When we over-emphasize on anti-virus or other preventive security applications for our desktops and laptops, we do not apply the same approach to our mobile devices even when we access our e-mails, bank accounts, social and professional networking sites more on our mobile devices than our desktop or laptop.
How your mobile devices get compromised?
There are spywares that can potentially be installed on Smartphone and tablets with ease by few minutes of physical access though it can be done by remote access also if you click a malafide link sent to you if you have decided to ‘jailbreak’ your mobile device which means that you are able to download free applications outside the official ‘store’ of your mobile device’s operating system. The compromised mobile device then gives absolute access to the hacker to remotely view and track almost everything on your mobile device including your current location, e-mails, text, photos, messages sent via any messenger application, call registers and even it may contain a key logger that records key strokes of what you type on your device.
How it harms you?
If the hacker has installed a key logger on your Smartphone and you access your bank account either using an application or visiting the webpage of the bank, the key logger may record each key stroke and instantly share it with the hacker who at his or her convenience may access your bank account using the stolen credentials. Even the credentials of your social networking applications can be stolen in the same manner. Imagine someone else having your social professional networking site credentials and playing havoc on your social networking accounts. A compromised Smartphone can also be turned into a listening or recording device, it can automatically turn the speaker on and the hacker can listen to your conversation or even video record everything on a real-time basis using either front or rear camera as needed.
What precautions shall you take?
The biggest mistake you would probably make is to ‘jailbreak’ the operating system of your Smartphone for installing some interesting free applications which cannot be downloaded using official channel of the operating systems e.g. ios, windows, or android. Please remember – “when something is free, you are not the customer, you are the product.” In fact, nothing comes for free in this highly commercialised world. There are always strings attached to it. You should be aware that the formal download from your operating system store is pre-scanned for any hidden code or bugs to protect you. If you wish to ‘jailbreak’ this sensitive control mechanism, you chose to expose yourself to the evils and devils of cyber world. Which you may regret later. “It’s better to be cynical than vulnerable.” Though this may sound rude to suggest but I would strongly recommend that you never leave your mobile device with anybody away from your supervision. A typical spyware takes just few minutes to install on your mobile device for which one may need physical access to your unlocked device.Such spyware would be invisible to you. Always ensure that your phone’s location services are off when you are not using any mapping application. Make sure which application have access to your speaker and camera and turn them off when you are not using them.
It is advisable to keep away your mobile devices when you discuss highly confidential business strategies which, if disclosed, may severely impact your organisation because you may never know if the device has been compromised by hackers acting on behalf of others including competitors who may be interested to know your next move. If your mobile device suddenly starts draining your battery fast, or its speed slows down, it may be an indicator that it may have been compromised.
You may also develop a habit of switching off cellular data on the move when you are not using internet unless you need to check your official e-mails every moment. A compromised mobile device cannot transmit anything to the hacker without an active internet connection.
Last but not the least, installing anti spyware on your mobile device may also justify the cost incurred when a compromised device poses the risk of serious impact on your financial, social and professional life. Getting your mobile devices completely formatted (or resetting to company default settings) after taking a backup at periodic intervals to get rid of any unknown spyware may also be a good decision. Stay alert, stay safe.
About the Author
C.A. Mubeen Khan (FCA, CIA, CISA, and DISA) is the Chairman of the Muscat Chapter of The Institute of Chartered Accountants of India and Vice President of IIA Oman. He specialises in Governance, Risk, Compliance, Internal Controls and Anti-Fraud domain. He speaks at the Muscat Chapter of ICAI, IIA, and ISACA on these topics. The views expressed herein are purely professional opinion of the author and may not necessarily represent the views of his employer or professional bodies which he represents.