What device was used as an example of control center threats?

Mobile device security threats are on the rise. In 2014, Kaspersky detected almost 3.5 million pieces of malware on more than 1 million user devices. By 2017, Kaspersky’s in-lab detection technologies processing reached 360,000 malicious files per day. And 78% of those files were malware programs, meaning that over 280,000 malware files per day were detected—many of which target mobile devices. Here’s a look at the top seven mobile device threats and what the future holds.

Table of Contents Show

1) Data Leakage
2) Unsecured Wi-Fi
3) Network Spoofing
4) Phishing Attacks
6) Broken Cryptography
7) Improper Session Handling
What’s Next in Mobile Security Threats?
What Can You Do to Safeguard Against Mobile Security Threats?
How Internet of Things devices are managed
Threats to users
Threats to others
Internet of Things security management

1) Data Leakage

Mobile apps are often the cause of unintentional data leakage. For example, “riskware” apps pose a real problem for mobile users who grant them broad permissions, but don’t always check security. These are typically free apps found in official app stores that perform as advertised, but also send personal—and potentially corporate—data to a remote server, where it is mined by advertisers, and sometimes, by cybercriminals.

Data leakage can also happen through hostile enterprise-signed mobile apps. These mobile malware programs use distribution code native to popular mobile operating systems like iOS and Android to move valuable data across corporate networks without raising red flags.

To avoid these problems, only give apps the permissions that they absolutely need in order to properly function. And steer clear of any apps that asks for more than necessary. The September 2019 updates for Android and Apple iOS both added protocols to make users more aware of it and why apps collect users’ location data.

2) Unsecured Wi-Fi

No one wants to burn through their cellular data when wireless hot spots are available—but free Wi-Fi networks are usually unsecured. According to V3, in fact, three British politicians who agreed to be part of a free wireless security experiment were easily hacked by technology experts. Their social media, PayPal and even their VoIP conversations were compromised. To be safe, use free Wi-Fi sparingly on your mobile device. And never use it to access confidential or personal services, like banking or credit card information.

3) Network Spoofing

Network spoofing is when hackers set up fake access points—connections that look like Wi-Fi networks, but are actually traps—in high-traffic public locations such as coffee shops, libraries and airports. Cybercriminals give the access points common names like “Free Airport Wi-Fi” or “Coffeehouse” to encourage users to connect.

In some cases, attackers require users to create an “account” to access these free services, complete with a password. Because many users employ the same email and password combination for multiple services, hackers are then able to compromise users’ email, e-commerce and other secure information. In addition to using caution when connecting to any free Wi-Fi, never provide personal information. And whenever you are asked to create a login, whether for Wi-Fi or any application, always create a unique password.

4) Phishing Attacks

Because mobile devices are always powered-on, they are the front lines of most phishing attack. According to CSO, mobile users are more vulnerable because they are often monitor their email in real-time, opening and reading emails when they are received. Mobile device users are also more susceptible because email apps display less information to accommodate the smaller screen sizes. For example, even when opened, an email may only display the sender’s name unless you expand the header information bar. Never click on unfamiliar email links. And if the matter isn’t urgent, then let the response or action items wait until you’re at your computer.

5) Spyware

Although many mobile users worry about malware sending data streams back to cybercriminals, there’s a key threat closer to home: Spyware. In many cases, it’s not malware from unknown attackers that users should be worried about, but rather spyware installed by spouses, coworkers or employers to keep track of their whereabouts and activity. Also known as stalkerware, many of these apps are designed to be loaded on the target’s device without their consent or knowledge. A comprehensive antivirus and malware detection suite should use specialized scanning techniques for this type of program, which requires slightly different handling than does other malware owing to how it gets onto your device and its purpose.

6) Broken Cryptography

According to Infosec Institute training materials, broken cryptography can happen when app developers use weak encryption algorithms, or fail to properly implement strong encryption. In the first case, developers may use familiar encryption algorithms despite their known vulnerabilities to speed up the app development process. As a result, any motivated attacker can exploit the vulnerabilities to crack passwords and gain access. In the second example, developers use highly secure algorithms, but leave other “back doors” open that limit their effectiveness. For example, it may not be possible for hackers to crack the passwords, but if developers leave flaws in the code that allow attackers to modify high-level app functions—such as sending or receiving text messages—they may not need passwords to cause problems. Here, the onus is on developers and organizations to enforce encryption standards before apps are deployed.

unwantedtext

7) Improper Session Handling

To facilitate ease-of-access for mobile device transactions, many apps make use of “tokens,” which allow users to perform multiple actions without being forced to re-authenticate their identity. Like passwords for users, tokens are generated by apps to identify and validate devices. Secure apps generate new tokens with each access attempt, or “session,” and should remain confidential. According to The Manifest, improper session handling occurs when apps unintentionally share session tokens, for example with malicious actors, allowing them to impersonate legitimate users. Often this is the result of a session that remains open after the user has navigated away from the app or website. For example, if you logged into a company intranet site from your tablet and neglected to log out when you finished the task, by remaining open, a cybercriminal would be free to explore the website and other connected parts of your employer’s network.

What’s Next in Mobile Security Threats?

According to Harvard Business Review (HBR), despite becoming a preferred target for hackers, mobile security is not prioritized relative to network and computer security. Even within the mobile ecosystem, HBR reported that security spending was chronically underfunded relative to mobile app development. As our reliance on mobile devices grows, so does the value of data, and thus, the motivation for cybercriminals. In addition to the mobile security threats we’ve just discussed, be alert for new threats focused on the following three key impact areas:

SMiShing : Like phishing scams, cybercriminals attempt to trick people into downloading malware, clicking on malicious links or disclosing sensitive information. A SMiShing attack is launched through text messages instead of email.
BYOD : As business users are granted high-level access from personal mobile devices, smartphones and tablets are effectively replacing desktops for many business tasks. However, personal mobile devices don’t offer the same level of built-in security or control as the organization-owned desktop computers they are replacing.
The Internet of Things (IoT) : With the number of types of smart devices—from RFID chips to thermostats and even kitchen appliances—growing so quickly, they can’t always be monitored by users or antivirus solutions. This makes IoT devices an attractive target for hackers who use them as entry points to the larger network.

What Can You Do to Safeguard Against Mobile Security Threats?

Mobile device security threats are both increasing in number and evolving in scope. To protect devices and data, users must both understand common threat vectors and prepare for the next generation of malicious activity. A robust internet security solution should provide comprehensive coverage that extends beyond desktops and laptops, to protect mobile devices, IoT devices and other internet connection points. Furthermore, your personal network and devices need to be protecting during use when you are not at home.

Kaspersky

Top 7 Mobile Security Threats. Find out what's next in security threats to mobile devices, how to protect your devices & how to prevent these attacks.

The Internet of Things (IoT) is a network of connected devices, each with a unique identifier that automatically collects and exchanges data over a network.

IoT devices are used in multiple sectors and industries, including:

Consumer applications – IoT consumer products include smartphones, smart watches and smart homes, which control everything from air conditioning to door locks, all from a single device.
Business applications – Businesses use a wide range of IoT devices, including smart security cameras, trackers for vehicles, ships and goods, as well as sensors that capture data about industrial machinery.
Governmental applications – Governmental IoT applications include devices used to track wildlife, monitor traffic congestion and issue natural disaster alerts.

The number of IoT devices worldwide now numbers in the billions. Their increased presence in our daily lives has led to increased scrutiny of their inherent security issues, which we will be exploring here.

How Internet of Things devices are managed

To function as intended, IoT devices need to be managed both internally, (e.g., software maintenance) and externally (i.e., their communication with other devices).

This is accomplished by connecting every IoT device to a management unit, known as a command and control (C&C) center. Centers are responsible for software maintenance, configurations, firmware updates to patch bugs and vulnerabilities, as well as the provisioning and authentication of tasks, such as device enrollment.

Communication between devices is enabled via application program interface (API). Once a device’s manufacturer exposes its API, other devices or applications can use it to gather data and communicate. Some APIs even allow control over devices. For example, a building manager can use an API to remotely lock doors inside a specific office.

C&C centers and APIs effectively manage day-to-day IoT operations. That said, their centralized nature creates a number of exploitable weak spots, including:

Unpatched vulnerabilities – Connectivity issues or the need for end-users to manually download updates directly from a C&C center often result in devices running on outdated software, leaving them open to newly discovered security vulnerabilities.
Weak authentication – Manufacturers often release IoT devices (e.g., home routers) containing easily decipherable passwords, which might be left in place by vendors and end-users. When left open to remote access, these devices become easy prey for attackers running automated scripts for bulk exploitation.
Vulnerable APIs – As a gateway to a C&C center, APIs are commonly targeted by a variety of threats, including Man in the Middle (MITM), code injections (e.g., SQLI), and distributed denial of service (DDoS) assaults. More information about the implications of API-targeting attacks can be found here.

The dangers posed by exploitable devices can be broken into two categories: threats that they pose to their users and threats that they pose to others.

Threats to users

A compromised IoT device places its users at risk in a number of ways, such as:

Data Theft

An IoT device contains vast amounts of data, much of which is unique to its individual users, including online browsing/purchase records, credit card details and personal health information.

An improperly secured device leaves this data vulnerable to theft. What’s more, vulnerable devices can be used as gateways to other areas of the network they are deployed on, allowing for more sensitive data to be extracted.

Physical Harm

IoT devices are now commonplace in the medical industry, with examples including pacemakers, heart monitors and defibrillators. While convenient (e.g., a doctor can fine-tune a patient’s pacemaker remotely), these devices are also vulnerable to security threats.

An improperly secured device can be exploited to interfere with a patient’s medical care. It’s an exceedingly rare occurrence, albeit one to be considered when developing a strategy for securing IoT devices.

Threats to others

Insecure IoT devices are vulnerable to being hijacked and used in a botnet — a collection of malware-infected internet connected devices, possibly numbering in the millions, controlled from a remote location.

For perpetrators, discovering unprotected devices is not difficult and can be easily achieved by running widely available scripts or tools. This is best exemplified by the existence of Shodan, a publically available search engine made for the discovery of such devices.

As IoT devices have become more sophisticated, so have the threats that they pose. This has manifested itself in all manner of cyberattacks, including widespread spam and phishing campaigns, as well as DDoS attacks. The latter have been growing in size in recent years, mostly due to the increased availability of under protected IoT devices.

One prominent example of this trend occurred in 2016 when a public release of the Mirai malware prompted perpetrators to create massive IoT botnets and use them for DDoS assaults.

This lead to an unprecedented wave of attacks, the most notorious of which took down Dyn DNS services, cutting access to some of the most popular domains in the world including Etsy, GitHub, Netflix, Spotify and Twitter.

The malware itself was a relatively simple script that scanned open remote access ports and tried to gain access using a short list of commonly used login credentials (e.g., admin/admin).

Still, the lackluster IoT security measures made these simple tactics extremely successful. In the word of the alleged Mirai malware author, Anna-Senpai: “With Mirai, I usually pull max 380K bots from telnet alone.”

Internet of Things security management

The sheer volume of Internet of Things devices makes their security a high priority and is crucial for the future wellbeing of the internet ecosystem.

For device users, this means abiding by basic security best practices, such as changing default security passwords and blocking unnecessary remote access (e.g., when not required for a device’s functionality).

Vendors and device manufacturers, on the other hand, should take a broader approach and invest heavily in securing IoT management tools. Steps that should be taken include:

Proactively notifying users about devices running outdated software/OS versions.
Enforcing smart password management (e.g., mandatory default password changes).
Disabling remote access to a device, unless it’s necessary for core functions.
Introducing a strict access control policy for APIs.
Protecting C&C centers from compromise attempts and DDoS attacks.

Imperva cloud WAF helps IoT manufacturers protect their C&C centers by providing on-edge traffic filtering services that ensure only authorized and authenticated client requests are allowed to reach their APIs.

Combining industry-leading WAF services and DDoS mitigation solutions, Imperva cloud WAF is able to secure its users against all online threats and efficiently handle multi-versioning from different devices.

For added reliability, the service is also equipped with load balancing and failover features that help operators handle organic traffic spikes, such as the kind that can occur upon the release of a new firmware patch.