By: Brian Egenrieder, CRO, SyncDog
Each year mobile security threats get more complex. At the beginning of 2020 we detailed seven mobile security threats to be aware of — social engineering, public wi-fi networks, OS vulnerabilities, apps, human error, SMS and voice, and data loss. Now that the year is more than halfway through, we’re taking a look at the biggest mobile security incidents that have made headlines thus far.
Ongoing COVID-19 Themed Attacks
Straight out of the gate, the world was introduced to an ongoing, unprecedented situation — a global health pandemic. The COVID-19 pandemic created a new theme for cybercriminals to tout when attacking businesses, taking advantage as people swiftly and insecurely transitioned from office environments to working from home.
Specific tactics included, and continue to include, preying on peoples’ fears and desire to access the latest information about how to stay safe. Examples of how these attacks were executed were phishing and malware emails with COVID-19 related subject lines. Victims of COVID-19 cyberattacks also opened malicious SMS links claiming to be reminders about getting financial assistance from the government.
Android ‘Joker’ Malware
A malware family referred to as ‘Joker’ was reintroduced to Google Play, skirting around review filters. The apps identified as containing Joker ranged from memory training games to phone wallpaper. This malware is used for “large-scale billing fraud” as it signs mobile users up for premium services. Using Android’s ‘Notification Listener’ the malware prevents any registration notifications from going live, including through SMS.
iOS Zero-Day Vulnerabilities
In May 2020, a group called Unc0ver released a jailbreak tool for iOS 11 through 13.5. It was claimed that the innate Apple sandbox security wasn’t disrupted by the jailbreak, yet this was considered the first iOS zero-day vulnerability exposed in several years. Perhaps more troublesome for Apple than the security issue was the fact that their brand reputation for being the most secure operating system began dwindling quickly — especially considering this zero-day vulnerability came on the heels of a Mail app flaw in April that left it vulnerable to hackers.
A renewed wave of mainstream attention was brought to the video sharing app TikTok as a result of its growing popularity among young adults and the United States government’s concern over its Chinese ownership and data collection practices. Back in January we explored the TikTok vulnerability that allowed hackers to use SMS to control accounts, and its impact on mobile device users. Since then, businesses and organizations have gone so far as to ban the app from employee devices that handle corporate data.
Taking a look at the above incidents, it’s evident that businesses who operate with a BYOD policy need to take into consideration the types of apps employees download, the links they click in emails and texts and the device they choose to use. These three factors add a great deal of complexity to the successful security monitoring and management of devices used for corporate activities. Fortunately, SyncDog developed a containerized application solution, Secure.Systems, that meets the needs of corporate mobile security without hindering employees’ productivity or encroaching on their personal data privacy and phone usage. Check out Secure.Systems latest integrations and partnerships.