The biggest threats in the mobile world: social engineering and malicious apps

The growth of the smart devices (smartphones, iPhones, tablets, intelligent TVs and so on) brought not only joy to the owners. The average consumer of these devices is not security aware. He will try any software and will take any offer, even those which sound too good to be true.

1. The biggest threat for smartphones is social engineering. Social engineering is a way of manipulating people by making use of the human curiosity, greed and ignorance for some topics. If the user sees something interesting he will click and give it a try. On mobile devices this is even easier to be done due to the fact that the visualization possibilities and the usability are still pretty reduced when compared with a classical desktop.

The infection vectors on mobile devices are the web and the email. The social engineering techniques make use of Facebook, Google+, Twitter and other social media websites to spread malicious links which can point to either phishing websites or to malicious files.

There are two reasons why these devices can’t be protected as good as the desktops are:

a) Due to the ubiquitous nature of the most of these devices (smartphones, tablets) it is not possible to have the web and email traffic filtered on the gateway.

b) The operating system (e.g. Android, iOS) doesn’t allow to have the same security features installed on them as on the desktop. Real time scanning of the local files and of the web traffic is sometimes not possible without hacking the operating system. If the cybercriminals don’t have any problems with this, the security vendors do have a problem.

2. The second biggest threat in the mobile world is represented by the malicious apps. Most users aren’t actually thinking that their devices are in fact very powerful computers, with a lot of RAM, 1 to 4 powerful processor cores and a huge amount of software titles. They are actually comparable with the PCs and Macs which stand on the desks, only that they have a smaller display (but slowly this is no longer being a problem – see the “phablets” (phone-tablet) phenomenon). And from here come most of the problems: with so much flexibility and computing power, there is a lot of software around, and it is nearly impossible to control what is being released. All control mechanisms that the software providers like Apple, Google, Samsung, Amazon and others have implemented, have failed in a way or another. We see more and more malicious apps loaded in the official app stores of the major four providers. However, even if the amount of malicious apps in the official store can be considered “under control”, there are a lot of other possibilities to load apps without going through an app store. It is true that trojans and viruses are not that widespread on the mobile devices as they are on PC and Macs. However, due to the fact that the smart mobile devices are here to stay, this means that the phenomenon should not be ignored. The users can protect themselves by not clicking on all “news” and “offers” they see on the websites mentioned. They should never enter confidential information (of personal nature as well as financial) on websites which they don’t know or look suspicious. It is highly recommended to not install apps that don’t come from an official store and even so, users should always check the reputation of the app and of the provider of the app. It is definitely possible to transmit a malicious file through Bluetooth, however it is very seldom that something like this is happening. Also sending a file through some instant messaging program such as Whatsapp and Skype is possible, but it is also very seldom that we see something like this. Always keep in mind that the cybercriminals are smart people, and they are trying to achieve a lot with less work and resources. So they will always try to find methods to infect people in mass and not in particular as these two methods.


© Copyright 2013 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch