Mobile Malware and mobile device security poses a range businesses threats, especially to those who favour Bring Your Own Device (BYOD) and remote working policies. In light of PC Malware viruses such as the Zepto and RAA Malware, many businesses remain unaware that there is also a large amount of mobile Malware in circulation.
What is Mobile Malware?
With the sudden growth in public Wi-Fi hotspots over the past few years’ cyber criminals are using these as another opportunity to carry out attacks. Cyber criminals can use insecure public Wi-Fi networks to inject Malware into the devices connected to it. The hackers use the Malware to gain access to a user’s entire device this includes email, files, passwords and photos. Many people who use public Wi-Fi hotspots use the same device they use for work – meaning they will have lots of business-related private information on their device. Hackers can intercept that information and then target that business.
One of the most prolific mobile Malware attacks to date was the Hummingbad Malware that earlier this year reportedly infected over 10m Android handsets worldwide. By attaching itself to infected versions of trusted Android apps, Hummingbad implemented applications to generate fraudulent advertising revenue, and collected personal data to sell on, whilst using up all the recipients data allowance.
For companies who embrace a BYOD policy, Enterprise Mobility Management (EMM) platforms can mitigate the risk of Malware and help protect corporate data. Meanwhile, robust security policies and mobile anti virus software can be installed on employee’s personal mobile devices without invading their personal privacy.
iOS and Android device usage for business
Mobile Apps present a security risk to businesses, as confidential company data is entrusted to a third party’s security protocols by default. Employees who use apps for work purposes, have to rely only on the strength of passwords they set for protection rather than robust end-to-end encryption. Whilst the major App Stores automatically scan for malicious apps, an employee can download a multitude of apps from third party App Stores that appear harmless but could potentially contain mobile Malware to infect the device and extract the data.
By creating a separate, corporate app store on employees devices through an Enterprise Mobility Management (EMM) platform, IT departments can easily ensure that only approved apps can access corporate information, whilst still giving employees the freedom to download whatever apps they wish for personal use
While Apple is said to have complete control over its iOS update system making it relatively secure, Malware does still exist for IOS. The StageFright attack in 2015, exploited weaknesses in the Android source code and allowed hackers to remotely execute malicious code. As Android has to rely on vendors to patch issues which is why we recommend all BYOD Android devices have anti virus software installed by the employer if they are to be used for work purposes.
It can be challenging to manage software updates on BYOD devices. However, enlightening employees who use Android devices aware of the above attack and encouraging them to ensure their personal device is up to date with the latest patches, will assist in helping overall mobile device security.
This blog explores the main points to consider that will help improve mobile device security and prevent mobile Malware threats – however there are many more things to also take into consideration. Mobile Device Management and Mobile Security are worthy of significant time and investment by any company even those who don’t embrace BYOD.