Growing mobile spyware threats require cybersecurity vigilance
Mobile spyware, like that used in the recent WhatsApp attack, is a growing cybersecurity risk. An especially insidious form of malware, mobile spyware gives cyber attackers access to your calls, texts, emails, and other data. Though difficult to detect, here are a few signs to look for and precautions you should take. Be vigilant!
Mobile spyware threats on the rise
Mobile spyware is a form of malware. As with any kind of malware, it is designed to gain unauthorised access to your device. In recent years, it has become one of the top threats to cybersecurity.
With mobile devise use only continuing to increase – experts predict roughly six billion smartphone users worldwide by 2020 – mobile malware threats like spyware are expected to continue to rise as well.
To give you an idea of just how big this threat is:
- Cambridge University predicts 87 percent of all Android smartphones will be exposed to at least one critical vulnerability, including spyware.
- Zimperium Labs has found that 95 percent of Android devices could be hacked via text message.
- Kaspersky Lab reports that the functionality of Skygofree spyware, again used to target Android devices, is steadily increasing, allowing it to do everything from record calls via the microphone and steal WhatsApp messages, to connecting devices to Wi-Fi networks controlled by cybercriminals.
- Appknox has reported that roughly 40 of the top 50 Android mobile shopping apps are vulnerable to hacking.
- iPhone users are not immune. Just last month, Apple removed from its app store another in a string of malicious app intended to spy on mobile devices.
How mobile spyware works
Cybercriminals install spyware on mobile devices through the following means:
- Compromised apps used to transfer malware to users’ devices
- Malicious apps downloaded from illegitimate (i.e. non-official) websites
- Phishing links sent via email or message
- Dedicated spying apps which can be installed if someone has direct access to your phone
Once installed, the spyware allows hackers to:
- Record calls and access call logs
- Access and monitor text messages
- Access Internet browsing history and monitor social media activity
- Remotely control your phone – start and pause apps, lock and unlock the phone, wipe data from the phone
- View all apps installed on your phone
- Access your GPS information
- Access email
- Access any and all files stored on your phone
Cybersecurity failure compromises WhatsApp users
To illustrate how serious a problem mobile spyware is, look no further than the recent WhatsApp hack.
In mid-May it was discovered that hackers exploited a security flaw in the popular messaging app, allowing them to install spyware onto both iPhones and Android phones. By installing malicious code onto users’ devices, attackers could hijack their phones, enabling them to monitor and record information.
The spyware was used to record phone calls, text messages, and other sensitive information including GPS locations, contacts, and email. Users had no idea their conversations were being recorded, texts were being read, and other information was being made available to a third party.
As a result of the attack, WhatsApp’s reputation was immediately jeopardised. WhatsApp has built its reputation on end-to-end encryption, which means that data is scrambled in transit, understandable only to the parties sending and receiving it. But, in the wake of the May attack, critics questioned WhatsApp’s lack of privacy and security safeguards.
Spyware detection and prevention methods
- Noticeable battery life decrease may indicate you’ve been hacked
- Sluggish performance – freezing, crashing – could mean malware is overloading your phone’s resources
- High data usage could mean malware or a spy app is running in the background
- Suspicious outgoing calls or text may indicate malware is forcing your phone to call premium-rate numbers
- Mysterious pop-ups are likely an attempt to drive revenue through clicks
- Unusual activity – password resets you didn’t authorise, emails marked read you don’t recall reading – could indicate you’re at risk of identity fraud
- Reset your phone to factory settings
- Put a passcode on your phone in case it ends up in the hands of a hacker
- Disable any feature that allows installation from unknown sources
- Enable “verify apps” or similar feature which scans apps for malware
- Run the latest operating system
- Only download apps from a legitimate app store, as opposed to “side loading” them
- Delete all apps that you don’t use
- Backup your phone. If you’re targeted, you can reload from backups but a warning: you may end up reloading the spyware along with everything else. For this reason, only reload data and just reinstall apps directly from an app store.
Make cybersecurity your top priority!
Once upon a time you didn't have to worry about viruses on your phone, but that hasn’t been true for a while. And evidence suggests that routine, vigilant monitoring of your phone is a habit you need to get into for the long run.
Make strong cybersecurity practices a regular part of all aspects of your life. EuroDNS, for example, offers a number of domain name-related cybersecurity solutions, everything from SSL certificates to domain privacy and DNSSEC-validating DNS services to name just a few.
The more proactive you are to limit cyberthreats like mobile spyware, the less likely you are to fall victim. So stay safe! Take preventive action today.