In today’s blog, we start to examine the weaknesses of Smartphones. Here we go:
The Major Security Vulnerabilities Posed to Smartphones
- Network Spoofing:
Suppose once again that you are at Starbuck’s. In order to login, once again, you have to access their wireless connection from list of available of Wi-Fi connections, and enter in the provided username and password. But, did you know that a Cyber attacker can also set up a fake dialog box to enter these credentials? Although you may think you are connected to a legitimate Starbuck’s wireless access point, there is a probability that you could actually be connected to a fake wireless access point which looks like the real thing. Once this happens, the Cyber attacker can then monitor all of your activity covertly, and even launch Identity Theft attacks (using the information they have captured) at a much later point in time. How can you tell if you are at a fake Wi-Fi connection? Normally, if you are at Starbuck’s it will say something to the effect of “Starbuck’s Wireless Connection”; whereas a spoofed connection will be more general, such as “Free Airport Wi-Fi” or “Free Coffeehouse Wi-Fi”. In these situations, you will also be asked to create a separate account, whereas with the Starbuck’s Wi-Fi connection, you will not be asked to do this.
- Phishing Attacks:
With our Smartphone, we are also able to very easily access both our personal and work E-Mail. Cyber attackers are well aware of this, and thus they love to send messages which have a link to send you to a spoofed website, which once again, looks like the real thing (such as a banking or a brokerage website). At this fake website, you will be asked to enter your username and password. So, how can you tell if you received a Phishing E-Mail onto your Smartphone? Here are some of the telltale signs:
- The E-Mail message has improper spelling or grammar in the content and/or the subject heading;
- The hyperlinked message is different from the one that is shown in the text of the message;
- The E-Mail content urges you to take immediate action, or that you must reply immediately;
- The first thing that the E-Mail asks you for is your personal information;
- It asks you to make a donation to a legitimate non-for profit charity;
- The E-Mail message has a statement that you have won a contest (which you never entered in the first place) or a lottery, and that you have to click a link in which to claim your winnings;
- The E-Mail contains attachments you don’t know about, and has file extensions which look suspicious.
Stay tuned for more vulnerabilities tomorrow!!