The isolation and quarantine imposed by the emergency that has now become worldwide has led us to discover a new way of using technology for smart working, online shopping and, of course, keeping in touch with our loved ones and friends. If a computer, or at least a tablet, is essential for telecommuting, the inseparable smartphones will suffice for everything else. But at this time it is necessary to be careful about their use. From the moment quarantines began, the network has been put under pressure, and it is estimated that data traffic is equivalent to about a trillion bits per second. The use of online smartphone connections has also grown exponentially, a situation that has prompted cyber criminals to become even more aggressive to attack the greatest number of potential victims. Therefore, it is important to know how to cope with the risks posed by misuse of smartphones, even through simple carelessness. We are flooded with phishing emails of all kinds, and there are increasingly sophisticated ways in which hackers are able to exploit people’s emotional vulnerability to insert malware into their devices and then steal sensitive information such as personal data, passwords, and credit card numbers.
Videochat under attack
The desire to keep in touch with friends and family has increased the use of video chat apps, in addition to the classic Skype, FaceTime and WhatsApp video calls one of the most widely used services is Zoom. This is a video conferencing app recently targeted by cyber criminals who have carried out “hacking” attacks during virtual meetings with heavy intrusion into chats. A situation that generated a variety of problems, so much so that U.S. authorities intervened and enjoined the developers to fix the security problem. While the Houseparty app that allows for group video calls and online gaming has ended up in the eye of the storm for the way, described by experts, as opaque in which it handles user data.
Easy prey
It is easy for savvy cybercriminals to infect a smartphone: in addition to a variety of phishing practices, it is very much in vogue to hide malware in chat messages and apps. Viruses can also hide in services that we normally consider safe such as app stores. In recent months Google has cleaned up the Play Store by removing thousands of infected apps and tightening the rules for publishing software even more. Evidently this was not enough, so much so that last month more than 50 dangerous apps were detected that were hiding a new virus called Tekya capable of acting on the operating system and data connections. Basically, once it takes control of the smartphone, Tekya activates advertisements in the infected app without the user’s knowledge so that its “creators” make money. This is a few cents for each activated ad, but considering that these apps remain active all the time (consuming data) and have been downloaded millions of times, the result of this scam translates into large sums. Google solved the problem by removing the applications, but there was dismay when it was learned that more than twenty of them were dedicated to children. The phishing campaign called Anubis has also recently made headlines. Through counterfeit emails from real services such as those from banks, Amazon, eBay, and many others, an attachment is forwarded inviting one to download an application. Once consent is given, a request is made to enable a feature that actually contains a keylogger, a system that can detect what is typed in, including passwords. Some variants of Anubis, on the other hand, contain ransomware that can lock the terminal while waiting for a ransom demand. Therefore, one must pay close attention to the senders of the emails and the attached files and avoid activating them recklessly in any way.
Hardware vulnerabilities
Cyber criminals always manage to find weaknesses to spread their malware, even when it comes to exploiting device hardware. Critical weaknesses in mobile devices are common, recently a bug was discovered in Bluetooth technology that would “allow” malicious people to control the smartphone remotely. The bug called BlueFrag was quickly fixed with an update to Android operating systems. In reality, exploiting this bug requires a number of complicated conditions to replicate, including having a number of hard-to-find connection addresses and the proximity of the hacker to the Bluetooth range. Thus, this is not a situation to worry about, but it is undoubtedly serious what it represents: a critical issue that allows remote control of the device to be taken that remained active for a long time before being detected and corrected. An illustrative example to highlight the risks to which smartphones can be exposed.
How to behave
We have talked about Android smartphones, regarding iPhones on the other hand, the risk of viruses and malware, although possible, is lower since the iOS operating system has a more rigid and closed structure. Even in this case it is still necessary to take precautions; on the other hand, even on the App Store applications containing malware that escaped Apple’s strict security controls have been detected (and removed), and in the past iOS has also shown its side with Bluetooth vulnerabilities and FaceTime security issues. Of course, ensuring data security is also up to us; if we carelessly activate a link in a phishing email, the damage will be done even if we are protected by an extremely secure operating system. We have already written about it in this series of articles devoted to security, but the tips and precautions to take when using a smartphone are more topical than ever these days. They require little time and attention, a minimal price to pay to ensure the security of our privacy and that of our loved ones. We must always install updates to the operating system released by Apple, Google or the smartphone manufacturer. Let’s be careful when installing new applications: always check the reviews and reliability of the developer. The first time we activate an application in most cases we will be asked for a set of permissions. For example to grant use of the microphone, GPS, contact book, keyboard access. Before agreeing we check that they are relevant to the use of the app. Let’s install antivirus software! On Apple iOS it is not allowed, but on Android it is, and they are really useful for keeping the smartphone in good “health.” When we sign up for a service, even a simple social network, we read the terms well before creating an account. We surf on known, safe sites and avoid clicking on banner ads of dubious origin.
Devi effettuare l'accesso per postare un commento.