Smartphones are now an essential tool across all sections of society, from top government officials to businesses and consumers.
If you are one of the hundreds of millions of smartphone users worldwide, you probably spend more a lot of time with your phone and, with its array of applications and sensors, it probably knows a lot about you.
Currently, ENISA outlines the following top smartphone risks:
- Data leakage: a stolen or lost phone with unprotected memory allows an attacker to access the data on it.
- Improper decommissioning: the phone is disposed of or transferred to another user without removing sensitive data, allowing an attacker to access the data on it.
- Unintentional data disclosure: even if they have given explicit consent, users may be unaware that an app publishes personal data
- Phishing: an attacker collects user credentials (e.g. passwords
- Spyware: the smartphone has spyware installed allowing an attacker to access or infer personal data. NB spyware includes any software requesting and abusing excessive privilege requests.
- Network spoofing attacks: an attacker deploys a rogue network access point and users connect to it. The attacker subsequently intercepts the user communication to carry out further attacks such as phishing.
- Surveillance: spying on an individual with a targeted user’s smartphone.
- Diallerware: an attacker steals money from the user by means of malware that makes hidden use of premium sms services or numbers.
- Financial malware: malware specifically designed for stealing credit card numbers, online banking credentials or subverting online banking or ecommerce transactions.
- Network congestion: network resource overload due to smartphone usage leading to network unavailability for the end-user.
In its new report, ENISA analyses the key security opportunities and risks. Some of the key risks are:
- Accidental leakage of sensitive data -e.g. through GPS data attached to images.
- Data theft by malicious apps and from stolen, lost or decommissioned phones.
- “Diallerware” – malicious software which steals money through unauthorized phonecalls.
- Overload of network infrastructure by smartphone applications.
In terms of opportunities, backup is often very well integrated into smartphone platforms, making it easy to recover data if the phone is lost or stolen. Another opportunity lies in the use of app-stores: “Most smartphone users only install 3rd party software through controlled software distribution channels,” says Dr. Marnix Dekker, co-author of the report.