Access denied
A few years ago the possibility of a company or a personal device getting hacked and losing crucial data along with subsequent financial losses was what nightmares were made of. Now, it’s no longer just a nightmare, it is a reality.
Over the last couple of months there have been several reports of various Indian companies and banks falling prey to hackers.
An innocent click or a download by a consumer can set the ball rolling for a catastrophe and ruin loyalty that took years to build. In today’s time, it is crucial to protect your computers and mobile devices.
Yes, your smartphone can be hacked. The average millennial (aged 16-30 years) in India spends roughly 2.2 hours a day (or about 34 days of a year) on their mobile devices, says a report by global research consultancy firm TNS. Those hours spent transcend into hundreds of clicks, which initiates sharing of photos, sending messages, checking bank statements, shopping and browsing the web. Awareness is first step towards protection. The most common tactic used by hackers is malware.
Trojan horse
Though smartphones are deemed safer than the PCs, they can still be attacked with your unsuspecting cooperation. Pause a moment and think of all the data you give an app access to.
For instance, to put things in perspective, your most frequently used apps have access to your location, text messages, camera, hackers use social engineering to direct users to apps that have not met security standards of underlying operating systems (iOS or Android) and clickbaits lure them into downloading via promotion and a promise of something free – more bandwidth, premium content for free or ironically even improved phone security.
They identify and choose a popular app, insert a malicious code and usually push it out to people who are looking at free downloads.
Expert’s call it “Trojanizing” an application. The offer of a free download is always more enticing than its paid counterpart and many millennials would rather download a free app, even if it could be an illegal, potentially harmful version from an unknown app store, than pay for it.
Think of all the songs, movies and games downloaded via these sites, the danger that lurks below the surface, is often ignored or overlooked. Much like the wooden horse, ‘Trojan’, gifted by the Greeks to the unsuspecting city of Troy, and then used to enter and take over it
The present day Trojan can take control of your device, right under your nose. From corrupting files to deleting them, accessing extremely sensitive data and spreading malware through the network.
Another form of mobile device susceptibility comes from the usage of old encryption system present in most SIM cards today.
To exploit the weakness, the hacker only needs to send an SMS message created to produce error deliberately. As a result, the SIM card returns an error code comprising a 56-bit security key.
The key can then be used by the hacker to send a message to the device in order to activate the download of the malicious code, which is then programmed to perform several malicious procedures such as sending text messages and infiltrating the phone’s location.
Download with care
The case for mobile users to keep their device safe from threats is now bigger than ever, and is bound to be even more critical in the future. How can one protect themselves? For one, use devices that are not jailbroken or rooted. Download apps that are rated by other users and are well known. Do not click on short URLs unless you can see the full link and it is ‘https’ secure.
Moreover, don’t forget to set a strong password and change it. Finally, make sure that device software patches are kept updated. This step, along with installing a security software and taking care to download only from reliable sources should help reduce the risk of being affected by attacks.
Just like the real world, in the internet world, do not take turns into alleys when you are not sure of the road ahead. As the world comes closer to your fingertips, the underlying danger isn’t too far behind either.
The writer is Trusteer Leader, IBM, ISA
Please Email the Editor