THE REAL DANGERS OF USING A SMARTPHONE (And How to Avoid Them)
As parents, we all must make the inevitable choice as to when the appropriate age to purchase a cell phone for our kids may be. For me, that was the decision I wrestled with much of the summer. My oldest, now a middle schooler, and a (mostly) dependable kid, was lobbying hard for a phone. At the same time, I- a cyber-tech guy, and a security-skeptical father- couldn’t help but thwart his cause with facts regarding the reality of dangers that cell phones pose. However, in the end, and following a series of solid and heartfelt conversations, we were able to reach a mutual understanding allowing him to be trusted with a phone.
For all of us, owning a phone has inherit concrete physical responsibilities: not losing or forgetting it somewhere, not breaking it or getting it wet, not exceeding data usage or text restrictions, etc. But in addition to physical maintenance, the latest phones- now acting as our personal computers (in some instances costing in excess of a thousand dollars), also open the flood gates to another level of safety that is not physical but “informational” if you will–cyber compromises, breaches and attacks exposing your personal data and confidential information to cybercriminals.
Regarding malicious attacks, not all phones are created equal. Due to Google’s open approach to app sales and a lack of solid-regulation on what can and cannot be developed due to its open source nature, Android-based phones (i.e. Samsung Galaxy) are more highly susceptible to mobile malware and cyber-attacks than Apple’s iPhone. In fact, it is estimated that 98% of all mobile malware target the AndroidOS. But, it is also important to note, (as many Apple loyalists remain in denial), that iOS devices are not completely secure from mobile threats.
The threats posed by mobile malware are many. Mobile malware payloads can include: a phone being bombarded with unwanted and often non-kid friendly (suggestive) advertisements, gaining access to your personal email, enabling your phone camera, logging banking and credit card information, tracking and reporting your GPS location, stealing your contacts, numbers and texts or locking you out of your device. Honestly, with all the potential nastiness out there, I may need to reconsider the whole allowing a tween their own phone. Some days I wish I weren’t hand-cuffed to mine!
Earlier this year, I wrote of new emerging malware designed to mine crypto-currency. In these cases, the secret mining of cryptocurrency (a term called: cryptojacking) was mainly being performed on Windows systems through a means called, In-Browser Crypto-jacking. The technique has since cross-platformed on to the Linux side of things as well! More recently, I have seen just has many variations of malware written to perform these same exact attacks on the mobile side of things. Let’s take for example the Monera Malware written for the Android platform. For starters, the Monero-mining app’s icon looks identical to the Google Play Store Update app. When downloaded and permission granted, the app hides itself and starts mining Monero in the background. In addition, prior to performing any activities on the device, the malware will use anti-emulation to bypass detection and automated analysis techniques (i.e. Anti-Virus lab), and if so, it will not perform its malicious duties. The mining process is extremely rough on the device which will eventually cause the device to fail.
The reason for the increase in mining apps is easy to understand. Until recently, ransomware was the preferred method of infection, as the financial return on investment was the greatest. However, with the introduction of cryptojacking, and the idea of using someone’s else’s system to generate large sums of digital cash, this technique of infection quickly became the ultimate cash cow. Adding to that, by design, ransomware infections are short-lived, while on-the-other-hand mining malware can reside on a system or device for weeks if not months and go undetected or until the device gives out.
The bottom line is that the amount of mining malware out there is surging, and I don’t expect it to subside anytime soon. These types of mobile malware exploit and make excessive use of a device’s resources.
Whether Windows or Mac, or on a mobile device, here are few signs your device may have gotten compromised by mining malware:
- Your device is experiencing unexpected over-heating
- Your device battery is continually draining
- You notice increased of CPU and RAM Usage
- Your system is suffering poor performance
- Your device fails
Is anyone sweating?
Here are also a few steps I recommend for keeping your mobile devices safe from mining malware and other mobile cyber-attacks.
- Lock Your Device (i.e. Password or PIN or Biometric)
- Always keep the setting ‘Unknown Sources’ disabled
- Avoid downloading apps from 3rd party app stores
- Be extremely wary of texts messages or links within emails
- Verify app permissions before installing (even from Google Play, App Store)
- Do your research on apps you’re looking to download (check app developer’s name, verify developer’s website, read through reviews, download counts, etc.)
- Keep your device OS up-to-date
- Limited yourself to only those apps that are really needed
- Install strong mobile security software
Being relaxed or not taking today’s mobile threats seriously can have dire consequences, and that is why understanding these complex and malicious dangers are important for all of us to grasp and to communicate with our children (and even your parents, friends and neighbors). And the truth is, many of us may not truly understand these things, but we can become vigilant and proactive about them. We can utilize caution, common sense and restraint when using our devices and acquiring new apps. Downloading our “next app” can be like sin, seemingly quick and painless, but the ramifications can ripple and even create a big negative splash in our lives. I strongly recommend that you take an analysis of the devices in your home, and in light of the information shared here—consider their behavior and assess if they are functioning normally, or if they show signs of distress.
I will take my own advice and make sure to follow-up with my son to see if our initial conversation about safety and limitations is still being applied in his daily mobile activities. I know that we have strayed from the usage parameters that were originally set (he is always on that device!), but I will not waiver on the security guidelines that were established, as the ramifications could cost all of us.
At the risk of sounding like my grandfather, I dare say that mobile devices have become a bit of a necessary evil. Yes, I am a techie and I delight in the latest technologies. And yes, I am a nerd, as I delight in the intricacies of threads of malware/ransomware and in deciphering how to stop them in their tracks. But I also see the technological writing on the wall, and how our devices are often eating us up: devouring our time and energy and draining not only their batteries, but they are draining us.
Be wary, young grasshoppers. As I repeatedly tell my son: Don’t get too engaged in that device. Delight yourself in the Lord and He will give you the desires of your heart. (Psalm 37:4)