Wireless and Mobile Device Security Explanation for All. Nowadays, everyone is using a mobile phone. It has become one of the most important parts of our life. Smartphones, either Android or iOS devices, are quickly replacing PCs and laptops. We use them everywhere, and we can complete most tasks on them. Using a smartphone you can check your email, store your personal information, save thousands of personal photos, shop online, use social media, download games or application and many more.
However, you have never thought of getting a virus or malware on your smartphone. Most people are unaware of the risks that a mobile device has. In reality, malware is widespread in both mobile Operating Systems (OS). In this article, we will explain what are the security threats in mobile devices and how you can be protected.
Mobile Device Security Explained
Wireless and Mobile Security is complex because devices have many attack vectors. In other words, mobile devices can be targeted and attacked in different levels.
Traditionally in computer networks, we find the below 7 layers that appear on the image:
In mobile devices, we define the three main attack vectors:
- Applications: This attack vector is based on the mobile applications. Usually, malware is produced and distributes as harmful apps that users unintentionally install on their devices. These harmful software downloads should be able to be recognized and stopped by mobile security solutions.
- Network: Mobile devices as well as the installed apps can be targeted at the network level. Attacks including Man-in-the-Middle, phishing, and other complex attacks exploit the network connectivity of the device to steal data or distribute malicious content. Mobile security apps should be able to block these network-level attacks.
- OS: Vulnerabilities exist in both iOS and Android operating systems. Those vulnerabilities can be used for jailbreaking/rooting devices either by users or by malware. As user can exploit them to run rooted apps, a malware can elevate its permissions and execute privileged commands. Mobile security apps should monitor and detect any attempts of exploiting the device’s vulnerabilities.
People can install any type of mobile application on their smartphones. Depending on the OS of the device, users visit the Google Play Store or Apple’s App Store to download and install useful apps or games for fun. As most of us are unaware of the risks that an application may has, we typically install and grant all permissions requested by the apps. However, this typical task involves some risks.
First of all, granting all permissions to the application it means that it may read and track your calls and messages history, track your location listen to your microphone, read your photos in your albums and many more. Each mobile OS has different way to depict to the user which permissions an application has requested access to. There is an article here which explains in detail how to check the apps and permissions depending on your OS.
A recommendation to users is to check every time they install an application which permissions are required. Do not allow every type of permission that an app is asking you. For example, if you install a simple light app, you must not allow microphone or camera access.
Official Apps versus Third-Party Mobile Apps
Installing mobile apps from unofficial sources increases the risk of getting a malware. Google’s Play Store and Apple’s App Store are the two official and trusted stores to download mobile applications for Android and iOS, respectively. If you download from a third-party store an app that is free or paid, there is higher risk of downloading an app with embedded malware. Mobile applications run in the background and collect sensitive information. Then, this information is transmitted to attackers for further actions.
Network Layer Vulnerabilities
As a second attack vector, we find the network layer. Smartphones, similar to computers, can connect to wireless networks. That means mobile devices send and receive data to the internet for various reasons. Mobile apps, Over-the-Air (OTA) updates or other internal processes require sometimes internet to operate normally. Connecting a device to the internet is translated into a promising attack vector for hackers.
Mobile applications installed on the devices send data encrypted or unencrypted to the internet, depending on their implementation. Usually, encrypted communication (HTTPS) is used by mobile apps to communicate with internet. In case you notice that a website
Tip: If you are visiting a website that is NOT using HTTPS, close it immediately. Try to use only websites with HTTPS symbol in the URL address bar.
Although communication is encrypted, attackers find ways to capture the traffic. Man-In-the-Middle (MitM) attacks are common in network layer. This type of attack occurs when attacker finds a way to redirect your network traffic to his computer and steal data from the packets exchanged by your mobile device. Usually, this attack happens if you connect to a free public WiFi. In some cases, hackers create their rogue public WiFi hotspots to allow future victims to connect. Then, they can easily sniff your traffic and export sensitive data. Nowadays, the use of HTTPS by most websites has reduced the risk of MitM but still exists. Encrypting the data included in the network packets makes it more difficult to steal them. Therefore, try to visit HTTPS websites only.
Other Attacks and Defenses
Another risk of network connectivity is the exposure of APIs (Application Programming Interface). Malicious actors may capture and study the API requests from mobile apps. Later, they try to understand the behavior of the application and attempt to find vulnerabilities.
Other attacks including phishing and IP spoofing may occur in network layer. Phishing pages can be served to users connected to a network. A phishing website pretends to be from a legit source such as “Facebook” and asks the credentials of the user. In order to achieve this attack, hackers spoof the router’s IP address and victim’s computer listens to attackers commands. Spoofing means to advertise a fake IP address to users in order to drive traffic to your computer. So, in our example attackers pretend to be the WiFi router and control the traffic of their victims.
In order to avoid the above attacks, always connect to WIFI networks that require a password. Browsing through a secured network improves your safety and encrypt your network traffic. Additionally, avoid HTTP websites and try to spot any fake websites by looking at the address bar of your browser.
The Operating System (OS) of a smartphone is not bug-free. Developers work hard to write secure code. Yet, researchers always find problems in OS source code which sometimes becomes the door to enter a malicious code.
Everyday you hear about security updates or patches published by vendors. The reason is that software engineer discovered a problem or bug the system source code and they apply a fix. Malicious actors always try to find vulnerabilities which can be exploited. Thus, vendors run to patch the holes before they become a wide problem.
“Jailbreaking” or Rooting Smartphones
There is the option for the user to “jailbreak” or root the phone which of course it is illegal. Jailbreak is actually a bug/vulnerability in the OS source code which is used to escalate the permissions that users have in their device. So, there is a chance that “expert” users or a hacker is actively exploiting the discovered vulnerability. Smartphone companies detect if a device is rooter or not and reject to repair them in case of problems.
Advanced users can easily find tools in the internet to break the security controls of the phone and be the master of the whole OS system. Users can then install illegal third-party apps by “Sideloading” them into their smartphone. Moreover, they can run commands that by default a normal user is prohibited to execute.
Illegal or third-party apps may contain malware. Imagine what a disaster this will be in case you have a malware with “root” or administrator privileges in your smartphone. For this reason and only, you must never Jailbreak and install UNOFFICIAL apps to your smartphone.
The reasons that users jailbreak their smartphones are to make the smartphone run a custom firmware, install custom wallpapers or other media that by default are not permitted by the OS. In addition, security researchers may want a rooted phone to explore the internal OS system and search for vulnerabilities. However, as already mentioned before, the risk of getting a virus or malware is higher for an average user and there is no reason to follow the path of jailbreaking the phone.
By reading the article, I hope you understand the basics of mobile security. I tried to explain you that our smartphones are actually computers that need our attention. Everyone must spend time to secure them and then you can use it for fun.
Follow the below suggestions to improve your device’s security:
- Always update applications and OS to the latest version
- Install an antivirus or mobile security solution to your device
- Avoid visiting unsecured websites that have HTTP
- Download apps from trusted stores only
- Do not jailbreak your device
- Connect only to secured WPA/WPA2/WPA3 WIFI networks
- Always use complex passwords to access your accounts
Please feel free to comment below for your ideas.