Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

7/10/2013
09:54 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Six Tips: How To Protect Yourself From Mobile Attacks

Eleven research team has compiled tips for Android users

Berlin, July 10, 2013 - Android is by far the most popular operating system for mobile devices such as smartphones or tablet PCs. But that status also means opportunities for cyber criminals: in 2012 alone, the amount of malware specifically targeting Android users jumped from 17,000 to more than 214,000 samples each month. And malware is no longer being smuggled into the system via app downloads only; mobile e-mail use also offers an easy target. One particularly popular trend is to send links via hacked e-mail accounts leading to seemingly secure mobile Web sites. These sites, though, automatically forward users to subpages that use invisible iframes to scan the precise version of the operating system being used, introduce updates, and enable long-term access to sensitive user data (these are so called multifunction Trojans).

The Eleven Research Team offers its six most basic tips for protecting users from such attacks:

1. Pay attention when downloading apps

App downloads continue to present one of the greatest risks for smartphone users. Despite countless precautionary measures, cyber criminals are able to plant dangerous and manipulated apps into the incalculable quantity of available apps time and again. Be sure to only download apps from official stores (Google Play for Android users) and from providers you know and trust whenever possible.

2. Install virus protection

Install an antivirus app! When making your choice, stick with well-known providers, such as those that also offer security solutions for computers. Be aware of the large number of fake security apps. Android malware is even often disguised as an antivirus app, as in the case of the recently discovered fake antivirus software called Android Fakedefender.

3. Keep apps up to date

Regularly updating apps is especially important to ensure protection against the latest threats. Many malware and virus attacks target well-known weak spots that are only fixed through updates. For that reason, make sure to always keep apps up to date.

4. Connect securely

One thing cyber criminals find particularly attractive is a key feature of mobile devices: a permanent Wi-Fi or mobile network connection. First, it makes the device perpetually available to hacking and other attacks; second, a bot infection makes it possible for spam and malware e-mails to be sent 24?7. A secure network connection is thus especially important - particularly for publicly accessible services, such as free Wi-Fi, which are particularly risky. Ensure that your cell phone's wireless interfaces are not on all the time and deactivate the Wi-Fi, Bluetooth, and infrared mode when not in use.

5. Use caution when banking online

Due to the sensitive data involved, it is extremely important to be careful when using online banking services. This is why many banks offer a two-tier security system in which authentication takes place via the browser and cell phone. The underlying idea behind the security concept is that it is unlikely that cyber criminals would be able to access your computer and cell phone at the same time. Keeping this fact in mind, be sure to never use the same device for both authentication processes.

6. Think carefully before clicking on email links

Email remains a significant method for trapping users and causing them to click on dangerous links. The problem is more severe on mobile devices where it is difficult to "mouse over" links to see if they are genuine. Cybercriminals use proven social engineering to make emails and even destination pages appear very genuine. When receiving an email (even from a friend), ask yourself whether the email was expected, and whether it seems genuine.

Eleven on Twitter: http://www.twitter.com/elevensecurity

Eleven - Integrated Message Security

Leading German e-mail security provider Eleven is a pioneer in the field of managed e-mail security and offers products and services for protecting e-mail infrastructures for companies, ISPs, and public institutions. The company, founded in 2001 and headquartered in Berlin, specializes in cloud-based managed e-mail security. In addition, Eleven also offers in-house software and white-label solutions as well as SDKs for OEM partners.

Eleven examines and filters over one billion e-mails every day. Globally, Eleven solutions protect over 45,000 companies. Eleven customers include Internet service providers such as 1&1, T-Online, Freenet, and O2 as well as renowned corporations and organizations such as Air Berlin, BMW, the Federal Association of German Banks, DATEV, the Free University Berlin, Porsche, RTL Television, SAP, and ThyssenKrupp. Eleven is part of the globally active Internet security provider Commtouch® (NASDAQ: CTCH). For more information, visit our website at: http://www.eleven.de.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.