How and why do mobile devices get hacked?
By Rob Hale: Head of IT & Cyber Security, Telefónica UK
Mobile devices are very much the remote control for our lives today and communication is what underpins our need for mobility. Mobile communication, by its very nature, puts those involved at risk not only through potentially sharing information with the wrong people, but also because, as the need for ubiquitous connectivity increases as demand from employees to remotely access corporate data grows, so do the risks and ‘blind spots’ that have the potential to expose new avenues of attack.
The information that can be accessed via a mobile device means it’s now more important than ever to make sure they’re secure from theft, damage and also from being hacked. That’s quite a broad term but there are a number entry points for a hacker to access your mobile device. The main ones are:
- The Network (e.g. Infecting devices or stealing usernames and passwords over malicious wifi hotspots)
- Cloud Services (e.g. iCloud or gmail accounts)
- Applications(e.g. downloading malicious apps or malware
- Operating system (exploiting vulnerabilities in the OS of your device)
These four aspects are key to mobility and ‘anytime anywhere’ communication so if your device is exploited via any of these entry points it could mean a whole host of disruption for you. Anything from a user’s files, social media accounts, corporate logins or any service connected to the device can be compromised. Data and services such as SMS can also be accessed and controlled by a hacker, which poses both mischievous and capitalistic opportunities for the criminal. From sending offensive messages to your contacts to intercepting one-time passwords over SMS, the potential is huge and certainly not a risk anyone is willing to take. As with all cyber security threats, there are a number of measures and steps you can take to reduce the threat to an appropriate level.
Firstly, let’s just look at what our mobile devices really are. They’re very powerful mobile personal computers. We use them to perform the same tasks as a desk top PC, giving them access to the same data and sharing the same information with them. So it’s important that we treat them in the same way. If you could see your personal information right in front of you stored in a server, then perhaps it would be easier to comprehend the level of data a hacker could potentially have access to via your device. You wouldn’t connect your server up to the internet without security installed, would you? If you did it’s very likely to end badly!
You can start simply by enrolling your devices in a trusted and reliable Mobile Device Management (MDM) solution. One that allows you to have your replacement devices fully configured before they are sent out is a must in today’s fast paced world. Our Enterprise Mobility team can even make them ready for use as soon as they hit your user’s hands. MDM should enforce a static security policy, so all your devices are encrypted, secured with a secure password/PIN and deploying standard applications as well as enforcing controls on what can and can’t be installed. They are also great at protecting users from themselves, so blocking known bad applications and preventing access to third party app stores is a must.
In an increasingly mobile-centric world, new attacks continue to target mobile devices, with recent malware and exploits being seen in the wild against both unprotected Apple and Android devices. Simply relying on an app store to look for known bad apps or malware with signatures (descriptions which security software uses to identify bad guys) is an increasingly ineffective way of securing data and devices. Cyber criminals have become adept at bypassing controls or even loading malware and apps without using an app store using new attacks, not seen before.
Instead, we need to look at how the apps we install on our devices behave. Detecting side-loaded apps and malware is also critically important. By monitoring the behaviour, we can detect both known and unknown security threats in real time and deal with them before any damage can be done. Capsule – O2 Secure Mobile can complement MDM and there are a host of security options available to support your in-house expertise. If you need to know more, just contact me.
Ready to scale up your business? Call an O2 business specialist on 0800 028 0202 or call free from your O2 mobile on 8002.