With the increase in the use of smartphones and the consequent rise in use of mobile applications, associated security risks have also shot up. The volume of mobile transactions have witnessed a four-fold growth in the last couple of years, and now, cyber criminals are targeting mobile users to extract data and money.
Analysts say that the culture of bringing own devices for work and accessing enterprise data on mobile phones have increased the risk of enterprise security breaches. Indians are rapidly becoming the largest users of various mobile applications and various security solutions providers say the threat is increasing and evolving rapidly.
One of the major ways in which cyber criminals attack online is through putting fake apps on the play store. Fake app detections by McAfee’s Global Threat Intelligence agency increased from around 10,000 in June to nearly 65,000 in December 2018. Data of users who are hoodwinked into downloading these have their data compromised.
McAfee says the many of these fake apps are based on popular mobile applications. For instance, the game Fortnite has more than 200 million players globally, with over 60 million downloads, and a huge crop of fake apps pretending to be different versions of Fortnite have cropped up. Cybercriminals also continue to innovate on different distribution vectors, from phishing SMS messages to applications with real functionalities which allow malicious payloads to bypass security checks on app markets.
“With banking increasingly becoming an integral part of mobile device usage, attackers have begun building more sophisticated capabilities into their mobile banking malware. By staying under the radar, they steal more than just credit card data, and bypass security mechanisms,” notes Nilesh Jain, vice president, South East Asia and India, Trend Micro.
Android-based devices also receive substantial attention from cyber criminals. “The popularity of Android-based devices not only makes them a prime target, but the latest crypto mining technique can jump from phone or tablet to smart TV to infect your entire environment,” McAfee’s Mobile Threat Report for 2019 points out.
In order to protect the interests of consumers, security providers have even begun partnering with mobile device manufacturers. McAfee, for instance, has expanded its partnerships with Samsung and Türk Telekom. The partnership with Samsung will help safeguard consumers from cybersecurity threats on Samsung Galaxy S10 smartphones which come pre-installed with anti-malware protection powered by McAfee VirusScan.
“App developers, original equipment and design manufacturers are fortunately poised to enforce security by design, go beyond functionality and incorporate data privacy and security in the lifecycle of an app’s development and operations. Everyday users also need to adopt best practices, while companies, especially those with BYOD (bring your own device) policies, must find a middle ground between the need for mobility and significance of security,” Jain said.
Another cyber security company Symantec in its Internet Security Threat Report points out that smartphones could arguably be the greatest spying device ever created. The company says that a smartphone which has a camera, a listening device and a location tracker collects more data from wherever the user goes. And India is among the top countries for mobile malware with 23.6 per cent of global infections.
According to Symantec, 45 per cent of the most popular Android apps and 25 per cent of the most popular iOS apps request location tracking, 46 per cent of popular Android apps and 24 per cent of popular iOS apps request permission to access device’s camera, and email addresses are shared with 44 per cent apps and 48 per cent respectively. Security service providers also say digital tools that gather cellphone data for tracking children, friends, or lost phones are also on the rise and clearing the way for abuse to track others without consent. “More than 200 apps and services offer stalkers a variety of capabilities, including basic location tracking, text harvesting, and even secret video recording,” it said in the report.