Paperjam.lu

An iPhone with a cracked screen in a photo taken on 11 January 2014 by Faris Algosaibi (CC BY 2.0) 

Cybercrime is just as common and will likely increase over the next years, as people are more likely to store personal data on their phone, attendees at a conference in Luxembourg heard this week.

Maxime Verac, a cyber security consultant at Deloitte, presented the most common security flaws at the consulting firm’s forum on “Mobile innovation--from predictions to reality”, held Tuesday 31 January.

Which are the main threats? The first is obviously losing your device or having it stolen.

The second is malware: through ad traffic, mobile ransomware, your personal data or credentials can be stolen. Verac said Android phones are more likely to be subject to these attacks, but no phone is completely safe. He said that the most popular targets were game apps, particularly Pokemon Go and Super Mario Run.

Man-in-the-middle attacks

The third threat is traffic interception. So-called man-in-the-middle attacks mostly target wifi connectivity. They are easy to set up and generally successful due to a lack of user awareness. These are likely to happen and less as more people switch to 4G and use wifi hot spots less often.

Here is one way such attacks work: a screen pops up that says: “cannot verify server connectivity”, the person clicks “continue” and the hackers have the phone’s data.

Another way to expose a mobile phone to security risks is the so-called complex patch management. This often happens if the phone is not updated and the fragmentation of the operating system.

Smishing

Finally, phishing and smishing (short for SMS phishing) is a security attack in which the user is tricked into downloading a Trojan horse, virus or other malware onto their mobile. These often reproduce the exact same screen of an app and if the user clicks on it, the download of personal data starts without the user noticing anything because nothing actually changed on the phone. The screen then turns automatically to the app the user originally wanted to see.

Verac had one main suggestion for users: to educate themselves and be aware that smishing, traffic interception and malware can also attack mobile devices. He also had suggestions for app creators: monitor execution environment and manage operating system vulnerability.