Digital Pickpockets Are Now Targeting Your Smartphone
Image credit: shutterstock
Chief Consumer Security Evangelist at Intel
JANUARY 4, 2016
The scourge of viruses, Trojans and other malware has long been a familiar foe for desktop PC users. As iPhone users in China recently discovered, these digital nasties are no longer confined to traditional computers and are already a very real threat to the security of mobile devices, such as smartphones, tablets and wearables.
Few smartphone owners seem to realize this risk, despite the fact that our smartphones have become a veritable treasure trove of digital booty -- photos, passwords, emails and texts, location data and more. To enterprising malware engineers, scammers and bad actors, sneaking into a smartphone may be the ultimate jackpot. Consumers aren't without options, however, and taking a few quick and easy precautions vastly decreases the risk of becoming a victim.
1. A need for consumer awareness
Because of their unique status as a digital catch-all, and the fact that smartphones are often used in locations that lack traditional safeguards such as firewalls, smartphones actually require more protective measures from malicious interlopers than PCs.
And yet last year's State of the Net by Consumer Reports found that just 7 percent of mobile phone owners use any form of encryption and little more than a third even bother using a PIN. That's a terrible track record. No wonder then that McAfee Labs recorded a jump of malware sampleson mobile devices by nearly 50 percent in just the first quarter of this year
2. Apps too eager to ask permission
While the volume of malware is certainly alarming, what’s of particular concern is the manner in which it gets onto devices. In particular malware writers have begun targeting apps directly rather than going after devices. The result is that users blindly trust app stores and install apps that have been compromised, unwittingly infecting themselves in the process.
This is made effective in large part due to overly aggressive apps that require far too many permissions to access user and device data than is logical or necessary. Take for example flashlight apps that needlessly demand the ability to perform a host of unwanted functions, like the ability to delete apps, track your location and even fiddle with your phone's software. Games are the most popular downloads on app stores, and as a category are notoriously pushy with permissions that needlessly put users at risk.
3. Desperate times call for commonsense measures.
There is, unfortunately, no completely foolproof way of foiling all the malware all of the time. But by using a few simple and sensible precautions the vast majority of risks can be averted.
4. Regularly update your phone's software.
The easiest, and most effective step you can take to protect your personal data is to install the periodic updates to your smartphone's software. Besides adding features, they typically include crucial security fixes you won't be able to get otherwise.
5. Turn on provided security features such as device encryption and locate and lock.
Your phone comes with a comprehensive array of free security tools. Enable them, and be familiar with their use such as how to locate a lost device and lock or even wipe it clean of data remotely.
6. Be mindful of permissions.
When you install an app, you grant it access to various types of information on your device, such as your contacts, your photos or your location. Before installing an app, look at the permissions it asks for and decline if it's needlessly aggressive -- why does that restaurant review app need access to your photos, for instance?
7. Stick with official app stores.
While malware-laden apps have on occasion slipped past the guards, consumers are far more protected from installing malicious apps and services when patronizing app stores from the big players -- Amazon, Apple, Google, Microsoft -- than ones from third-party stores or sites that aren't accountable to anyone.
8. Resist clicking on unknown links in texts and emails.
Just like you would with oddball links in email messages, don't click on a hyperlink in a text or email unless it's from someone you know -- and you're expecting it. Better yet, protect yourself further by going into your settings on your mobile phone and turning off auto-download for MMS (multimedia) messages to prevent your phone from installing anything without asking first.
Our mobile devices give us unprecedented connectivity, productivity and convenience. However, with cybercriminals ramping up their mobile skills, now more than ever, we need to be mindful of the risks and take the appropriate steps to protect ourselves as we enjoy the convenience they enable.