I will divide these mobile security threats into several categories: application-based threats, web-based threats, network-based threats and physical threats.
Mobile malware and
spyware security threats can access a device’s private data without
a user’s knowledge or consent and can also perform malicious
actions without the user knowing, including transferring control of
the device to a hacker, sending unsolicited messages to the device’s
contacts, making expensive phone calls on smartphones, and more.
Application-based Threats
Mobile malware and
spyware security threats can access a device’s private data without
a user’s knowledge or consent and can also perform malicious
actions without the user knowing, including transferring control of
the device to a hacker, sending unsolicited messages to the device’s
contacts, making expensive phone calls on smartphones, and more.
Always download and
install applications from trusted/legit app-stores.
-
Malware is software that performs malicious actions while installed on your phone. Without your knowledge, malware can make charges to your phone bill, send unsolicited messages to your contact list, or give an attacker control over your device. You need a mobile security application to detect malware.
-
Spyware is designed to collect or use private data without your knowledge or approval. Data commonly targeted by spyware includes phone call history, text messages, user location, browser history, contact list, email, and private photos. This stolen information could be used for identity theft or financial fraud.
-
Privacy Threats may be caused by applications that are not necessarily malicious, but gather or use sensitive information (e.g., location, contact lists, personally identifiable information) than is necessary to perform their function.
-
Vulnerable Applications are apps that contain flaws which can be exploited for malicious purposes. Such vulnerabilities allow an attacker to access sensitive information, perform undesirable actions, stop a service from functioning correctly, or download apps to your device without your knowledge.
Web-based
Threats
Because mobile
devices are constantly connected to the Internet and frequently used
to access web-based services, web-based threats pose persistent
issues for mobile devices:
-
Phishing and Social Engineering: Attackers present themselves as a legitimate person or firm to try and trick unsuspecting users into handing over valuable data about themselves or their organization. Most times, these attacks use email, text messages, social media (Facebook, Twitter etc.) to send you links to websites that are designed to trick you into providing information like passwords or account numbers. Often these messages and sites are very different to distinguish from those of your bank or other legitimate sources. Check paypal phishing attack.
-
Drive-By Downloads. Malware installs itself onto a user’s devices without their consent or knowledge then explore vulnerabilities in the mobile operating system or a mobile applications to gain access and/or control of the device.Malware may install itself through a vulnerability in the browser via an invisible element such as HTML iframe tag element or by HTML embed element of image file. Such malware either tempts the victim to visit a infected website or send malware-infected messages (SMS).You should type URL instead of copying/pasting or clicking links to protect mobile phones from drive-by download attacks.
-
Browser exploits take advantage of vulnerabilities in your mobile web browser or software launched by the browser such as a Flash player, PDF reader, or image viewer. Simply by visiting an unsafe web page, you can trigger a browser exploit that can install malware or perform other actions on your device.
Network Threats
Mobile devices
typically support cellular networks as well as local wireless
networks (WiFi, Bluetooth). Both of these types of networks can host
different classes of threats:
-
Network exploits take advantage of vulnerabilities in the mobile operating system or other software that operates on local or cellular networks. Once connected, they can install malware on your phone without your knowledge. Ha
-
Wi-Fi Sniffing intercepts data as it is travelling between the device and the WiFi access point. Never connect to an unsecured WiFi network. An unsecured WiFi network or hotspot is one that a user does not need to provide a password to connect (free WiFi). These networks are a prime target for attackers to snoop or spy on a user’s online activity. Attackers can steal information such as login credentials, credit card data, or personal data which can leave them vulnerable to identity theft or theft of proprietary information. However, If you are to connect to these unsecured networks, use VPN (Virtual Private Network). VPNs protects users by encrypting their Internet connection which prevents attackers or anyone, including Internet Service Providers, from seeing/intercepting the information sent over the network.
Physical Threats
Phones that lack
passwords, screen locks or other forms of authentication are
vulnerable to unauthorized access, which can compromise sensitive
information stored on the mobile device.
Lost or Stolen
Devices are one of the most prevalent mobile threats. The mobile
device hardware may be sold on the black market or sold for spare
parts and hackers can bypass many forms of authentication in order to
gain access to the device’s sensitive information.
Additional types of
mobile security threats include applications that take advantage of
vulnerabilities in the mobile operating system or a mobile
application to gain access and/or control of the device, phishing
scams, Web browser and network-based exploits, Wi-Fi packet sniffing
for accessing mobile device data in transit, and more.
image source
