It seems like you can’t read an article, watch the news or receive an update from your information technology department without being made aware about the latest threat to or vulnerability found on your Android or Apple iOS phone or tablet. For years we have been warned about the insecurity of Android devices. There really isn’t a single reason why the Android operating system is less secure than Apple’s iOS other than the fact that there are thousands of versions of Android and there are not enough security updates to keep up with all of those versions.
Is Apple iOS any safer? In short, yes, since there are fewer versions of the iOS operating system, and Apple does a pretty good job with patching known vulnerabilities in iOS. For years it was thought that Apple iOS devices were “invulnerable” to the types of malware found on Android devices. Yes, there is malware created for iOS; however, not nearly as much as is created for Android devices.
In 2016, a piece of mobile malware called Pegasus exploited a series of critical vulnerabilities in Apple’s iOS mobile operating system. Once established on a device, this tool can surveil virtually anything, relaying phone calls, messages, e-mails, calendar data, contacts, keystrokes, audio and video feeds and more back to whomever is controlling the attack. This month, researchers from the mobile security firm Lookout (www.lookout.com) and Google’s Android security team revealed a variant of the Pegasus mobile spyware for Android. It essentially performs the same data exfiltration and surveillance capabilities found in the iOS version. Both of these pieces of malware are now available to any person on the dark web.
One may ask: Is there any way to protect my mobile device from losing data? Given that the most common way a mobile device is infected by malware is through applications infected with the malware and downloads (typically through phishing e-mail or text messages) there are both technical and human controls that you can implement now.
1.Don’t jailbreak your device. Jailbreaking your device removes its built-in security.
2.Only download apps from reputable app stores like GooglePlay and iTunes. Unofficial app stores are more likely to be sources of malware-infected apps.
3.Encrypt your data.Make sure your mobile device is encrypted. iOS devices have encryption turned on “out of the box” while encryption on Android devices (Samsung, HTC, etc.) need to be turned on by the user.
4.Update operating system and app software. Turn on automatic updates. App and operating system companies release updates on mobile devices that address potential vulnerabilities, performance issues, or enhancements.
5.Implement mobile security software. Products like Lookout protect against app, network and device-based threats on iOS and Android devices. A free version is available on iTunes and GooglePlay.
6.Use a mobile device management (MDM) system. Products like AirWatch (air-watch.com) let network administrators centrally manage mobile devices and enforce technical security policies that address the use of mobile devices on a corporate network.
7.Don’t click on suspicious e-mail or text message links. If you don’t know who the text message or e-mail came from or even if you do, but don’t know why you would be receiving such a message, do not click on it. When in doubt, delete!
As the saying goes, “An ounce of prevention goes a long way.” Take the time to secure your device to avoid the potential of something bad happening to your precious data.