It’s hard to read the news these days without being bombarded by a recent event regarding new and improved tactics cyber criminals are taking advantage of in order to penetrate your most guarded information. Just look at this recent New York Times piece that details occurrences of cyber attackers leveraging what is now coined “ransom ware” that in effect takes control over your smartphone and demands a fee to be paid before you can have access restored to your device.
I recently had the chance to speak with Chiranjeev Bordoloi, CEO of TopPatch about his thoughts on ransom ware, why he believes smartphones and tablets are increasingly susceptible to being infiltrated by unknown cyber terrorists, and the ways in which these attacks will affect mobile ecommerce overall.
With recent statistics highlighting that nearly one in three Americans will use their cell phones to make a purchase for a loved one, colleague or friend this holiday season, Black Friday, the holiday which takes place the Friday after Thanksgiving that bargain shoppers flock to their favorite retail locations or websites to enjoy some pretty hefty discounts, PayPal saw a 193 percent spike in mobile payments.
First and foremost, it is vital for people to be aware that their smartphones can be hacked because according to Bordoloi, “Cyber criminals are congregating exactly where users are transacting, so as users are migrating to mobile transactions or increasing the frequency at which they complete mobile transactions, cyber criminals are proliferating to that channel as well. They are even getting more sophisticated with the ways they use to target that channel in a much shorter period of time than in the past.”
Mobile apps serve as a weak link for cyber attacks due to the fact that while there are hundreds of thousands of developers out there, even though you would never allow an untrusted developer to enter your network via your pc or laptop, with a mobile phone “consumers are pretty laissez faire about using mobile apps without knowing whether or not the developer is trusted. While phone companies and app stores do complete some degree of technical due diligence to ensure the apps they are powering are not malware, there is only so much they can do since criminals are always one step ahead of the game. So, you may think you are downloading something harmless yet it could actually be a key logging application,” Bordoloi added.
Filled to the brim with invaluable advice that can help those shopping on their mobile devices safe, Bordoloi advises cell phone users to never use open networks as unencrypted wireless routers can be one of the easiest targets there is. When not encrypted, cyber criminals can look at your wireless router, find the open network and compromise the router, ultimately gaining visibility into all the data being transmitted.
Consumers should at the bar minimum protect their phones from an array of attacks by doing four things:
1. Be very active with applying patches that their application developers release for apps they have already downloaded. Bordoloi stated, “The reason is sometimes applications from trusted developers have security vulnerabilities that the developers discover after they have been released and then they launch the patch to remedy them.”
2. Stay away from unencrypted wireless networks. “This is a good practice to adopt in general,” he said.
3. Before downloading an application, search Google for the name of the specific app as well as the term malware security. Bordoloi stated,”Professionals like myself and others in the community are quite active in hunting down these kinds of apps.”
4. Don’t ever enter any personal information into any website that doesn’t begin with “https.”
Looking ahead into the New Year, “We are seeing cyber attacks become extremely sophisticated. A long time ago, phishing campaigns were fairly generic filled with bad English and overall quite primitive, however as organized crime is moving into cyber crime, they are becoming very advanced when attempting to spread malware. Now instead of hacking into 100 Facebook users’ accounts, it might be suitable to hack one Facebook user’s account and thus infiltrate any other user who has either liked or posted something on that particular page.”
As broadband connections and memory only increases over time, a password that used to take many hours to crack can now be figured out in minutes. In conclusion, a high level of security is vital these days, no matter whether you are using your phone or computer.
Edited by Amanda Ciccatelli