With a collective group of 167 million active mobile social users, India has one of the largest numbers of mobile users in the world. As India becomes an increasingly cashless society, giving rise to mobile wallets and exchange of digital currencies, the mobile space is becoming more and more lucrative for cybercriminal activities. Perhaps interesting to note, yet equally alarming is the emergence of new threats such as mobile apps of large Indian banks being attacked by cybercriminals to steal sensitive financial data, or WhatsApp users falling victim to personal data loss after receiving messages claiming to be from government agencies.
Functionalities of smartphones have evolved to become a potential security concern, leading to them being banned from Cabinet meetings in India, for fear of secret information being leaked. In addition, smartphones and tablets have also evolved to become mini handheld computers with capabilities similar to any desktop, raising new security risks if these devices are not properly protected with a security solution.
Paranoid Android: Fears of Android being an insecure system
Android, being one of the most popular operating systems in India, has its own set of pros and cons. When Android first emerged, it revolutionized the mobile market with its open-source code, less restrictive app market, ability to adapt to different OEMs and flexible customization. However, many of these factors, which made it attractive to mobile users in the first place, have also made it the preferred target of cybercriminals.
A Nokia study claims that there was a 400% surge in smartphone malware in 2016, with Android devices being the most targeted. The increasing appearance of malicious apps in the Google Play store over the past year could be attributed to a few possible reasons. One, Android has a larger user base, which also means that it has a larger group of potential victims. Two, Android’s app functionality is less constrained as compared to iOS apps, so there is more latitude for “undesirable” behavior. Three, apps on the Google Play Store tend to be published at a faster speed as compared to other app stores, making it easier to propagate malware. Variations of Android malware masquerading as innocent apps have popped up over the past year, including a fake Flash Player which even managed to bypass two-factor authentication, and a banking botnet disguised as a legitimate weather app.
Possibly one of the most dangerous types of Android malware is ransomware, which locks the device or encrypts all data including videos and pictures from the user to unlock the device or decrypt the data. According to ESET’s detection system LiveGrid, the number of Android ransomware detections have grown more than 50% year on year, with the largest spike in the first half of 2016. With these mobile threats steadily rising, one burning question in every consumer’s mind is: with India’s growing mobile user base, what information about me is at risk?
Your mobile, their entry point
Security threats on mobiles are especially worrisome due to the amount of highly personal and sensitive data stored in them. The appearance of zero-day vulnerabilities on iOS devices gave cybercriminals complete control over the device and the ability to spy on users, which highlights a real threat: that a mobile device can be an easy entry point for a cybercriminal. If a mobile device’s security is compromised, an attacker might gain easy access to every piece of information the user stores on the device. This typically includes personal identification details, financial information, and personal photos and videos. Personal data of family and friends are also likely at stake.
In today’s context, mobile devices are not only meant for personal consumption but also serve as important tools for business use. Hence, infected devices are not just a concern for the individuals, but for business organizations as well. When people engage in work while on the move, mobile devices connect to an organization’s network and if infected, could serve as an entry point for cybercriminals. This is especially pertinent in India where there is a high adoption of Bring-Your-Own-Device (BYOD) policies in workplaces; meaning a whole lot more information is at risk – we are talking about sensitive data, employee and client information as well as banking records.
Mobile vs threat: who will emerge victorious?
Cybercriminals and their tactics are evolving, and as users come to understand the dangers of installing apps from untrusted sources, cybercriminals are likely to devise new ways to attack and plan social engineering campaigns through legitimate app stores. Malware variants are increasing rapidly and this means that vulnerabilities in mobile phones can result in loss of personal data due to the malicious apps installed on the phone.
To deter cybercriminals from gaining the upper hand, cooperation between mobile phone vendors and mobile operating system software developers is key. Both vendors and developers should join hands to explore the deeper integration of security measures, which can strengthen the fight against mobile threats. The challenge, however, lies in adopting secure development procedures to minimize the risk of exposure, such as that found in poorly designed APIs in apps.
Within the workplace, enterprises can also implement restrictive measures to strengthen their security defenses for BYOD practices. Some measures include having a mandatory security policy managed by the company’s IT department or ensuring that their devices are kept up to date with the latest mobile security solutions and updates for operating systems and apps.
The first line of defense usually lies with the user, and getting them educated on cybersecurity is akin to winning half the battle. Since malicious apps tend to target users’ lack of awareness, the chances of falling prey to cyberattacks would be reduced if users are advised to download apps only from official app stores and are constantly informed about the latest threats. It is without a doubt that mobile devices now hold much more information about our private lives as well as about the organization we work in. As such, any type of security breach could result in dire consequences. To enjoy peace of mind while using their mobiles devices, users should consider installing a reputable mobile security solution to fend off any malicious attacks.
In a nutshell, we should strive for an increased sense we should strive for higher awareness amongst users in terms of how to stay safe online. If customers demanded better security in the marketplace and vendors looked at security as a crucial part of mobile device development, mobile device security may break or outpace the attacks, and we could look forward to a safer mobile environment.