Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

7/10/2013
09:54 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Six Tips: How To Protect Yourself From Mobile Attacks

Eleven research team has compiled tips for Android users

Berlin, July 10, 2013 - Android is by far the most popular operating system for mobile devices such as smartphones or tablet PCs. But that status also means opportunities for cyber criminals: in 2012 alone, the amount of malware specifically targeting Android users jumped from 17,000 to more than 214,000 samples each month. And malware is no longer being smuggled into the system via app downloads only; mobile e-mail use also offers an easy target. One particularly popular trend is to send links via hacked e-mail accounts leading to seemingly secure mobile Web sites. These sites, though, automatically forward users to subpages that use invisible iframes to scan the precise version of the operating system being used, introduce updates, and enable long-term access to sensitive user data (these are so called multifunction Trojans).

The Eleven Research Team offers its six most basic tips for protecting users from such attacks:

1. Pay attention when downloading apps

App downloads continue to present one of the greatest risks for smartphone users. Despite countless precautionary measures, cyber criminals are able to plant dangerous and manipulated apps into the incalculable quantity of available apps time and again. Be sure to only download apps from official stores (Google Play for Android users) and from providers you know and trust whenever possible.

2. Install virus protection

Install an antivirus app! When making your choice, stick with well-known providers, such as those that also offer security solutions for computers. Be aware of the large number of fake security apps. Android malware is even often disguised as an antivirus app, as in the case of the recently discovered fake antivirus software called Android Fakedefender.

3. Keep apps up to date

Regularly updating apps is especially important to ensure protection against the latest threats. Many malware and virus attacks target well-known weak spots that are only fixed through updates. For that reason, make sure to always keep apps up to date.

4. Connect securely

One thing cyber criminals find particularly attractive is a key feature of mobile devices: a permanent Wi-Fi or mobile network connection. First, it makes the device perpetually available to hacking and other attacks; second, a bot infection makes it possible for spam and malware e-mails to be sent 24?7. A secure network connection is thus especially important - particularly for publicly accessible services, such as free Wi-Fi, which are particularly risky. Ensure that your cell phone's wireless interfaces are not on all the time and deactivate the Wi-Fi, Bluetooth, and infrared mode when not in use.

5. Use caution when banking online

Due to the sensitive data involved, it is extremely important to be careful when using online banking services. This is why many banks offer a two-tier security system in which authentication takes place via the browser and cell phone. The underlying idea behind the security concept is that it is unlikely that cyber criminals would be able to access your computer and cell phone at the same time. Keeping this fact in mind, be sure to never use the same device for both authentication processes.

6. Think carefully before clicking on email links

Email remains a significant method for trapping users and causing them to click on dangerous links. The problem is more severe on mobile devices where it is difficult to "mouse over" links to see if they are genuine. Cybercriminals use proven social engineering to make emails and even destination pages appear very genuine. When receiving an email (even from a friend), ask yourself whether the email was expected, and whether it seems genuine.

Eleven on Twitter: http://www.twitter.com/elevensecurity

Eleven - Integrated Message Security

Leading German e-mail security provider Eleven is a pioneer in the field of managed e-mail security and offers products and services for protecting e-mail infrastructures for companies, ISPs, and public institutions. The company, founded in 2001 and headquartered in Berlin, specializes in cloud-based managed e-mail security. In addition, Eleven also offers in-house software and white-label solutions as well as SDKs for OEM partners.

Eleven examines and filters over one billion e-mails every day. Globally, Eleven solutions protect over 45,000 companies. Eleven customers include Internet service providers such as 1&1, T-Online, Freenet, and O2 as well as renowned corporations and organizations such as Air Berlin, BMW, the Federal Association of German Banks, DATEV, the Free University Berlin, Porsche, RTL Television, SAP, and ThyssenKrupp. Eleven is part of the globally active Internet security provider Commtouch® (NASDAQ: CTCH). For more information, visit our website at: http://www.eleven.de.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark Reading,  8/21/2019
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7617
PUBLISHED: 2019-08-22
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.
CVE-2019-14751
PUBLISHED: 2019-08-22
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during extraction.
CVE-2019-9153
PUBLISHED: 2019-08-22
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
CVE-2019-9154
PUBLISHED: 2019-08-22
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.
CVE-2019-9155
PUBLISHED: 2019-08-22
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.