The potential damage is serious as attackers could steal your credit card information, fingerprint and facial recognition data, and more. While the researchers studied Android handsets because the platform is open, after examining more than 35,000 apps the institute came to the conclusion that iPhone users are just as vulnerable.
“The main risk is that hackers can get a foothold in your system and gain lifelong access to your data as long as you have the same phone. Your phone is no longer secure…We studied the Android system because of the open nature of its platform, but similar security flaws are likely present in the iPhone ecosystem as well. We see much less public security research on iPhones due to Apple’s closed approach which forces researchers to first reverse engineer essential information that is publicly available on Android.”-Mathias Payer, head of EPFL’s HexHive Laboratory
Michael Covington, vice president of portfolio strategy for mobile device management company Jamf, agrees that both iOS and Android platforms are now being targeted by bad actors looking to find vulnerabilities in the software and then exploit these flaws.
“Though recent work may specifically highlight Android device vulnerabilities, both of the major platforms are being targeted, and for good reason. As more and more data is generated on and accessed through smartphones, these mobile platforms have become the nerve center for both consumers and mobile-first organizations.”-Michael Covington, vice president of portfolio strategy, Jamf
Janf’s Covington says that both iOS and Android users need to have a mobile security strategy that includes “several layers” of protection. That goes for business users, too. Covington says that 40% of mobile device users are using a wireless product with known-vulnerabilities. He calls this “low-hanging fruit” that security teams need to focus on before there’s a data breach.
“Building upon that base, it is imperative that mobile security also includes defensive capabilities to stop common attacks like malicious apps that circumvent app store protections, and phishing attacks that trick users into parting with sensitive credentials and data,” Covington adds.
We’d like to add some of the following common sense defensive moves you can make:
- Make sure your device has the latest update installed.
- Don’t click on links found inside text messages and emails even if you think you know the person or company who sent it.
- Don’t call phone numbers listed in emails and texts from known and unknown senders.
- Don’t lend your phone to anyone even the other person claims its an emergency.
- Before installing an app from an unknown developer, check the comments section for red flags.
- Watch for tell-tale signs such as overheating and rapid battery draining which could signal that your device has been infected with malware.
- Android users should refrain from sideloading apps.