Smartphones are used more than PCs due to their practicality in handling and portability. These mobile devices are used for personal purposes such as taking pictures, social networking, banking transactions. Mobile smart phones are also used for business purposes. These phones are a delicate work tools containing confidential information: business contacts, financial information, personal information, etc. This has led to network attackers further expand their target areas, and also include direct attacks to the mobile devices.
Smartphones are attacked exploiting their vulnerabilities that are from SMS, MMS, Wi-fi networks and GSM communication networks, their operating systems or even by the ignorance of average users about these topics. The main purposes of the mobile threats are to interrupt the correct operating of the device, transmission or modifications of user data, send spam messages, etc.
The attackers have three primordial objectives:
- the data, just like credit card numbers, authentication data, private data, calendars, contact list and other sensitive information;
- the identity, each smartphone is customized and in consequence is associated with a specific person, and if the attacker intercepts the related information with the owner of the device can steal his identity to commit some fraudulent act;
- the availability, it consist on limit or deny the user access to his own device.
From accessing the microphone, camera, and location of a user’s device, to building convincing app clones — there are many strategies hackers employ to gain access to, and exploit, personal information of unsuspecting mobile app users.
Application-based threats happen when people download apps that look legit but actually skim data from their device. These may look fine on a download site but be specifically designed to commit fraud, or could be designed for normal use but containing unintended security vulnerabilities.
- Malware: Is a software (in this case an app) that performs malicious actions while installed on your smartphone, that attempt to make changes on your phone bill, send malicious messages to your contact list, or given to the attacker control over your mobile smartphone device without your knowledge.
- Spyware: Software designed to collect or use private data without the knowledge or approval of the user. The common data targeted by the spywares includes phone call histories, text messages, contact list, browser history, user location, private photo and all the information that could be useful for the attacker to commit a financial fraud or an identity theft.
- Privacy Threats: This can be caused for apps that are not properly malicious but use sensitive information as location, contact list, personal information that is necessary to perform their function.
- Vulnerable applications: They are not as malicious as other apps, but contain flaws which can be exploited for malicious purposes (download apps without our permission, access to sensibility information, perform undesirable actions, etc.)
For this kind of threats, one popular trick is to create a mobile app that looks like a more popular program, and bundle that fake app with malicious software. Android devices in particular, offer many options for apps download and installations, and can opt to install third-party apps that could be malicious. So, we have to be very careful about the apps that we are downloading, to make sure that all are genuine. Some info that could be helpful for us is to check the number of users that have downloaded the mobile app, the positive comments that it has, written description, and a link to the developer’s website.