As mobile devices become ubiquitous in society, the bad actors have turned from PCs and laptops to mobile endpoints and cellular networks to escalate their attacks against businesses and individuals.
If 2019 has shown us some of the ways in which hackers are using mobile devices as attack vectors, 2020 could be the year they succeed in their nefarious objectives.
Cyber Threats to Mobile Devices:
Here are 6 ways mobile devices could be used against us this year:
A few years ago, it would have been unthinkable that employees of big companies would be allowed to log in to the corporate network via mobile device. In 2020, due to the boom in remote working and advances in cloud-based enterprise platforms, it is almost expected.
Where a robust bring your own device (BYOD) policy is in place, this may not be a problem. However, many businesses allow unregulated employee activity via mobile devices. This can lead to an invisible ‘shadow IT’ network putting the company’s assets at risk.
PennComp, a provider of high quality IT support in Houston, includes standardizing policies and procedures as part of its IT Infrastructure Maintenance and Monitoring service.
5G technology promises broadband-type speeds of internet access via your cellphone but who is responsible for keeping that data secure? That question has caused a rift between the United States and UK with the latter choosing to involve Chinese tech company Huawei in the development of their new 5G network. The US government are concerned that the links between Huawei and the Chinese government could lead to an attempt to use the UK’s 5G network to spy on the west.
Imagine if details of every call you made on your cellphone, every text you sent and every contact you saved were in the hands of a rogue state. This nightmare scenario could happen if cellphone carriers had their call detail records (CDRs) stolen by hackers. This is not a hypothetical risk. In 2019, cybercrime experts Cybereason Nocturnus exposed an advanced persistent worldwide assault on major carriers known as Operation Soft Cell. Again, the attack appears to originate from China.
The logic behind two-factor authentication (2FA) seems sound enough. You can only log into an account if you can provide proof of something you know (e.g. a password) and something you have in your possession (e.g. a code sent to your cellphone by SMS text).
The flaw in this system is that codes sent from a website to a cellphone are not actually sent to the device at all but to that device’s identity – tied to its Subscriber Identity Module (SIM). If a hacker can successfully pose as their intended victim, they can instruct their mobile carrier to port their SIM card to a new device – one they own. This form of cybercrime is known as a SIM port attack.
According to Statista, there were 2,900,000 mobile apps on the Google Play store in December 2019 with a steady 100,000 added every quarter. The sheer volume of apps combined with increasingly sophisticated hackers has raised the threat level in terms of hidden malware. Downloading corrupted apps can lead to everything from data theft to having your device linked in to a massive global botnet which then brings down a major company (or even a city!)
Petty thieves and muggers in 2020 will no longer steal smartphones to sell on online auction sites. They now realize that global cybercrime networks will pay them a lot more in order to get access to sensitive data. Every stolen device becomes a potential backdoor into a corporate or public network.
For businesses concerned about their mobile security, getting professional advice is critical. If you are based in Houston, IT consulting services are readily available through PennComp.