Are Your Mobile Users Protected?
With the vast amount of corporate and personal data on smartphones and tablets today, mobile devices have quickly become attractive targets for cybercrime. As attacks increase year over year, how do you protect the security of mobile users on your network?
Keeping mobile users safe and networks secure are critical security challenges. According to industry research, the number of malware attacks on mobile devices nearly doubled in 2018, growing from 66 million in 2017 to over 116 million last year.
A recent vulnerability in Facebook’s WhatsApp, the popular messaging platform, enabled malware to be installed on iPhone and Android phones with the potential intent to tap calls made with the app. Facebook issued a patch and implemented fixes on its backend infrastructure to prevent compromising devices. Within hours, our team at Field Effect identified apps with vulnerable versions of WhatsApp as well as devices with vulnerable versions of iOS that could be potentially leveraged against WhatsApp.
Best practices will minimize your threat surface
Minimizing your threat surface is the first step toward safer devices and networks. When you consider the threat surface of a mobile device – all of the different entry points where an attacker could gain access to the device and apps, steal data, or even compromise a network – understanding the risks goes a long way toward building an effective defence.
Equally important is ensuring users on your network follow best practices to keep their smartphones, iPads, and other devices secure. Many best practices for endpoint protection also apply to mobile device protection, with a few additional considerations.
Our tips below touch on guidelines from The Department of Homeland Security’s Computer Emergency Response Team (CERT), and offer a good checklist for your users.
Remember physical security
- Keep your mobile device within safe reach. Don’t leave it unattended or make it easy for others to gain access.
- Be cautious about connecting your device, via USB cables, to unknown or untrusted devices for charging or doing data transfers. This is important as depending on configuration settings and existing operating system safeguards (e.g. USB Restricted Mode), others could gain access to your device. Recently, one of our customers reported unusual behavior on a corporate laptop and the following day, their phone was unexpectedly shutdown. Our first question was: “Did you plug the phone into your laptop?””
Keep software and hardware up-to-date
- Keep your device’s apps and operating system updated at all times. This is the best way to reduce the risk of vulnerabilities in apps and keep your device protected.
- Understand the lifecycle for your mobile device (e.g. how long you’ve owned the device, and the warranty and support terms). Devices often have limited life cycles, may have hardware flaws, or may no longer be supported by manufacturers. This is especially important for corporate IT as upgrading users’ mobile devices on a regular basis can reduce risk.
Use strong passwords
- Password policies can help users take greater responsibility for securing their devices and reduce risk to the network. Microsoft has provided a few tips on setting password policies.
- Password managers are also great tools for taking the pain out of remembering passwords, and again, ensuring the most secure passwords are being used.
Disable WiFi and Bluetooth
- WiFi, Bluetooth, NFC, and other remote connectivity services on mobile devices can introduce a potential entry point for attacks. It’s always best to disable these services until needed.
Protect data on devices with encryption
- Device encryption can prevent attackers from accessing data stored on devices by requiring the device to be powered on with proper user authentication.
- Device encryption is typically enforced by default on most devices. If this doesn’t exist, device encryption can be enforced through your MDM solution or manually implemented. Google offers a storage encryption solution, Adiantum, that includes entry-level Android smart phones, smart watches, and other connected devices.
Use public WiFi networks cautiously
- Unsecure WiFi connections can also be used to distribute malware. Rely on your mobile carrier network or another trusted network for any sensitive web browsing or accessing corporate networks. If you need to access public WiFi, confirm the connection details and never save, or automatically save, the connection details.
- Free public WiFi networks are convenient when you’re on the go, but they do not require any authentication for a connection to the Internet. That makes it easy for potential attackers to gain access to your device and data by positioning themselves between you and your connection point, accessing what you send or receive over the Internet.
Avoid risky or “free” apps
- Careful consideration should always be made prior to installing apps on any device. For example, free VPN applications, such as Hola! and others, have been known to leak user data and potentially use devices as infrastructure for other users of the service. Additionally, while iOS has sandbox mechanisms to prevent apps interfering with each other, Android does not have the same protections. A good rule of thumb is to remember that with “free” apps, “you” are the product.
Minimizing your threat surface is only part of the picture. To protect mobile users on your network, understanding what is normal and what could be the operations of an attacker are critical in spotting active threats as well as vulnerabilities. Through our Covalence threat detection and incident monitoring solution, we can help you strengthen your defence.
Do you have questions about an incident? Reach out to our experienced Field Effect team of analysts today at [email protected]