October 30, 2020

It’s National Cybersecurity Month – How Secure is Your Smartphone?

Twitter Linkedin Facebook

As we wrap up National Cyber Security Month this year, more employees are working remotely, making mobile cybersecurity paramount. OnwardMobility believes cybersecurity is a daily top priority for global organizations that are actively targeted by malicious actors with nefarious plots to gain access to their corporate assets and data. Moreover, increasingly these attacks are causing direct financial harm in the form of ransomware. Daily there are new stories about how the ever-creative attackers seek new ways to put you and your company at risk.

At OnwardMobility, we’ve identified four key areas of mobile cybersecurity threats:

Supply Chain Component Sourcing

Where your components are sourced and manufactured greatly determines if devices are already compromised. Devices manufactured overseas and particularly in China with insufficient oversight could potentially become compromised during the manufacturing process, giving foreign actors the opportunity to gain remote access to the device’s data without the user ever knowing it. This is accomplished by a bad actor installing malicious code, a rogue background application or compromised components that can lead that malicious actor into the heart of your company’s key assets and data. Understanding and taking control of where your components are procured is essential to eliminating compromised components.

Malicious 3rd Party Apps and Links

Applications loaded onto a device by a user could provide remote access to all data held on and transmitted to/from a device or result in ransomware. Phishing is also a danger when employees innocently use apps, access links, or respond to seemingly viable emails with access information. This fraudulent practice of sending emails purporting to be from reputable companies induces individuals to reveal personal information, such as passwords and credit card numbers. By clicking the seemingly innocent links in the emails, users can compromise their devices and give hackers remote access to corporate data. IBM reports that the average successful phishing attack costs a 10,000-person company $3.86M per year.

Intercepted Communications and Location Information

A “stingray” attack occurs when a user’s device is targeted and forced onto a rogue portable cellular network operated by someone with nefarious intentions also including the installation of ransomware. Once connected to the network, all communications on the device are compromised. Typically a stingray attack intercepts voice, text and video data and can hijack the device’s location information. Implementing a 5G network will help thwart stingrays by introducing a comprehensive scheme for encrypting device data, so that it doesn't fly around in an easily readable, plaintext format. But researchers at last year’s Black Hat security conference found lapses within the network. During the conference, a pair of 5G stingray attacks snuck through, illustrating to 5G customers that they can’t rely on the network alone to prevent these types of attacks.

Attacks on the Device’s Data

A rogue actor can breach the data stored on a mobile device or being transmitted to or from the device over unsecured connections, like public WiFi, which is frequently offered at local airports, coffee shops and libraries. Additionally these breaches can take place via downloading of popular apps, games and video players. Any app from an unknown source, or even a known but compromised source could be putting your device’s data at risk or installing ransomware.

OnwardMobility is working closely with BlackBerry and FIH Mobile to deliver an ultra-secure 5G-enabled BlackBerry smartphone. We are committed to making devices that safeguard against threats from the supply chain, third-party apps, stingray attacks and device stored data and transfer. In future posts we’ll go into more detail about how OnwardMobility addresses each of these types of vulnerabilities to help secure your mobile experience. To learn more about our mission to make the most American-made, ultra-secure 5G smartphone, sign up here.

Return to News and Blog