ICSA Labs is offering a series of tips that businesses and consumers can use to protect themselves from security risks aimed at smartphones, tablets and apps.
1. Only buy apps from recognized app stores. Apps from unofficial third-party stores and applications downloaded from peer-to-peer sites are much more likely to contain malware than apps sanctioned by official vendor stores such as the Android App Market or Apple App Store.
2. Think twice about accepting “permissions.” Most applications, legitimate as well as malicious ones, require users to accept several “permissions” before the apps are installed. Check carefully to be sure that the app comes from a legitimate source.
3. Monitor bills for irregular charges. If attackers gain access to personal information stored on your phone, they can quickly rack up charges by sending “silent” text messages to high-priced call services. For example, if the Android Trojan GGTracker is inadvertently installed on a device, it can sign up users, without their knowledge, for premium text messaging services.
4. Employ security policies to protect employer-issued devices. Employers should enforce password-based access and require voice mail codes so that only authorized users can access data on employer-issued devices.
5. Be mindful that more and more employees bring their personal devices to work. Companies therefore must have security systems and policies in place to safeguard their business environment and prevent access to company networks from employees’ personal devices.
6. Remember that mobile devices are tiny handheld PCs. Many security threats that apply to traditional computers also apply to mobile devices, such as smartphones and tablets, and consumers should take necessary measures to protect themselves. One way to do this is to install anti-malware software on mobile devices and enable VPN functionality.
7. Protect your mobile phone password and voicemail pin. If your mobile phone does not currently have a password, add one that is at least six digits. Try to choose a unique password that is not already used across other systems and accounts. Do not use repeating digits in passwords or voice mail pins. Remember that your provider will never request your voice mail pin, so do not be tempted to provide it to anyone who requests it.