Smartphone Malware

Millions of smartphones have been found to be infected by malicious programs called malware. The average smartphone user is hardly aware of smartphone malware. It is a common practice that smartphone users are more concerned about the physical safety of the phone than a serious threat of a malware attack.

Smartphones are the most common targets of mobile malware and therefore, it is high time that smartphone users are educated about mobile malware programs and how to prevent the malware from attacking their smartphones.

A malware infected smartphone can cause a lot of problems for the user. Malware can slow down a phone’s performance, impact the phone’s data usage, intercept messages and monitor calls, steal phone contacts, track user’s location and movement, record browsing history, and more. Cyber criminals or hackers even use malware programs to spy target individuals.

When a phone is compromised, hackers can access all the sensitive information on the phone including the passwords, emails, messages, personal pictures, etc. Some malware programs even record and monitor online banking transactions of the user. Malware programs like ransomware lock files or even the device demanding user to pay money to allow access to device and files. Overall a malware can cause some serious threat to privacy and security of a user.

It is found that Android based smartphones are more affected by malware than Apple smartphones. Usually, a malware finds its way into the smartphone through third-party apps installed from the app store. According to the reports earlier this year, Android based smartphones of 39 brands were detected to have malware pre-installed on them. These included some high-end smartphones of popular smartphone manufacturing companies. It is believed that malware was injected into the devices somewhere in the supply chain.

Some abnormal signs and symptoms on the phone can help a user detect presence of malware on the smartphone. Some of these signs are mentioned below.

Unusually Bad Battery Life. When a user does not perform many battery draining activities on the phone but still phone battery drains out faster than usual and on a regular basis, indicates an unusual behavior. This unusual behavior of the battery is because of certain processes of the malware running in the background that drain out the battery.

Clogged Performance of the Phone. A malware infection may cause various performance issues which disrupt normal working of the phone. Hidden malware processes running in the background consume too much RAM or CPU load to let the phone and the apps function in a proper manner. This may even result in freezing of applications and the phone, due to which a user often has to hard reboot the phone. Clogged performance of the phone is a possible sign that a malware is present on the device.

Abnormal Data Usage. Some malware programs that steal the data from your phone to unknown servers can be detected by observing the phone’s data usage, upload and download patterns. Some smartphones also display data usage by apps, if the data is being used by some suspicious apps, it could be a sign that something is not normal with the phone.
Malware scans. A user can also detect a malware by scanning the phone using malware detection apps.

When a user finally detects the presence of malware, it is important to remove the malware and clean up the phone. Here are a few things that can help a user remove malware from the phone.

When a user has detected and identified the malware app on the phone, the first and foremost thing that needs to be done is delete the app or do a factory reset to clean up the phone’s memory if the malware infection has spread across the phone. In some cases when the malware is highly malicious and even the factory reset doesn’t help, the user needs to get the firmware of the phone re-installed. Frmware re-installation of the phone is done through a complex process called flashing which should be done only by authorized mobile technicians.

– Captain Krypto

Kryptotel is an IT Security Services and Product Development Company specializing in Cyber Security and Secure Communications. Kryptotel develops secure communication applications with strong encryption and security features. Feel free to consult Kryptotel for your cyber-security challenges. www.kryptotel.net.

Mobile Applications and Security Vulnerabilities

Mobile Applications & Security Vulnerabilities

There are over 2 billion smartphone users in the world today. The enormous rise in the use of smartphones globally has also led to a surge in the usage of mobile applications. There are over 2.2 million Android based applications in Google PlayStore and over 2 million iOS applications in Apple’s AppStore.
Applications, in general, are becoming a dominant form of digital interaction and hence applications are not just limited to smartphones. Applications are developed and used for wearable devices, for devices connected in Internet Of Things, Smart Cities and Smart homes, etc. These devices communicate with each other via applications which makes security in applications all the more important. Security is critical in applications and therefore applications need to be without any security vulnerabilities, but that is not the case. Application do have security vulnerabilities.

Some of the common security vulnerabilities in mobile applications are explained below.

Weak Server-side Components:

Mobile applications communicate to the servers using APIs. The communication requests from APIs need to be properly verified and authenticated before allowing an access to back-end services. Absence of proper security verification and authentication would lead to security vulnerabilities.

Weak server-side security vulnerabilities include Cross-site scripting and forgery, weak authentication system, injection attacks, etc.

Data Leakage and bad storage practices:

Mobile applications collect a lot of data. Some of the data collected by applications is required for them to function, but there is also unnecessary data collected which is a cause of concern. It is critical that the collection of data by apps doesn’t compromise a user’s privacy. An unsecured app could leak the user’s private data. There have been various researches and studies which show how mobile apps have been collecting user’s personal information and then leaking the same data to agencies or third-parties.

Here are some common ways mobile applications expose user data:

Using a misconfigured or insecure ad and/or analytics framework. A framework which is not properly configured or doesn’t proper security measures could be a potential security vulnerability to collect and expose user’s personal and sensitive information.

Unencrypted data transmission from between the app and the back-end server.

Unnecessary logging by the applications becomes a vulnerable point to expose data to unauthorized third-parties.
Android applications have an option of storing the data on external storage which is a point of vulnerability because the applications cannot trust that files have not been modified.

When users sync their data to a cloud platform which is not secure increases vulnerabilities of exposing the data to unauthorized access.

Weak Encryption & Security Protocols:

Mobile applications become prone to external attacks in absence of strong encryption algorithms and security protocols. Attackers use information stored in the cookies and environment variables to bypass the security and access the data on the mobile device. Mobile applications needs to built with latest and strong encryption algorithms which meet the modern security requirements.

Below are some facts as per HPE 2016 Cyber Security Report:

52.1% of applications accessed geolocation data
70% of education applications on iOS accessed geolocation data
11.5% of applications accessed contacts
40.9% of social networking applications accessed contacts
19.8% of finance applications accessed contacts
16.3% of applications accessed calendar data
41.9% of iOS game applications accessed calendar data
52% of iOS weather applications accessed calendar data
61.7% of applications used ad or analytics frameworks to expose data
64.8% of health applications used ad or analytics libraries to expose data
53.2% of medical applications used ad or analytics libraries to expose data
43.8% of finance applications used ad or analytics libraries to expose data
94.8% of applications include logging methods
70.6% of applications can access external storage

(Link to the detailed report: https://saas.hpe.com/sites/default/files/resources/files/Mobile%20Report%20ver%2010.2.pdf)

-Captain Krypto 🙂

Kryptotel is an IT Security Services and Product Development Company specializing in Cyber Security and Secure Communications. Kryptotel develops secure communication applications with strong encryption and security features. Feel free to consult Kryptotel for your cyber-security challenges. www.kryptotel.net.