Mobile phones are an extension of who we are. We carry them with us everywhere, often they never leave our hand. They hold so much of our lives within them and we would be utterly lost without them. We use them for more than communication, but also shopping, banking, even authentication for other systems. Have you ever stopped to think about what may happen if someone got full access to your mobile lifeline?
These devices are so easily lost or stolen. The BBC recently admitted to losing over 170 devices in the last two years, including a large number to theft. Having mobile devices that are encrypted helps to minimise the risk of a GDPR breach and secure your data, and it is often included as a setting on most operating systems. Smartphones are often as advanced as many PCs and can be targeted in much the same way. Mobile attacks usually involve downloading malware onto a smartphone that then monitors your calls, messages, and many other activities. The malware then forwards this valuable information on to the bad guys.
Recently, a new technique to escape detection has been used in a malicious campaign targeting smartphones. The malware, dubbed JuiceChecker-3PC, was able to bypass scanning and has been seen in millions of page views over the last few weeks. The malware was posing as a legitimate ad for one of the largest department store retailers in the US. When the device met certain conditions, it triggered a redirect, in which the user was delivered to a malicious site. Most blockers and conventional scanning techniques continue to let the malware pass through and impact millions of site and mobile app users.
Unlike computer networks, for which you can buy network firewalls etc., your phone is largely controlled by others. You are at the mercy of the company that makes your phone, the company that provides your service, and the communications protocols developed when none of this was a problem. If one of those companies doesn't want to bother with security, then you're vulnerable.