Cyber criminals turning gaze towards mobile phones as surge in usage during lockdown

The country’s national cyber security agency has cautioned against threats to personal mobile phones from “spyware and ransomware” due to an increased usage of these Internet-enabled devices in the wake of restrictions on physical movement to contain the COVID-19 pandemic.

The Computer Emergency Response Team of India (CERT-In), the federal agency to combat cyber attacks to guard the Indian cyber space, has issued a fresh advisory with over a dozen suggestions to keep personal mobile phones healthy and secure.

“The current global health situation has seen changes to the way people accomplish their regular job, with an increasing number working from home instead of office. Cyber criminals are attempting to take advantage of the COVID-19 pandemic and are now turning their attention to mobile devices to spread malware, including spyware and ransomware,” the agency said.

Mobile devices and apps (applications) must be appropriately secured to prevent sensitive data from being lost or compromised, to reduce the risk of spreading viruses, and to mitigate other forms of abuse.

A spyware steals sensitive personal data of a user while a ransomware takes control over login and other vital credentials of an individual and only releases them after money is paid to it through dubious online transactions.

The agency suggested certain counter-measures and healthy practices:

OS and apps update

Mobile operating systems like Apple’s iOS, Google’s Android platform and Microsoft’s Windows phone provide regular updates to users that resolve security vulnerabilities and other mobile security threats, as well as provide additional security and performance options and features to users, it said.

The advisory also recommends keeping app software up to date.

Apps with out-of-date software may be at risk of exploitation of known vulnerabilities. Protect your mobile device from malware by installing app updates as they are released.

Also, delete apps you don’t use. For example, if you downloaded an app to help you plan a holiday and you don’t need it anymore, get rid of it. That way you don’t need to worry about updating it, it said.

Installing Apps

Reduce the risk of downloading potentially harmful apps by limiting your download sources to official app stores, such as your device’s manufacturer or operating system app store.

Do not download from unknown sources or install untrusted enterprise certificates. Apps that are available from 3rd party sellers may not be legitimate and could contain malwares, it said.

The agency had a special mention about social media apps like Twitter and FaceBook which are popular among users.

Be cautious with signing into apps with social network accounts. Some apps are integrated with social network sites—in these cases, the app can collect information from your social network account and vice versa, it said.

Ensure you are comfortable with this type of information sharing before you sign into an app via your social network account.

Phishing scams:

Watch out for scams and phishing attempts on your phone, either by SMS or email. Be cautious about clicking on links or opening e-mail attachments from untrusted sources, as they may be from a fraudulent source masquerading as a friend or legitimate company, it said.

Passwords

Many apps request users to save the password in order to prevent them from repeatedly entering the login credentials. This is an unsafe practice, in an event of mobile theft, these passwords can be harvested to gain access to personal information, it said.

Wi-Fi networks

Public Wi-Fi networks present an opportunity for attackers to intercept sensitive information. When using a public or unsecured wireless connection, avoid using apps and websites that require personal information like a username and password. Additionally, turn off the Bluetooth setting on your devices when not in use.

Avoid jailbreaking or tampering with mobile device factory security settings as it makes the phone more susceptible to attacks, the advisory added.

Also, be cautious while charging your phone and avoid connecting it to any computer or charging station that you do not control, such as a charging station at an airport terminal or a shared computer at a library.

“Connecting a mobile device to a computer using a USB cable can allow software running on that computer to interact with the phone in ways you may not anticipate,” it cautioned.

It reiterated the regular advise of keeping the phone locked and using multi-factor authentication for opening up the device and important apps.

―Deccan Herald