What you need to know about cell phone security
The development of mobile devices, more specifically cell phones, has advanced in numerous ways throughout the years, with an increasing number of consumers along the way. The Pew Research Center reports in 2019, "roughly one-in-five American adults are ‘smartphone-only’ internet users – meaning they own a smartphone but do not have traditional home broadband service.”
When users rely solely on their cell phones for the internet and other daily use it can increase their vulnerability to cybercriminal activity and security breaches. Software breaches don’t happen to just cell phone companies. Some of the biggest data breaches of the 21st century happened to companies that can still easily be accessed by cell phones, such as Yahoo, eBay, Target Stores, Uber, and more.
Types of mobile malware.
Mobile malware is a type of harmful software that specifically targets mobile phones and tablets. There is a variety of mobile malware, each type allowing cybercriminals to become more agile in their attacks. Listed below are the different types of malware, how they work, and who they affect.
Mobile spyware is a type of malicious software program that monitors and records information about a user's actions without the user's knowledge or permission. Once the victim of the malware attack has been affected by mobile spyware, the intruder is able to listen in on conversations, access data stored on the mobile device, and can even tap into the device’s camera and microphone. There is no one demographic that is more susceptible to mobile spyware than the other, which is why it’s important that everyone be aware of the possibility that this may happen to them.
Rooting malware is another malicious program that specifically targets Android users in an attempt to gain control over their root privileges, ultimately taking full control over the device. This type of malware is typically a result of visiting spam or phishing websites. When a device is compromised by a rooting malware the common effects may include deletion/installation of applications and copying of confidential information.
Mobile banking trojans.
Mobile banking trojans could be one of the most dangerous malware programs to fall victim to. Mobile banking trojans are a type of malware software that hacks into your mobile banking app in an attempt to steal information and money from your bank account. Anyone who has a mobile banking application installed on their mobile device is at risk of falling victim to these trojans, however, Android users are at the highest risk of being attacked. A majority of the time, these mobile trojans are installed on the device because they are disguised as legitimate applications.
Short message service (SMS) malware attacks are attacks that “involve the creation and distribution of malware by cybercriminals designed to target a victim’s mobile device.” This is a type of malware that can affect anyone that is able to receive calls and/or text messages and is done so by sending unauthorized calls or texts without the victim’s knowledge. This malware may also intercept text messages or calls without the user’s agreement. SMS malware, similar to other malware, is typically installed by users downloading mobile apps that seem to be legit.
How your cell phone can get infected.
A mobile device can become infected in a variety of ways. Here are the five most common ways your mobile device can get malware:
- Downloading malicious mobile apps;
- Opening or downloading links from suspicious emails, texts, or websites;
- Receiving text message or voicemail phishing scams;
- Using a mobile device with operating system vulnerabilities, for example, software that isn’t updated;
- Utilizing non-secure Wi-Fi or URLs.
Signs of a malware attack.
It may be difficult to tell whether or not your device is infected. However, there are a few tell-tale signs and symptoms to look for to help you distinguish whether or not you’re a victim of a malware attack.
- A sudden increase in mobile data usage;
- Device battery is draining at a faster pace than usual;
- Overall reduced performance in your cell phone;
- Unexplained apps may be downloaded onto your device;
- Unexplained charges to a phone bill;
- You may experience an abundance of pop-up advertisements.
It is important to keep in mind that just because your device is experiencing these symptoms, it doesn’t automatically mean you’re a victim of malware. You may need to simply replace your battery or invest in a new wireless charger. If you are still noticing changes in your phone, despite replacing the battery and charging device, you may want to then look into information on how to remove malware.
If users come across malware on their phone, there is no need to panic. There are ways to remove malware and it should be done so right away.
- Shut Down and Restart Your Phone: This will help to prevent further damage if you are unable to find exactly where the malware is located;
- Activate Safe Mode: How to activate safe mode varies with each device. Refer to your phone’s manual for further instructions on how to activate safe mode;
- Uninstall Suspicious Apps: If you notice that you have an application that has been downloaded but don’t recall downloading it yourself, remove it;
- Clear Your Browser History: This can easily be done by opening up your web browser in your settings folder and selecting “clear data and website history.” This can help delete any error messages and pop-ups from your web browser;
- Erase All Data: Reformatting your drive on your device is more of a last resort option, however, it may get the job done. Keep in mind that when you erase all data from your phone it is like starting from scratch, all information will be lost. Before completing this option make sure you understand the repercussions.
How to keep your phone secure.
Taking preemptive steps is the best way of reducing the likelihood of malware, and protecting your phone and personal information.
Download anti-malware for your mobile device.
Purchasing and downloading anti-malware for your mobile device can help to ensure that you don't become a victim of a mobile malware attack. There may be free anti-malware solutions to download so users may want to research this option prior to completing a purchase. Popular anti-malware programs include, but are not limited to:
Be cautious of public Wi-Fi.
When traveling, investing in internet devices such as mobile hotspots can help you protect your phone from malware. When out in public it is important for cell phone users to be cautious of the public wireless internet they are getting ready to connect to. If the Wi-Fi is not secured, it may be best to wait to log on until you are in a location with a more reputable internet source. It may also be suggested to turn your Wi-Fi and Bluetooth off when they’re not in use to help protect your device from malware access your information via public Wi-Fi. It is also important to be aware of public charging stations, for they too could be compromised with malicious malware.
Be cautious of social engineering scams.
Social engineering scams are scams conducted by people that try to manipulate people into giving up personal information such as passwords, banking information, or control over your computer. Social engineering scams appear in the form of email, text messages, or even phone calls. If you feel that the scenario is suspicious, avoid it at all costs.
Keep your operating system updated.
According to the Federal Communications Commission (FCC), “updating your smartphone's operating system when notified to do so helps patch security gaps and improve your device’s overall performance.” Prior to updating your device, it is suggested that you:
- Charge your phone;
- Back up your files;
- Make sure your device is compatible with the upgrade;
- Delete applications you no longer use.
Do not root or jailbreak your device.
Rooting your device mainly applies to Android users. This is the process that allows users to gain access to the Android operating code — which ultimately gives the privileges to modify the program’s code or install other programs that the manufacturer normally wouldn’t allow to be installed.
To jailbreak a device is similar, however, it is applied to Apple users rather than Android. To jailbreak a phone means that the user has unrestricted access to the entire file system.
Encrypt your device.
When a phone is encrypted it means that users must enter a password prior to accessing their mobile device. This is typically done by setting up a passcode in the privacy settings — usually involving numbers, words, and even fingerprint and facial recognition. It is recommended to encrypt your phone for incidences that may involve strangers attempting to log in to your phone (leaving it in a cab, losing it at the park, etc.).
Back-up your data.
When users back up the data on their phone they are then able to access their information from other devices. This is helpful for those who may need to purchase a new phone or restore their old one after it was attacked by malware. The backup instructions vary with each phone. Refer back to your phone's manual to help you better understand how and why you should complete this process.
Only download and use official apps and official stores.
Review your access permissions.
Cell phone owners can review their access permissions by searching in the settings folder on their phone for “apps” and “apps notifications” to see what permissions the apps have. Whenever users download an app, they typically have to agree to the terms of service — here is where they include what permissions the app has to the phone. Some may not even realize that they agreed to allow an app access to personal information upon installation.
Lock your phone with two-factor authentication.
This tip varies with the type of cell phone you have, however, it typically involves a two-step authentication verification. This may include, but is not limited to choosing two of the following:
- Minimum of a 4-digit numerical password;
- Fingerprint verification;
- Facial recognition;
- Drawing a pattern;
- Creating a password consisting of letters, numbers, and symbols.
Set up Find My Device and remote wipe features.
Setting up device finders gives cell phone users the ability to locate their device (from another device, usually of the same brand or a computer) if it happens to be stolen or lost. However, it is important to keep in mind that this feature doesn’t work if the device is dead. Which is why you may want to consider a remote wipe feature. Remote wipe is a security feature that allows a network administrator or device owner to send a command that deletes data to a computing device.
It can be scary knowing your private information is at risk of being hacked in to. Luckily there are steps to take to ensure that you and your mobile device are safe by understanding the signs of malware, knowing how to prevent them, and being able to remove them if they've infected your device.