Everyone has become familiar with basic security hygiene for a laptop: don’t click on random pop ups, don’t click malicious links, and don’t connect to unsecured, public Wi-Fi connections. However, many have not learned that these same tactics can save you from smartphone attacks. Hackers today will focus their attacks on Androids, iPhones, and other smartphones to steal information and gain access to business networks because these small devices that everyone carries around all day can act as an attack surface just like desktops and laptops.
App Oriented Smartphone Attacks
Malicious actors will often try to disguise their attack as an app for you to download onto your phone or as an update to an app you probably already have. Social engineering tricks will be used, similar to phishing attacks, that try to lower your guard and have you click before you think. For example, you could receive a text message alerting you to a critical vulnerability in an Office 365 app that requires an immediate update, but when you click the link inside the message, you’re taken to download a malicious app that then harvests your credentials. By coupling urgency with a familiar app, a hacker can take advantage of a user not prepared to identify smartphone attacks.
Public Wi-Fi Connections
When it comes to accessing the internet through a public Wi-Fi network, the same attacks used on laptops and tablets will work as smartphone attacks. Bad actors can disguise a malicious Wi-Fi access point as a trusted connection, and once you connect to it, they can monitor what you’re doing and steal sensitive information. Using this tactic, malicious actors could even gain access to a business’ network, and this makes having a strong VPN on company and personal phones essential. This is especially the case for companies that have a bring-your-own-device (BYoD) policy because a successful smartphone attack on a personal device can lead to an attack on the business.
Hackers Target Mobile Devices
Because smartphones have become an integral part of people’s personal and business lives, hackers have been launching smartphone attacks for years. Some phishing campaigns will target users via text messages, and other attack types will target specific brands of phones or devices running on older, vulnerable operating systems. Malware that affects smartphones can be hidden behind malicious ads, disguised in alarming email links, or snuck into untrustworthy apps for you to download. Successful smartphone attacks will allow malicious actors to gain a foothold in business networks, steal sensitive credentials, and launch wider attacks in the same way attacks on other devices do.
When looking at the modern threat landscape, small and medium businesses must take into account every attack vector that could cause a business harm. Smartphone attacks may not come to mind as quickly as other threat surfaces, but many of the security solutions that work for desktops and laptops can work for smartphones to help keep your business safe. Our layered approach to security here at Robinett Consulting focuses on lowering your business’ risk of falling victim to an attack from as many vectors as possible, and if you want to know more about how to keep all of your mobile devices safe, we would love to hear from you!