Mobile Security – You may have locked your doors, but have you shut your windows?

14th August 2019

Mobile phones are an extension of who we are. We carry them with us everywhere, often they never leave our hand. They hold so much of our lives within them and we would be utterly lost without them. We use them for more than communication, but also shopping, banking, even authentication for other systems. Have you ever stopped to think about what may happen if someone got full access to your mobile lifeline?

These devices are so easily lost or stolen. The BBC recently admitted to losing over 170 devices in the last two years, including a large number to theft. Having mobile devices that are encrypted helps to minimise the risk of a GDPR breach and secure your data, and it is often included as a setting on most operating systems. Smartphones are often as advanced as many PCs and can be targeted in much the same way. Mobile attacks usually involve downloading malware onto a smartphone that then monitors your calls, messages, and many other activities. The malware then forwards this valuable information on to the bad guys.

Recently, a new technique to escape detection has been used in a malicious campaign targeting smartphones. The malware, dubbed JuiceChecker-3PC, was able to bypass scanning and has been seen in millions of page views over the last few weeks. The malware was posing as a legitimate ad for one of the largest department store retailers in the US. When the device met certain conditions, it triggered a redirect, in which the user was delivered to a malicious site. Most blockers and conventional scanning techniques continue to let the malware pass through and impact millions of site and mobile app users.

Unlike computer networks, for which you can buy network firewalls etc., your phone is largely controlled by others. You are at the mercy of the company that makes your phone, the company that provides your service, and the communications protocols developed when none of this was a problem. If one of those companies doesn't want to bother with security, then you're vulnerable.

CheckPoint Sandblast Mobile boasts both threat emulation and threat extraction and has the highest threat catch rate on the market.

However, there are products on the market that can help you to protect your most treasured of devices. An example of this is CheckPoint Sandblast Mobile, which boasts both threat emulation and threat extraction and has the highest threat catch rate on the market. It can cleverly use artificial intelligence to detect brand new malware by analysing its behaviour, long before it is stored in any anti-malware database. A Mobile Threat Defense (MTD) solution like this can help prevent malware attacks and the leak of personal information. MTD can be used to address mobile phishing, bring your own device (BYOD), app vetting as well as compliance. For more information, check out the latest report on Gartner: Market Guide for Mobile Threat Defense.

Employees are no longer tied to their desktops. Nowadays our office networks have all the doors locked and maintain a high level of security. However, in today’s world, organisations need to think about ways to extend security to all types of location and to all types of devices. With the fast evolution of software programs across laptops, mobile phones and tablets, hackers have turned their attention to these devices, creating an open window to data vulnerabilities. Our security efforts need constant updating and regular monitoring, to ensure they measure up against these rapid advances.

Are you going to turn a blind eye or are you going to shut your windows?

By Emma Davis - Head of Testing & Training