30 April 2021

4min

Cybersecurity: smartphones are also concerned

Essential for collaborations and telework during lockdowns, smartphones are our pocket computers which support apps such as Zoom, Teams & Hangouts. They are however not invincible. In fact, according to cybersecurity firm McAfee, while the world was in lockdown, cyberattacks against collaborative and cloud services soared by 650%.

These cyberattacks highlight the needs to protect these tools we all rely on. Just like computers, the reliance on smartphones has made users a potential target of cyberattacks and viruses. Security expert consultant in Bordeaux, Stanislas Granel, notes that preventative measures are often the best form of security from cyberattacks. There are currently two main smartphone operating systems: iOS for Apple and Android. Such few alternatives for consumers make it very easy  for hackers to  reach a large numbers of users.

 

+191% attacks on smartphones phone in a year

 

Before the widespread use of smartphones, computers were the main targets of cyberattacks. However, now with with as many people using smartphones as PCs, smartphone uses have become much more likely targets in recent years. In just one year, (which year) cyber-attacks on smartphones increased by 191%. This is a growing issue, however many smartphones users are unaware of the  potential threats of cyberattacks.  “They have condensed all their daily activities, whether personal or professional, in their phones. In addition, the tendency to use their own digital equipment in the office (computer, tablet, smartphone) increases the risks as they are less protected than a corporate network. With recent news and the massive use of telework, this practice has been exacerbated”.

 

800,000 bank accounts hacked on their smartphones

 

Using calendars, managing contacts, taking photos, reading emails, managing bank accounts, and using social networks and are the most frequent activities on a smartphone. … Such personal information stored on one device makes it a potential goldmine for thieves, as Stanislas warns “this information can be sold at a good price on the illegal DarkNet4 market”.

In October 2019, cybersecurity researchers identified a virus on Android, which hadrobbed more than 800,000 bank accounts in three years, mainly in Eastern Europe and Russia. Stanislas says “this virus read all text messages, and directly shared bank details to hackers when found.  It could even be silent for years until it read text messages containing personal information, which is even more striking and disturbing. Vigilance is therefore required, especially if you download applications from unofficial stores; they often contain viruses and other malwares. On the other hand, the Playstore has an analyser that runs regularly.. If it detects suspicious activity on an app, it will uninstall it automatically or notify users.”

 

Free applications on alternative stores, that would otherwise be paid for  on the Playstore, can also be potential threats. It is highly unlikely that a company would develop an app that is free to download on the internet but but charges customers on an official store.

 

Epic Games Studio: a company that avoided a potentially large cyberattack.

These days even large publishers are  not immune to the risk of cyberattacks.In 2018 the game publisher of Fornite, Epic Games Studio, got lucky after it developed its own launcher on Android, in order to allow its 40 million players to download it on mobile.Applications available on the PlayStore are usually all scanned and analysed by Google and its antiviral software. Any purchase made on an app is turn taxed at 30% by the Silicon Valley giant. However when Epic Games Studio developed its own launcher, it did not deploy the game to the Playstore, and therefore did not allow Google’s security analyser to perform the usual checks.Consequently, during the launch, Google identified a major flaw in the code.  “In essence, the program required you to download several files to the phone to run the game, without verifying their authenticity,” says Stanislas. This made it easy for hackers to hijack them and install malicious apps or viruses on smartphones. “Warned of the risks by Google, Epic Games had to review its copy, and deployed a new version of its launcher, which now verifies the sources of the files and their authenticity. Had the Epic Games flaw been coupled with a banking virus, consequences would have been disastrous . You have to keep in mind that a smartphone is a computer which contains a lot of confidential data,”. Stanislas concludes,  “It is therefore essential to think before installing any application. ”

Limit the risk of intrusion on our smartphones?

The first barrier to hackers is common sense: this can be performed on a daily basis with these two safety practices:

–       Install software updates suggested by the manufacturer. These patches include security fixes and without them you are more at risk of being the target of a cyberattack. You should also install the software updates suggested by the creators of the applications you use to further minimise these risks.

–       Install apps that only come from official stores. Pay attention to applications available on alternative stores. Those apps you may download can contain malicious software, sometimes installed with your consent. Do we really want to download a game application that asks for access to our contacts, our call log, geolocation or our microphone?

 

These precautions sound simple, but many systematically ignore them on a daily basis, especially with  professional smartphones.  The responsibility is therefore shared by personal users of professional smartphones and  the employers that provide them.

The smartphone is  a collaborative tool for work that functions as our “pocket computer”,They allow us to perform so many tasks with just the swipe or the touch of a finger; organising your calendar, making call attending  videoconferences, sending emails and doing internet research, and are a direct line of communication to your employer and colleagues. However your company’s CIO has little to do with the level of security it brings to your professional devices. The security management of smartphones is therefore delegated to the users.

 

At Onepoint, as a digital player, we make sure to anticipate and measure all the risks that could threaten our customers and their users. We support organisations in managing their risks and develop trusted solutions.