Why Your Smartphone is a Target to Cybercriminals
When most of us think about the security of our personal information, we tend to think about our computers. We’re used to seeing and hearing about antivirus solutions for our desktops and laptops. Even Mac users are becoming more aware of smart security practices as Apple computers become a growing target for malware developers. Unfortunately, most people do not realize that their smartphones, too, are not only vulnerable to attack but are being specifically targeted.
Cybercriminals in the underground are working on developing sophisticated malware targeting smartphones and are also searching for vendors who sell already-infected devices. Why? Well, for starters, infected smartphones offer a world of possibilities to attackers. Here are some of the reasons why.
Stealing login credentials through text message forwarding
One of the popular ways everyday smartphone users protect their online accounts (including anything from their email accounts to their bank accounts) is through two-factor authentication. With two-factor authentication enabled, they receive a text message containing a special code anytime they attempt to log into the account. In light of this, it shouldn’t come as any surprise that cybercriminals attempt to hijack a victim’s text messages so they can gain access to the victim’s crucial accounts.
There are two ways cybercriminals can get this done. First, they can perform “SIM swapping.” With this method, fraudsters actually hijack the victim’s entire phone line, “stealing” it from the victim’s SIM card and moving it to their own. But this attack method is rather sophisticated and only works in certain countries.
The more common way to hijack a victim’s text messages is to simply infect their smartphone with malware. One of the ways a cybercriminal can do so is by first infecting a victim’s desktop or laptop with malware. Then, an interesting scenario unfolds:
- The victim browses to an online account that has two-factor authentication enabled.
- The malware on his machine presents him with a pop-up asking that he send a text message to a specific phone number (which happens to be the fraudster’s) in order to get a link for downloading an app “for security measures.” The victim is assured that, without this app, he won’t be able to use the service or access his account.
- Unaware that the pop-up wasn’t generated by the legitimate site, the victim does as he’s told and then gets his smartphone infected with malware.
What does the malware on the victim’s smartphone does? It prevents specific text messages from even appearing on the victim’s device, instead forwarding them straight to the cybercriminal. These specific text messages are—surprise!—the ones containing two-factor authentication codes.
Sneakily dial hotlines from our phones to make cash
More common in countries such as China, some smartphone malware can be used to call premium numbers that charge a per-minute fee. These numbers are usually associated with services such as adult hotlines, fortune telling and more.
A fraudster can use this hack method to set up a premium number. He’ll then use malware to infect as many phones as possible, and have the infected phones dial his premium number, generating revenue for himself.
While premium phone number service providers are on the lookout for these types of illegal activities, the fact that the fraudulent calls come from countless devices (all which are infected by malware) makes this type of scam difficult to detect.
Hijacking our phones for sending spam
Another reason cybercriminals target smartphones is because they’re great for sending spam.
When you’re using a desktop or laptop, your machine has a unique IP address that represents the address of your device on the network. With this, it’s easy for your computer to be identified—and blocked—if service providers find that spam is being sent from it.
Unlike desktop and laptop devices, many cellular networks operate like a closed network, where multiple smartphones on the network appear as if they have the same IP address. The fact that multiple devices share a single IP address makes it more difficult to block just one from sending emails, for example, since this could potentially affect thousands of people. For cybercriminals, this presents an opportunity. Sending spam from smartphones instead of computers makes it less likely that the device will be flagged and the spamming operation stopped.
Stealing all of our personal information, straight out of our pockets
There’s a lot of information about us saved on our computers. But there’s a lot more information about us saved on our smartphones. From our exact location at any given moment to voice calls of people we are in contact with, having unlimited access to a victim’s phone proves very useful in tracking that person. With this, it’s no wonder that smartphones are targeted not only by cybercriminals (who are interested in using all that information for identity theft) but also by governments. Dissidents, political activists and major figures are targeted by security forces of oppressive regimes, and, because of this, their smartphones become a huge target. The same applies to foreign intelligence agencies that are interested in collecting information on these individuals.
These days, consumers should really be aware of the fact that, in many ways, their smartphones are bigger targets than their desktops and laptops. Necessary precautions, such as using mobile antivirus solutions to keep smartphones clear of malware, must be taken in order to ensure that our identities, privacy and sensitive information remain protected from cybercriminals.
Want to see more content like this? Subscribe to get a weekly roundup from BlogDOG.
The LogDog anti-hacking and privacy tool protects the most popular online account types including Gmail, Facebook, and Dropbox by detecting unusual access activity and alerting users so they can take control of their accounts before hackers do.
The service can be used across all devices and OS’s, so you’re always being protected. Here’s the Android and iOS links for you to check out