Ali Dehghantanha, University of Salford
If youâ€™ve ever forgotten your phone or left it at home for the day, you will have realised just how much you use it. On average, we check our mobile phones about 110 times a day. Using them for just about everything, from summoning an Uber car and paying for our latest Amazon purchases, to receiving prescriptions and even tracking shares and trading on the stock market.
Unsecured mobile phones are among the top seven major causes of security breaches and your mobile number is all a hacker needs to start the attack. Using your number, hackers can send you a text message containing a malicious link, which when clicked allows them to read your texts, listen to your calls and even track your whereabouts.
Smartphones are valuable targets for hackers â€“ more so than laptops or personal computers. This is because they can be used as a â€śpivot pointâ€ť to attack heavily protected environments such as banks or critical national infrastructure. Hackers can redirect their malicious traffic through your phone and store collected data on it. This means that all forensics traces would point to you as the hacker rather than the real culprit.
On top of this, most phones are open to attack 24 hours a day, seven days a week, often with only limited security features in place. Combine this lack of security with the fact that most modern phones now contain more processing power than the computers that landed Apollo 11 on the moon, and itâ€™s not hard to see why they are a hackerâ€™s weapon of choice.
The worst case scenario? You could wake up one morning to the police kicking down your door, investigating a sophisticated cyberattack with all the evidence pointing to you. Regardless of how ridiculous it may seem, in the absence of any cyber-monitoring or cyber-defence solution you would have a very hard time proving that you were not guilty. And it is not just hackers you need to worry about, even the US National Security Agency and the UKâ€™s GCHQ have secretly used innocent peopleâ€™s devices to cover their malicious activities.
In my career as a cyber forensics investigator, I have not only seen many of these cases but also scenarios where hackers have been hired by organisations to deliberately frame employees by planting material such as child pornography onto their work phones. The person in question is then accused, for example, of selling secret company information to competitors and when the legal team investigates their phone, they find the child pornography. It is a scary prospect.
Many people wrongly believe that their mobile service providers should deploy cyber-protection mechanisms for their users. But if you read the terms of service, you will clearly see that as the owner and user, it is solely your responsibility to protect yourself. Exactly in the same way that you protect your laptop when you surf the internet.
If you are reading this and you are yet to install at least an anti-virus application on your phone, stop reading immediately and install one â€“ there are many good anti-virus applications that are completely free. You should also make sure to only install applications from well-known app markets such as Google Play or the Apple or Windows Stores. Never â€śjail breakâ€ť or root your phone to install free apps unless you are a security expert and know what you are doing.
And it may sound like common sense, but do not click on the links you receive from unknown sources. It is also a good idea to have all your phone data encrypted and to install a logging or monitoring solution on your phone to have records of all activity. It could well turn out to be your â€śget out of jail free cardâ€ť â€“ just on the off chance anything were to happen.
Ali Dehghantanha, Lecturer in Cyber Security and Forensics, University of Salford
This article was originally published on The Conversation. Read the original article.