Articles

My
_
cell
_
phone
_
has
_
been
_
hacked
_
with
_
spy
_
software

Identity and cybersecurity  ·  Podcast

The increasing use and expanded functionality of smartphones means that they have become the main gateway for cyber-attacks. The new episode of the podcast ‘Beware of hidden macros’ discusses new authentication systems, such as biometrics solutions, to strengthen the security of these devices.

May 2021. A Moroccan newspaper publishes an article reproducing some of the WhatsApp conversations that journalist Ignacio Cembrero had conducted with Spanish authorities. It is something that "grabbed my attention straight away and I came to the conclusion that they had read or had access to my WhatsApp messages" explains the editor specialized in the Maghreb in 'A spy in your pocket', the new episode of the podcast 'Cuidado con las macros ocultas'. After that first suspicion, two months later, Cembrero receives a call from the international research group Forbidden Stories confirming that his phone is among the 50,000 numbers hacked by Pegasus, a spyware developed by the Israeli company NSO and purchased by governments and state security forces to remotely infiltrate mobile devices. It is the same spyware that was the protagonist of the recent cyber espionage scandal which would have infected the cell phones of the Spanish Prime Minister and the Minister of Defense and more than 60 Catalan and Basque pro-independence leaders.

«They had access to everything I had on my cell phone, from WhatsApp conversations and email, which is what most interested them, to all the private sections of photos and phonebook»

Ignacio Cembrero, journalist

Since then, and following the advice of experts, Ignacio Cembrero has changed his cell phone and computer. Furthermore, he has protected them with different tools and has initiated a legal battle to identify those responsible for the espionage of which he has been a victim. Like him, heads of state, activists and other reporters have suffered this type of cyber-attacks. Even one of the richest people in the world, Amazon owner Jeff Bezos, has been the target of hacking allegedly also through spyware. These stories are an example of how mobile devices have become the main entry point for cyber threats.

Nearly half of all attacks come in via cell phone, according to Hiscox

First entry point for a cyberattack

Company-owned server

37%

Corporate Cloud Server

31%

Corporate website

29%

Employee error

28%

Company mobile device

26%

Employee mobile device

23%

Supplier asset

13%

Internet of things owned by the company

7%

Source: Hiscox 2021

90% of enterprises are addressing an IT strategy shift where cybersecurity is one of the top three investment priorities for the current year of 2022, according to an IDC report.

Are companies protecting mobile devices sufficiently?

There are two types of threats with the cell phone as an entry point, as highlighted by Hispasec CEO Fernando Ramirez in the Cuatroochenta podcast. One is those that aim to steal information and the other are those that focus on a person's importance or money. And although not all people will be targeted by spy malware such as Pegasus, Ramírez stresses, there are other more widespread threats, such as a banking Trojan that would like to get hold of the double authentication factor.

«All the information we host on our mobile, from personal information to health or even access information to other platforms, such as the bank, is susceptible to being stolen through manipulation or a malicious virus.»

Fernando Ramírez, CEO of Hispasecec

Ramírez feels that, large companies, which have been investing in cybersecurity for some time, do take mobile security into account, but there are other, smaller companies that are not as advanced and have put it on the back-burner. Although there is an increasing number of tools and controls to keep mobile devices safe, Ramírez reminds us that the first line of defense for any organization should be the security perimeter, since it is the gateway to cybercriminals. But what is that perimeter? Everything exposed, he points out, from public IPs to domains to email addresses.

«The user’s first response should be not to trust any technology, an attitude also known as 'Zero Trust’ “. This basically assumes that we are going to be breached and that there is going to be a malware inside our mobile capturing our information or visualizing what we have stored and, in that case, we take action about it.»

Ángel López, CEO of Sofistic

Good practices for Mobile Device Management

Nowadays we have a choice of tools that help to protect mobile devices, according to Ángel López, founder and CEO of Sofistic, Cuatroochenta's cybersecurity business line. There are, for example, device management systems known as Mobile Device Management, to improve the security of corporate and personal mobiles. In addition to this type of solutions, there are advanced tools that combine data encryption through VPN with threat detection, the Mobile Threat Defense, such as, for example, the mobile device protection app UareSAFE.

  • VPN
  • Password Manager

  • Mobile Device Management

  • Software Mobile Threat Defense

  • Two-factor authentication

«Biometrics is something that is non-transferable and cannot be stolen like a password, access card or PIN.»

Nuno Ferreira-Martins, Partnerships & Business Development Senior Manager at FacePhi

Increased robustness, usability and accessibility are the main benefits of biometric solutions for both organizations and end users. The big push for this technology has come from banking, followed by transportation, and now it is found in virtually every sector. It is used, for example, in hotel pre-checking or in the control and verification of people accessing a soccer stadium.

The popularity of cell phones, which shows no signs of abating, makes them a real target for cybercriminals. Organizations must equip themselves with the most advanced tools and solutions to protect these devices and limit the risk.

Subscribe to the podcast