Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

7/10/2013
09:54 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Six Tips: How To Protect Yourself From Mobile Attacks

Eleven research team has compiled tips for Android users

Berlin, July 10, 2013 - Android is by far the most popular operating system for mobile devices such as smartphones or tablet PCs. But that status also means opportunities for cyber criminals: in 2012 alone, the amount of malware specifically targeting Android users jumped from 17,000 to more than 214,000 samples each month. And malware is no longer being smuggled into the system via app downloads only; mobile e-mail use also offers an easy target. One particularly popular trend is to send links via hacked e-mail accounts leading to seemingly secure mobile Web sites. These sites, though, automatically forward users to subpages that use invisible iframes to scan the precise version of the operating system being used, introduce updates, and enable long-term access to sensitive user data (these are so called multifunction Trojans).

The Eleven Research Team offers its six most basic tips for protecting users from such attacks:

1. Pay attention when downloading apps

App downloads continue to present one of the greatest risks for smartphone users. Despite countless precautionary measures, cyber criminals are able to plant dangerous and manipulated apps into the incalculable quantity of available apps time and again. Be sure to only download apps from official stores (Google Play for Android users) and from providers you know and trust whenever possible.

2. Install virus protection

Install an antivirus app! When making your choice, stick with well-known providers, such as those that also offer security solutions for computers. Be aware of the large number of fake security apps. Android malware is even often disguised as an antivirus app, as in the case of the recently discovered fake antivirus software called Android Fakedefender.

3. Keep apps up to date

Regularly updating apps is especially important to ensure protection against the latest threats. Many malware and virus attacks target well-known weak spots that are only fixed through updates. For that reason, make sure to always keep apps up to date.

4. Connect securely

One thing cyber criminals find particularly attractive is a key feature of mobile devices: a permanent Wi-Fi or mobile network connection. First, it makes the device perpetually available to hacking and other attacks; second, a bot infection makes it possible for spam and malware e-mails to be sent 24?7. A secure network connection is thus especially important - particularly for publicly accessible services, such as free Wi-Fi, which are particularly risky. Ensure that your cell phone's wireless interfaces are not on all the time and deactivate the Wi-Fi, Bluetooth, and infrared mode when not in use.

5. Use caution when banking online

Due to the sensitive data involved, it is extremely important to be careful when using online banking services. This is why many banks offer a two-tier security system in which authentication takes place via the browser and cell phone. The underlying idea behind the security concept is that it is unlikely that cyber criminals would be able to access your computer and cell phone at the same time. Keeping this fact in mind, be sure to never use the same device for both authentication processes.

6. Think carefully before clicking on email links

Email remains a significant method for trapping users and causing them to click on dangerous links. The problem is more severe on mobile devices where it is difficult to "mouse over" links to see if they are genuine. Cybercriminals use proven social engineering to make emails and even destination pages appear very genuine. When receiving an email (even from a friend), ask yourself whether the email was expected, and whether it seems genuine.

Eleven on Twitter: http://www.twitter.com/elevensecurity

Eleven - Integrated Message Security

Leading German e-mail security provider Eleven is a pioneer in the field of managed e-mail security and offers products and services for protecting e-mail infrastructures for companies, ISPs, and public institutions. The company, founded in 2001 and headquartered in Berlin, specializes in cloud-based managed e-mail security. In addition, Eleven also offers in-house software and white-label solutions as well as SDKs for OEM partners.

Eleven examines and filters over one billion e-mails every day. Globally, Eleven solutions protect over 45,000 companies. Eleven customers include Internet service providers such as 1&1, T-Online, Freenet, and O2 as well as renowned corporations and organizations such as Air Berlin, BMW, the Federal Association of German Banks, DATEV, the Free University Berlin, Porsche, RTL Television, SAP, and ThyssenKrupp. Eleven is part of the globally active Internet security provider Commtouch® (NASDAQ: CTCH). For more information, visit our website at: http://www.eleven.de.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17424
PUBLISHED: 2019-10-22
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
CVE-2019-16404
PUBLISHED: 2019-10-21
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
CVE-2019-17400
PUBLISHED: 2019-10-21
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
CVE-2019-17498
PUBLISHED: 2019-10-21
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a ...
CVE-2019-16969
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.