to various threats when they use their phone. The number of unique mobile threats has grow by 261%, according to ABI Research.
Mobile devices security can be breached through Short Message Service (SMS, aka text messaging), Multimedia Messaging Service (MMS), Wi-Fi, Bluetooth, GSM, and the weak knowledge of an average user.
TARGETS FOR ATTACKERS:
Data: Sensitive data like credit card numbers, authentication information, private information, activity logs (calendar, call logs);
Identity: Information related to the owner of the mobile phone, contacts, and an attacker may want to steal the identity of the owner of a smartphone to commit other offenses;
CONSEQUENCES OF A MOBILE ATTACK
1. The attacker can manipulate the smartphone as a zombie machine, that is to say, a machine with which the attacker can communicate and send commands which will be used to send unsolicited messages (spam) via sms or email;
2. The attacker can easily force the smartphone to make phone calls. For example, one can use the API (library that contains the basic functions not present in the smartphone) PhoneMakeCall by Microsoft, which collects telephone numbers from any source such as yellow pages, and then call them.
3. Conversations between the user and others can be recorded by the attacker and sent to a third party. This can cause user privacy and industrial security problems;
4. An attacker can also steal a user’s identity, usurp their identity (with a copy of the user’s sim card or even the telephone itself), and thus impersonate the owner by placing orders and viewing bank accounts.
5. The attacker can reduce the utility of the smartphone, by discharging the battery. For example, they can launch an application that will run continuously on the smartphone processor, requiring a lot of energy and draining the battery.
6. The attacker can prevent the operation of the smartphone by making it unusable.
7. The attacker can remove the personal (photos, music, videos, etc.) or professional data (contacts, calendars, notes) of the user.