As apps become more popular, mobile has become a major target for cyber crime. According to the U.S. Computer Emergency Readiness Team, this could be due to the sheer number of mobile users. Currently, more than 197.4 million (79%) of the U.S. population use smartphones, with that number expected to surpass 90% by the end of 2017.
The other reason is that mobile apps are now being used for a lot of activities. A majority of smartphone users, for example, prefer to check email on their phones rather than on PC. People also use apps for GPS navigation and to browse the Internet–what’s better than having Google, essentially, in your pocket! But above all, an increasing number of consumers are making purchases via apps. This means that a lot of people now submit their email addresses, bank account numbers, credit card information, and passwords to online retailers via apps. Considering that this is exactly the type of information cyber criminals are interested in, apps are increasingly seen as a more worthwhile target.
You also need to consider the following:
- Being that mobile devices are portable, they are very easy to steal. Owners of lost mobile devices could lose all the data stored in their apps.
- Most seemingly legitimate mobile apps being downloaded from app stores are malicious. Hackers could develop their own apps designed to spy on a user’s activities.
- Even legitimate smartphone apps are exploitable.
Different types of app security threats
There are several types of security threats in the mobile app industry, partly because most mobile users aren’t even aware that mobile security solutions exist. In a 2014 study, it was found that 57% of American adults didn’t have a mobile security solution. This exposes such users to threats such as:
- Mobile phishing and “Ransomware:
Phishing is when a bad guy (disguised as a trusted source) sends an app user a message with a link that if clicked can initiate a virus/malware or DOS attack. If the attack locks some or all of the user’s important files and the bad guy demands ransom, then it’s called a ransomware, rather than a malware.
- Using an infected mobile device to infiltrate nearby devices
An infected mobile app, if connected to an organization’s main network, can be used to breach the organization’s perimeter and directly attack other devices on the network.
- Cross platform banking attacks
Here, an attacker sends you a warm message such as “for increased security, download this app” on your PC. During installation, you will be prompted to submit your name and email address so that they can send a message or link to your phone. If you open the message or click on the link, the attacker would then gain control of both your PC and smartphone! This allows them to monitor your banking transactions on both devices making it easier to intercept banking details before they get encrypted and sent across the wire.
Combat threats to cybersecurity
In response to the mobile threat landscape, the following strategies are recommended to improve the industry’s cybersecurity profile:
- Ongoing consumer education
- Consumer/user credential protection
- Enhanced mobile and mobile app features
- Timely distribution of software updates
- Notifying users of unsecured network connections
- Improved login/password locks to make mobile devices more secure
- Policy enforcement
- Better securing messaging (SMS) protocols
- Disrupting malware spread through technical solutions as well as educational guidance.
Mobile apps must be treated as a major cybersecurity concern going forward. As more people use smartphones and apps become even more popular, solutions must be found to make both the mobile devices and the apps more secure. Otherwise, the war against cybersecurity might never be won.