Articles

Do
_
you
_
know
_
the
_
risks
_
of
_
your
_
smartphone?

Cybersecurity

We perform more and more professional or productivity-related tasks with our cell phones, which involves the use of sensitive information. Know the main vulnerabilities of your smartphone and take note of the 10 tips we offer from Sofistic to combat them.

There is no doubt that the smartphone has become an essential part for all of us. On the personal side, it has helped us a lot during the pandemic to stay connected with our family and friends, but also to enjoy those moments of leisure with social networks, videos or games. However, its use is also increasing for other more productive tasks, such as basic medical procedures or access to our bank accounts. On the professional side, there is no doubt of its usefulness, with access to professional applications or document management. Where we find a coincidence is in email management, as it is one of the first actions when configuring a smartphone, adding as many accounts as we have.

The point is that, as time goes by, smartphones contain more important information for us, and we are not always aware of it. What if someone has access to my emails? What if someone has access to my SMS or WhatsApp/Telegram type programs? What if screenshots are taken or keystrokes recorded? What if calls are made without my consent?

What are the main risks of a smartphone?

There are multiple methods to infect a smartphone, either because we install an illicit or fraudulent app (sometimes it is not even necessary to leave the official store), or because someone has access to our device remotely taking advantage of some unknown vulnerability of the operating system (as in the case of Pegasus) or because we access a fraudulent website that infects us without realizing it.

According to the latest studies of attacks on smartphones, fewer attacks have been detected, although it is worth mentioning that these have been found to be much more sophisticated and harmful to users.

Imagen 1: número de ataques a dispositivos móviles.

Number of attacks by mobile devices.

As expected, one of the most attacked sectors has been the banking sector, for obvious reasons. The following image shows the evolution of these attacks:

Imagen 2: evolución en los ataques al sector bancario.

Evolution of attacks on the banking sector.

In the following sections we will go into detail on some of the most relevant risks to understand what they really are and how they work.

Unlocking manufacturer limitations

The concept of jailbreaking (iOS) and rooting (Android) refers to performing a specific process to take control of the smartphone, bypassing security policies and restrictions to avoid compromising the smartphone’s operating system. It should be noted that some manufacturers mention in their terms of use that this process invalidates the device’s warranty.

What are we doing when this process is performed? Well, it depends on the operating system on which we act. In general, we install an app and generate internal processes that usually allow us to have a higher level of access to the functions of the device, being able to perform configurations that are not feasible at the beginning. For example, after performing this process, we could install apps published in alternative stores.

If we are sure we want to perform this process, we should ask ourselves several questions, weighing the risk between what we gain and what we lose: what exactly are you doing in this unlocking process? What are you actually installing in addition to the unlocking? What guarantees do we have that the smartphone will continue to work as before and will not have performance losses? Are we sure that we will not have a direct connection with the cybercriminal?

Social engineering attacks

This type of attack is usually defined as “the art of deception”, since the cybercriminal tries to impersonate another person so that the victim agrees to perform a specific action. Within this type of attacks, we find the most common ones such as:

  • The so-called “CEO scam“, where the cybercriminal impersonates the CEO or another person of higher rank to pressure a company employee to make a money transfer.
  • Invoice modification, so that if we are not alert and we detect that the invoice is false, we will pay the money to a company that has nothing to do with our manufacturer/customer.
  • Obtaining credentials, by sending an email in the case of phishing or by sending an SMS in the case of smshing (see image 3). In both cases, cybercriminals have the advantage that the mobile device screen is much smaller than that of a computer. Thus, the user is not able to notice the differences in the web, the typing errors, or the URL where the user actually accesses (sometimes the link shown is usually shortened and very similar to the real one). The credentials sought are usually related to banking systems, corporate email or any cloud application that may contain sensitive information.
  • Request the installation of an app the cybercriminal may even be able to interact with the device as if it were the user himself. On other occasions it simply accesses the contacts app and email.

Imagen 3: ejemplos de mensajes fraudulentos. Arriba mediante SMS, abajo mediante WhatsApp.

Examples of fraudulent messages. Above via SMS, below via WhatsApp.

Evolution of malware on smartphones

Imagen 4: Categorías donde Meta ha localizado más de 400 apps maliciosas.

Categories where Meta has located more than 400 malicious apps.

First of all, we must understand what we mean by malware. This word comes from the abbreviation of “malicious software“. Within this category we have a wide variety of types, from adware (it is responsible for displaying unwanted advertising), rootkit (it provides remote access and control to cybercriminals) or Trojan (it is responsible for executing actions without the user’s consent or even allows the installation of additional apps). More information can be found at this link.

As with desktop and laptop computers, malware on smartphones has evolved considerably since its beginnings in 2004. Today, the main actions they perform are changing links that redirect to fake websites or captive portals in order to obtain credentials or the installation of malicious applications. Recently, Meta has published a news where it claims that more than 400 applications have been detected in the AppStore and GooglePlay that pretended to connect the application with the Facebook service to obtain the user and password of users. In this case, the cybercriminals displayed a Facebook login button to access additional functionalities or simply for the use of the application itself. Below is a graphic showing that the apps were spread across a variety of categories:

Which operating system is more secure, Android or iOS?

This is one of the most typical questions asked when smartphone cybersecurity is mentioned. There is no categorical answer to this question, but be aware that both platforms have a direct focus on cybersecurity. For example, iOS encrypts the device’s memory (storage) to ensure data privacy and also prevents an app from accessing the memory space of other apps. In the case of Android, it requires apps to be signed by developers and there is an option in the main menu to correctly filter apps with excessive permissions.

Even so, there are vulnerabilities and points for improvement in both operating systems. Let’s take some examples to understand where the risks come from. Android delegates to the user the responsibility of granting the permissions required by an app. This is a problem in itself, but it is well known that a large number of users are totally unaware of this process and accept whatever is shown on the screen without even reading or understanding what they are accepting. On the other hand, we have problems with the management of enterprise certificates used by some companies and how iOS uses them. Recently the “Hermit” malware, which exploited the management of these enterprise certificates, has been made public.

Imagen 5: solicitud de permisos excesivos y posiblemente fraudulentos.

Excessive and possibly fraudulent permit applications.

At the time of writing this article, some of the Trojans that are considerably active and have a high impact are:

Autolycos

After infecting 8 Android apps that accumulated more than 3 million downloads between them, this malware performs subscriptions to premium SMS and calling services.

BRATA

Aimed at stealing banking data, it shows the user a supposed system update. In reality, while the supposed update is being performed, the user accesses the bank to make transfers. As they have full access to the device, not only will they be able to read the security codes that arrive via SMS, but they will also be able to format the device.

COPER

Although initially focused on the Colombian banking system, in the latest versions it is capable of attacking other international banks and cryptocurrency exchanges. One of its features is the ability to use Android’s accessibility features to take full control of the system (it can intercept and send SMS, lock/unlock the screen, record keystrokes on the screen or prevent the uninstallation of apps related to its functionalities).

Malware is one of the main risks for smartphones. It is a cyber-attack that has evolved significantly in recent years, and no matter how much operating systems focus on cybersecurity, there are still vulnerabilities and areas for improvement. This is why it is so important for users to know what they can do to reduce the risk.

More about Mobile Threat Defense