Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

7/10/2013
09:54 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Six Tips: How To Protect Yourself From Mobile Attacks

Eleven research team has compiled tips for Android users

Berlin, July 10, 2013 - Android is by far the most popular operating system for mobile devices such as smartphones or tablet PCs. But that status also means opportunities for cyber criminals: in 2012 alone, the amount of malware specifically targeting Android users jumped from 17,000 to more than 214,000 samples each month. And malware is no longer being smuggled into the system via app downloads only; mobile e-mail use also offers an easy target. One particularly popular trend is to send links via hacked e-mail accounts leading to seemingly secure mobile Web sites. These sites, though, automatically forward users to subpages that use invisible iframes to scan the precise version of the operating system being used, introduce updates, and enable long-term access to sensitive user data (these are so called multifunction Trojans).

The Eleven Research Team offers its six most basic tips for protecting users from such attacks:

1. Pay attention when downloading apps

App downloads continue to present one of the greatest risks for smartphone users. Despite countless precautionary measures, cyber criminals are able to plant dangerous and manipulated apps into the incalculable quantity of available apps time and again. Be sure to only download apps from official stores (Google Play for Android users) and from providers you know and trust whenever possible.

2. Install virus protection

Install an antivirus app! When making your choice, stick with well-known providers, such as those that also offer security solutions for computers. Be aware of the large number of fake security apps. Android malware is even often disguised as an antivirus app, as in the case of the recently discovered fake antivirus software called Android Fakedefender.

3. Keep apps up to date

Regularly updating apps is especially important to ensure protection against the latest threats. Many malware and virus attacks target well-known weak spots that are only fixed through updates. For that reason, make sure to always keep apps up to date.

4. Connect securely

One thing cyber criminals find particularly attractive is a key feature of mobile devices: a permanent Wi-Fi or mobile network connection. First, it makes the device perpetually available to hacking and other attacks; second, a bot infection makes it possible for spam and malware e-mails to be sent 24?7. A secure network connection is thus especially important - particularly for publicly accessible services, such as free Wi-Fi, which are particularly risky. Ensure that your cell phone's wireless interfaces are not on all the time and deactivate the Wi-Fi, Bluetooth, and infrared mode when not in use.

5. Use caution when banking online

Due to the sensitive data involved, it is extremely important to be careful when using online banking services. This is why many banks offer a two-tier security system in which authentication takes place via the browser and cell phone. The underlying idea behind the security concept is that it is unlikely that cyber criminals would be able to access your computer and cell phone at the same time. Keeping this fact in mind, be sure to never use the same device for both authentication processes.

6. Think carefully before clicking on email links

Email remains a significant method for trapping users and causing them to click on dangerous links. The problem is more severe on mobile devices where it is difficult to "mouse over" links to see if they are genuine. Cybercriminals use proven social engineering to make emails and even destination pages appear very genuine. When receiving an email (even from a friend), ask yourself whether the email was expected, and whether it seems genuine.

Eleven on Twitter: http://www.twitter.com/elevensecurity

Eleven - Integrated Message Security

Leading German e-mail security provider Eleven is a pioneer in the field of managed e-mail security and offers products and services for protecting e-mail infrastructures for companies, ISPs, and public institutions. The company, founded in 2001 and headquartered in Berlin, specializes in cloud-based managed e-mail security. In addition, Eleven also offers in-house software and white-label solutions as well as SDKs for OEM partners.

Eleven examines and filters over one billion e-mails every day. Globally, Eleven solutions protect over 45,000 companies. Eleven customers include Internet service providers such as 1&1, T-Online, Freenet, and O2 as well as renowned corporations and organizations such as Air Berlin, BMW, the Federal Association of German Banks, DATEV, the Free University Berlin, Porsche, RTL Television, SAP, and ThyssenKrupp. Eleven is part of the globally active Internet security provider Commtouch® (NASDAQ: CTCH). For more information, visit our website at: http://www.eleven.de.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.