30 April 2021

4min

Cybersecurity: smartphones are also concerned

Essential for collaborations & telework during lockdowns, smartphones are our pocket computers which support apps such as Zoom, Teams & Hangouts. They are however not unbeatable. In fact, during lockdowns, IT attacks against collaborative and cloud services soared by 650% according to McAfee.

Whether it is a coincidence or not, these attacks confirmed the urgence to protect these tools. This true concentrate of technology can also be the target of attacks and contract viruses, just like PC does.

Stanislas Granel, security expert consultant in Bordeaux, takes stock on the best practices to adopt, as reflection often in security remains the best “barrier gesture”.

41 million: this is the number of smartphone users in France in 2019. In other words, cell phone has become the favorite French’s object. “Already in June 2018, there were more than 3 billion people around the world surfing on social networks via mobiles,” specifies Stanislas, security consultant in Bordeaux.

There are nowadays two main operating systems: iOS for Apple and Android. This is a few! It is however a real boon for malicious people who can easily reach large numbers of users.

+191% attacks on cell phone in a year

Cyber-attacks have until now focused on computers, as “financial return” were not attractive enough on mobiles. This situation has however recently changed. With as many people on smartphones as on PCs, hypothetical gains have become much more significant. Attacks on smartphones have thus, in one year, increased by 191%.

This real scourge is moving slowly because laptop users are unaware of this potential threats. “They have condensed all their daily activities, whether personal or professional, in their phones. In addition, the tendency to use its own computer equipment in the office (computer, tablet, smartphone) increases risks as they are less protected than a corporate network. With recent news and the massive use of telework, this practice has been exacerbated.

800,000 bank accounts hacked via cell phones

Using calendar, managing contacts, photos, reading emails, managing bank accounts, social networks: those are among the most frequent activities on a smartphone… A veritable goldmine for thieves 2.0! “This information can be sold at a good price on the illegal DarkNet4 market” warns Stanislas.

In October 2019, cybersecurity researchers found a virus on Android, which would have robbed more than 800,000 bank accounts in 3 years, mainly in Eastern Europe and Russia. “This virus read all text messages, and directly shared bank details to hackers when found. It could even be silent for years until it got the long-awaited text message, which is even more striking and disturbing. Vigilance is therefore required, especially if you download applications from unofficial stores: they often contain viruses and other malwares. “On the other hand, the Play Store has an analyzer that runs regularly,” says Stanislas. If it detects suspicious activity on an app, it can uninstall it automatically or notify users. ”

Free applications on alternative stores, while they are paid on the Playstore, can be potential threats. It is indeed highly unlikely that a company would have fun making an app free on the Internet but yet paid-version on an official store.

Fortnite: a flaw avoided in extremis

Even large publishers are nowadays not immune to cyber-attacks’ risks. In 2018, Epic Games studio unfortunately paid a heavy price. Game’s publisher Fortnite has developed its own launcher on Android, in order to allow its 40 million players to download it on mobile!
Applications available on PlayStore are usually all scanned and analyzed by Google and its antivirus. Any purchase made on an app is in return taxed at 30% by the Silicon Valley giant.

In developing its own launcher, Epic Games did not deploy the game to the store. Google’s security analyzer was as a result unable to perform the usual checks … During the launch, Google however spotted a major flaw in the code. “In detail, the program required you to download several files to the phone to run the game, without verifying their authenticity,” says Stanislas.

This made it easy for hackers to hijack them and install malicious apps or viruses on smartphones. “Warned of the risks by Google, Epic Games had to review its copy, and deployed a new version of its launcher, which now verifies the sources of the files and their authenticity. Had the Epic Games flaw been coupled with a banking virus, consequences would have been disastrous … “. You have to keep in mind that a smartphone is a computer which contains a lot of confidential data,” Stanislas concludes. “It is therefore essential to think before installing any application. ”

Limit the risk of intrusion on our smartphones?

The first barrier gesture is common sense: this on a daily basis can be illustrated with these two safety practices:

– Make updates proposed by the manufacturer. These patches include security fixes and without them malicious people could use them against you. The updates proposed by the editors of your applications also deserve to be applied in order to prevent all risks.
– Install apps that only come from official stores. Pay attention to applications available on alternative stores. The app you are going to download may contain malicious features and sometimes, with your consent. Do we really want to download a games application that asks for access to our contacts, our call log, geolocation or our microphone?

It sounds simple, but do we do it systematically and especially with our professional smartphones? The stake today is therefore divided between the common sense of users and companies’ responsibility.

The smartphone as a collaborative tool for work (“mini-computer”, which allows you to organize your calendar, make calls, make videoconferences, send emails, do internet research) provides access to your professional messaging as well as the employee directory.
But your company’s CIO has little to do with the level of security it brings to your computer. The security management of smartphones is therefore delegated to the users.

At onepoint, as a digital player, we make sure to anticipate and measure all the risks that could threaten our customers and their users. We support organizations in managing their risks and develop trusted solutions.