Unfortunately, one major type of device notably susceptible to cyberattacks is the mobile phone. Today, there are an estimated 4.61 billion cell phone users, an amount greater than half the human population. At this point in time in the Digital Age, cell phones, to many, provide the same services as home computers but with greater versatility.
Smartphones, in addition to making calls, have become essential devices for surfing the Internet, online shopping, and checking bank accounts, along with accessing many other services commonplace in daily life. Because of their varied use, smartphones possess the breadth of personal information that would generally only be available on personal computers.
At the same time, the portability of smartphones, while letting mobile users access their accounts for online services, can make it easier for attackers to access user information. Through exposure from connections to shared public networks, close proximity to others, and even the possibility of device theft, cellular phones are prone to data theft.
Smartphones share the many vulnerabilities as PCs, but they do not retain the same measurements taken to prevent viruses. In fact, many smartphone users do not even make use of the protection software and encryption provided with their devices. In the simplest sense, this includes a PIN-code needed to access the device, something that mobile phone users might choose to ignore to simplify and quicken their engagement with their phones.
Due to its vulnerabilities, attackers can take several avenues of approach in uncovering the data stored on a smartphone. Much like PCs, smartphones are susceptible to malware developed by third parties or sold on third-party app stores. In addition, since they, on average, connect to 10-100-times more networks than PCs do, smartphones are in constant contact with network threats, and an infected device can be used to infiltrate entire networks.
Smartphones are also vulnerable to phishing attacks, but in a way that utilizes the communication methods of cellular phones. For example, an attacker can send an SMS message to or just directly call a mobile phone to trick the user into installing malicious software or giving away sensitive information. Of course, if the phone is just stolen or misplaced by the owner, an attacker, if the phone is not encrypted, can access all of the information they want without making intricate efforts through phishing and malware.
An example of a mobile cybercrime utilizing these different approaches is the “man in the browser” attack, in which malware on PCs is used to infiltrate mobile phones in hybrid attacks on users’ banking accounts. According to John Shier, security advisor at Sophos, this involves a piece of malware dropped onto the user’s laptop being used to detect when the user is surfing their banking website. With this, the attacker intercepts the user’s banking credentials and puts up a warning message asking for an email or cell phone number. They then send the user a link, which, if clicked, allows the attacker to access practically anything on the user’s computer or phone.
The abundance of malware and phishing attacks on mobile phones is growing, and, in 2014 alone, there were over 1 billion records breached. This is incredibly alarming and awakens a clear necessity for greater measures to be taken by enterprises to safeguard smartphones. At the same time, there is a need for the individual phone users to enact the same care that they would use to operate their home computers. By making use of phone encryption and engaging software downloads and unsolicited messages with caution, smartphone users can save themselves a lot of trouble.