The hacks of 2014 shocked us all. And while the major incidents last year weren’t mobile-related, we know that mobile malware is on the rise.
So what can we expect this year in terms of mobile security? Here are our predictions.
We’ll be seeing more government spyware
In 2014, two stories surfaced revealing parts of the world of government espionage. The first had to do with The Citizen Lab, a group out of the University of Toronto that published a research mapping the network of an “untraceable spyware” dubbed “Remote Control System,” or RCS, which was sold exclusively to governments by the Italian firm “Hacking Team.” They succeeded in identifying a number of governments that used the spyware.
The second story involved hackers who managed to leak data from the customer support server of a company called Gamma International. The UK-based company, with its subsidiary, FinFisher, provides the spyware FinSpy, a competitor of Hacking Team’s RCS, to law enforcement and government agencies. The leaked data shed light on FinFisher’s entire solutions portfolio as well as a multitude of customers who use its spyware.
With these stories in mind, we predict that this year, there will be increased use of such tools by governments worldwide—whether we hear about it or not. Here’s why:
- First, there’s a real need for these tools. Encryption is becoming a standard these days, with numerous services using encryption by default. While some intelligence agencies may be able to crack these encryptions, most government agencies can’t. The only way for them to beat encryption is to go into the monitored person’s device itself—thus creating the need for spyware.
- Second, even though supply exists to meet governments’ spying demands, existing spyware tools aren’t too strong. Considering The Citizen Lab was able to identify the entire proxy infrastructure of RCS, and that cases were successfully linked to FinFisher several years ago, it’s clear these “untraceable tools” can use some improving. And, when there’s a need, we can be pretty certain someone is going to try to fulfill it. Hacking Team and Gamma are not the only players in this field, and as this market continues to heat up, we’ll see an increased use of spyware by government agencies.
Mobile malware is going to become even more popular
Mobile malware has been catching up to its desktop counterpart in recent years, and we predict this trend will continue in 2015.
There are two problems that contribute to this bleak situation. First, our smartphones nowadays contain information that is even more sensitive than what we have saved on our desktops. No wonder hackers would want to get their hands on victims’ smartphones. Second, we still don’t tend to perceive our smartphones or other mobile devices with operating systems to be as vulnerable as desktops, and as a result we don’t take the required measures to protect them.
But that might change this year. If mobile attacks enter the cybersecurity limelight, as the major hacks of 2014 did last year, the public perception surrounding the vulnerability of these devices will finally awaken.
Mobile will be used for committing fraud
Ever since mobile devices became popular and every bank around the world issued its own app, attackers began experimenting with ways to commit fraud on this new platform. Whether through a dedicated app or through the bank’s website, fraudsters tested whether they could use smartphones to bypass traditional fraud detection systems. This year, fraudsters may have a new incentive to adopt mobile phones as tools of their trade.
This year, contactless mobile payment is going to increasing in popularity. Apple Pay, which was released last year and quickly gained popularity, will be rolling out to additional countries and its competitors will be heating up their engines. This will likely draw hackers to attempt to exploit these services.
So what can we do today to protect your mobile devices?
There are a number of steps we can take to protect our mobile devices and our personal data, and most involve free tools that are readily available. Here are four easy steps that can be taken today:
- Download a mobile anti-virus like Norton or Kaspersky.
- Use a password keeper like LastPass or PasswordBox to keep your passwords safe, secure and strong.
- Use two-factor authentication on all of your accounts to enhance security.
- Protect your most valuable online accounts using LogDog, which alerts you to any suspicious activity so you can take control of your account before a hacker does.
About the Author: Omri Toppol has been working with hi-tech startups for over 15 years. He is an entrepreneur with an extensive technical background and a passion for mobile.