Sounding the Alarm on Mobile Hacking

mobile hacking

Written by Jackie Bilodeau

I am the Communications Director for CGNET, having returned to CGNET in 2018 after a 10-year stint in the 1990's. I enjoy hiking, music, dance, photography, writing and travel. Read more about my work at CGNET here.

November 7, 2024

Mobile security company Zimperium recently released their 2024 Global Mobile Threat Report, and their findings should serve as a wake-up call. Because if accurate, it is clear that hackers are targeting users’ mobile devices far more than in the past. And it makes sense that they would. After all (particularly since the pandemic), many of us think of our mobile devices as our own pocket-sized offices. Super-convenient, for sure. But also, a prime target for the bad guys.

Some Sobering Stats

Let’s take a look at some of the findings. According to the Zimperium report, there’s a huge shift towards attacking via mobile devices.

  • 83% of phishing sites they found were designed to specifically target mobile devices
  • Mobile malware instances have increased 13% in the last year
  • 80% of all malware found were riskware and trojans deployed as what are called “sideloaded apps” (apps not purchased through the device’s official store and therefore not vetted for security).

At the same time, there’s also been a shift in mobile device usage for work:

  • 82% of organizations allow staff to use personal devices at work
  • 71% of employees use their smartphones to perform work tasks
  • 60% use them for work-related communication
  • 48% of employees use them to access work-related information
  • 85% of the apps on the device are personal apps that all have some potential impact to the organization’s risk exposure

Other Mobile Risk Factors

There is a myriad of other risks that come with staff using their mobile devices for work:

Variety of attack pathways

With mobile devices, cybercriminals can target the user using multiple avenues beyond questionable apps, including via scam phone calls and voicemails, though text messages/SMS (smishing), and through social media, where they try to lure users into clicking on malicious links or providing sensitive information.

Unsecured Wi-Fi networks

Public Wi-Fi networks are obviously convenient when traveling for work or pleasure, but often lack proper security measures. Connecting to an unsecured network can expose the device to hackers who can intercept data, including login credentials, personal information, and sensitive work-related data. If possible, have your staff only connect using VPNs.

Outdated Software

Keeping a mobile device’s operating system and apps up to date is crucial. Outdated software can have vulnerabilities that cybercriminals exploit to gain access to the device.

App Permissions

Many apps request access to various features and data on a device. Your staff should be cautious about granting permissions, especially if they seem unnecessary for the app’s functionality. Overly permissive apps can misuse data or share it with third parties without the user’s consent.

Lost or Stolen Devices

Because of their obvious portability, mobile devices can be easily lost or stolen. Without proper security measures, such as strong passwords, biometric locks, and remote wipe capabilities, a lost device can provide unauthorized access to the user’s personal and professional information.

Awareness is the Answer!

Mobile device usage for work is likely here to stay. And given that most organizations can’t fully secure personal devices, it’s crucial to involve employees in the security strategy with cybersecurity awareness training. Implementing this training on a regular basis can help employees stay vigilant when using their mobile devices for work-related tasks, emails, and web browsing. Training should focus not just the various risks involved with the use of a mobile device and how to circumvent them, but also on what to do in the event of an unfortunate incident. The moral of the story: Teach your staff how to stay safe, so they – and your organization – can continue to enjoy the benefits of mobile technology while getting the work done!

Written by Jackie Bilodeau

I am the Communications Director for CGNET, having returned to CGNET in 2018 after a 10-year stint in the 1990's. I enjoy hiking, music, dance, photography, writing and travel. Read more about my work at CGNET here.

You May Also Like…

Hack-Proof Your Passwords

Hack-Proof Your Passwords

I recall when passwords could only be eight characters – I remember my favorite Unix password was 4rich*. By the early...

You May Also Like…

Hack-Proof Your Passwords

Hack-Proof Your Passwords

I recall when passwords could only be eight characters – I remember my favorite Unix password was 4rich*. By the early...

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Translate »
Share This
Subscribe