Which are the main threats? The first is obviously losing your device or having it stolen.
The second is malware: through ad traffic, mobile ransomware, your personal data or credentials can be stolen. Verac said Android phones are more likely to be subject to these attacks, but no phone is completely safe. He said that the most popular targets were game apps, particularly Pokemon Go and Super Mario Run.
The third threat is traffic interception. So-called man-in-the-middle attacks mostly target wifi connectivity. They are easy to set up and generally successful due to a lack of user awareness. These are likely to happen and less as more people switch to 4G and use wifi hot spots less often.
Here is one way such attacks work: a screen pops up that says: “cannot verify server connectivity”, the person clicks “continue” and the hackers have the phone’s data.
Another way to expose a mobile phone to security risks is the so-called complex patch management. This often happens if the phone is not updated and the fragmentation of the operating system.
Finally, phishing and smishing (short for SMS phishing) is a security attack in which the user is tricked into downloading a Trojan horse, virus or other malware onto their mobile. These often reproduce the exact same screen of an app and if the user clicks on it, the download of personal data starts without the user noticing anything because nothing actually changed on the phone. The screen then turns automatically to the app the user originally wanted to see.
Verac had one main suggestion for users: to educate themselves and be aware that smishing, traffic interception and malware can also attack mobile devices. He also had suggestions for app creators: monitor execution environment and manage operating system vulnerability.