InfoGuard AG (Headquarter)
Lindenstrasse 10
6340 Baar
Switzerland
InfoGuard AG
Stauffacherstrasse 141
3014 Bern
Switzerland
InfoGuard Deutschland GmbH
Landsberger Straße 302
80687 Munich
Germany
How well is your phone protected against malware and stalkerware? Given that half your life is stored in it, there is a question mark over whether the protection is sufficient. And for good reason – many humorously refer to it as their “second memory”. And although it is generally assumed that smart people protect themselves, few truly protect their smartphones wisely. Find out how to avoid invisible dangers from the web and why regular updates are important.
In the field of mobile cybersecurity, there is no way around addressing the dangers that threaten our little portable companions. Last year, Apple patched 20 zero-day vulnerabilities and expects this trend to rise significantly. This development means that we as users need to remain vigilant.
Zero-day vulnerabilities are vulnerabilities in the software that the developer has not yet discovered and that attackers are targeting. Such vulnerabilities are insidious because they only come to light after a successful attack. It is simply too late for the victim of cybercrime if app manufacturers only develop updates once such events have occurred.
Zero-click exploits are particularly dangerous because they succeed even without interaction of the attacked users. The malicious codes find their way on to mobile devices unnoticed and are barely detectable.
Such vulnerabilities are a preferred target for espionage attacks against journalists, politicians and activists. This occurred for example during Operation “Triangulation” or the well-known spyware systems “Pegasus” and “Predator”.
Apps that process messages or voice calls are also popular gateways because they receive data from untrusted sources. Even basic zero-click attacks leave little trace and are difficult to identify.
Hidden threats often lurk in official app stores. Cybercriminals smuggle malicious apps into trusted stores and take advantage of the fact that users trust them almost unreservedly and hardly ever question the security of the downloaded apps.
The topic of app permissions also falls within the area of hidden threats. Most of us give apps access to our phones without hesitation, although it is worth considering which permissions are necessary, if any.
Some apps display hidden ads, others pretend to be an official app, while others still have security vulnerabilities and transmit malicious software such as malware or stalkerware.
Malicious apps can take various forms, posing a serious threat to smartphone security.
Here is a selection of the most common forms:
Be vigilant: also critically review apps you download from official app stores and think carefully about what permissions are actually necessary.
Regularly maintain apps and libraries on your smartphone. If you neglect to update the installed apps, you may be lulled into a false sense of security. Even applications and libraries that are functioning normally can open the door to attacks that have already been identified. This is particularly annoying in case of an incident as it could have been easily avoided via an update.
The security of your smartphone requires regular updates, critical thinking and attentiveness. Protect your so-called extended memory – your smartphone – from the invisible dangers of the digital world.
Protect your phone and implement the four measures listed below on a regular basis – starting today:
For businesses, our Cyber Defence Center offers a compromise assessment for mobile devices. We do this by checking your business smartphones once or at regular intervals for the following security vulnerabilities:
We also provide you with appropriate measures to minimise the risks of a digital threat and prepare you as best possible for an incident involving a compromised smartphone.
Are you interested in gaining a deeper insight into our security work? Then stay tuned, because the second part of this blog series is coming soon. Cyber-Defence specialists will be talking about working techniques, making security recommendations and presenting tools they use to keep our customers safe.
So sign up now for the automated blog updates and we’ll let you know as soon as the second part of this blog series is posted.