Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be.
Consider the recent discovery by Oversecured, a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem? Well, the Google app uses code that does not come integrated with the app itself. Okay, this might sound confusing, but it all works in favor of optimizing certain processes. Thus, Google exploits code libraries pre-installed on Android phones to reduce their download size. In fact, many Android apps use this trick to optimize the storage space needed to run.
As revealed by Oversecured, perpetrators could compromise this retrieval of code from libraries. Instead of Google obtaining code from a reliable source, it could be tricked into taking code from malicious apps operating on the device in question. Thus, the malicious app could gain the same permissions as Google. And the latter giant typically gets access to your email, search history, call history, contacts, and more.
The scariest part: everything can happen without your knowledge. Let’s discuss other spooky threats currently daunting mobile devices.
Top Mobile Security Threats
When you download a new app on your smartphone and launch it, you must pay attention to the pop screen that appears. It is a permission popup, the request of providing a few permissions to the app. Sadly, granting extensive permissions to dangerous apps can have severe consequences. Hackers can hack the database where all this information is stored, and all your data can be leaked.
But, with some recent development in Android 11 and IOS 14, users can deny unnecessary permission requests or even grant them for one time only. Never give apps all the permissions, see what permission they need to run, and grant only those.
Therefore, it is crucial to protect the device by not using any public Wi-Fi hotspot. Remember, never get lured by a “Free Wi-Fi” hung hanged in any coffee shop, restaurant, or hotel.
Spyware Pretending to be an Update
Bug fixes, longevity, and overall safety boost are the three main reasons why you should always update your OS. However, there are cases when you must fight this instinct. If you find a random application called System Update, be wary of its true nature. As reported, this malicious Android threat pretends to be a system update. Sadly, its true intentions are much more sinister. Once installed (outside Google Play, which is already a dangerous practice), the app starts stealing victims’ data. How? Well, it connects to the perpetrators’ Firebase server, the tool used to take remote control of the infected device.
What can this spyware steal? Basically, anything. Your messages, contacts, browser bookmarks, and more are up for grabs. An even more frightening reality is that it can record phone calls, monitor your location, and steal photos.
Malware via SMS Messages
We all know the feeling of receiving bizarre SMS messages. But sometimes, such attempts are nothing but social engineering scams. A recently discovered TangleBot is one of the recent examples, stepping into the mobile threat landscape.
Apparently, the malware gets distributed via fake messages sent to users across the US and Canada. Mostly, they provide certain COVID-19 information and urge recipients to click on embedded links. If users click on the link, they are led into a website urging them to install an Adobe Flash update. If you decide to install it, TangleBot proudly enters your system. What can it do? Many things, from stealing data and taking control over certain apps.
How to Defend Your Device?
- Use updated operating systems. Use only the latest operating systems like Android 11 and 12, as they have the newest security codes. However, install updates from reliable sources only. A random app floating online is not the right choice to keep your device up to date.
- Firewalls. Always have a firewall securing your device. It works like a regular firewall. When your mobile device sends a request to a network, the firewall forwards a verification request to the network. Additionally, it contacts the database to verify the device.
- Be careful on app stores. Even if you trust Google Play Store, do not install every app available. It is a known fact that many applications available are far from reliable. For instance, you could accidentally download cryptocurrency mining malware, banking Trojans, or intrusive adware.
- Use a VPN. If you are in a position where you cannot avoid the use of public Wi-Fi, you need to download VPN apps. They will hide all your activities from hackers lurking on the network, and it will protect your sensitive information.
- Do not jailbreak your device. iPhones can be somewhat restrictive. Thus, many might consider jailbreaking them to get the opportunity to customize their devices. However, a jailbroken smartphone is more vulnerable; you will likely lose your warranty and struggle to install the necessary updates.
The mobile threats are evolving with time, and they will keep on improving further as well. But that’s not what we have to care about. The only thing that needs our concern is our security and privacy. Therefore, one must take all the precautionary measures to evade potential danger.
[출처 : TheHackerNews / 6.28.]