Top Security Threats of Smartphones (2023)
You might be surprised by the hidden security threats lurking inside your trusty mobile device.
Our smartphones are always an arm’s length away, but how many of us are wise to the risks of using them? Mobile security threats are on the rise: Mobile devices now account for more than 60 percent of digital fraud, from phishing attacks to stolen passwords. Using our phones for sensitive business such as banking makes security even more essential. “The more you depend on your phone for everyday tasks, the more it will impact you if your device is compromised,” says Randy Pargman, senior director for Binary Defense, a cybersecurity company. That’s also one of the reasons you should never store certain things on your smartphone.
Luckily, you can still use your phone safely by staying informed and taking precautions. To that end, we rounded up this year’s biggest threats to smartphone security, as well as some expert tips that will help you protect yourself, your phone, and your info.
Before installing a new app on your smartphone, you might want to read the fine print. Nearly every smartphone app collects data from your phone, according to Pargman. That info could include your name, date of birth, credit card and bank account information, location history, contact list, photos, and more. “It’s a little scary when you realize just how much of your activity is collected on servers maintained by the app developers,” Pargman says. If those servers are hacked or if a technical error leaves them vulnerable, all of that data can be stolen and used by criminals for fraud. Pargman suggests adjusting the security controls on your device to limit the data collected by each app and thinking twice before downloading any new app that requests a lot of permissions. FYI, if these apps are on your phone, someone may be spying on you.
Connecting to open WiFi networks that do not require a password or use encryption is convenient when you’re in a pinch. But doing so could allow anyone nearby to easily spy on all of your online activity, Pargman says. Even worse, a cybercriminal can create a phony WiFi hotspot in order to trick users to connect to it and steal their data. For example, instead of going to your bank’s website, the WiFi network could direct you to a page that looks just like it and swipe your password when you try to log in. “The safest approach is to only connect to WiFi access points that you know and trust,” Pargman says. “Don’t just connect to anything you find.” If you really have no choice, make sure you never do these things when using public Wi-Fi.
Cybercriminals often use email, text messages, and even voice calls to fool their targets into giving up a password, clicking on a link to download malware, or confirming a transaction—a practice known as phishing. “Phishing remains one of the most often-used and successful tricks that cybercriminals use to compromise victims,” Pargman says of this mobile security threat. To avoid falling for a phishing scam, always verify who is contacting you for your personal information. For example, Pargman recommends telling the caller claiming to be your bank that you’ll call back using the bank’s official phone number. You should also delete these texts immediately because they are likely scams.
Beware of apps that promise to monitor the activity of your loved ones and children—in reality, they are spyware that is “designed to allow extremely invasive digital surveillance through a smartphone,” Pargman says. Abusers can use these apps to read texts and emails, track the phone’s location, secretly listen to nearby conversations, and take pictures, among other activities. Even less insidious apps can still collect data about what you do on your smartphone, Pargman says. While making your phone impossible to track can be hard, it’s still quite possible to do it to a certain extent to ensure safety. He suggests avoiding apps that request a lot of permissions or any permission having to do with accessibility. “Those permissions give apps the ability to read the text in other apps or control other apps—that’s a lot of power that can be abused,” he explains. Watch out for these red flags someone is spying on your computer, too.
If you think an app is too good to be true, it probably is, according to Pargman. He calls this the Trojan Horse trick: An app may appear to be beneficial—offering free access to something that should cost money—but it actually contains a virus. “People who take the bait and install these malicious apps are often surprised to find that instead of the promised free material they were hoping for, their entire smartphone is locked, or their data is stolen, and they are faced with threats,” Pargman says. Other times, the virus might secretly transfer money to the attacker’s accounts through the phone’s online banking app. “The best cure for these malicious apps is prevention,” notes Pargman. Steer clear of apps that promise free access to premium content, aren’t listed in well-known app stores, and don’t have a history of reviews. These are the apps security experts would never have on their phone.
Apps with weak security
Without strong security standards, many smartphone apps can make your information vulnerable to malicious actors. App developers might use weak encryption algorithms that are easy to hack, or unintentionally share digital “tokens” that allow hackers to impersonate real people online. Unfortunately, there is “very little that the average person can do to know which apps don’t do a good job with security,” according to Pargman. A good guideline is to be smart about the data you want to entrust to each app, he says. While you may feel comfortable allowing an app to save your email address, you should be more cautious about giving an app permission to access your contacts or store sensitive information such as your Social Security Number or date of birth. You can check out these mobile security apps to help protect your information.
Poor password security
More than half of Americans reuse passwords across multiple accounts, a 2019 Google/Harris poll found. Those passwords are catnip for cybercriminals, who can gain access to hundreds of accounts by purchasing massive lists of hacked and leaked passwords on the dark web. To protect your accounts from hackers, Pargman suggests setting up multi-factor authentication, as well as using a password manager app to generate and store unique passwords for every account. “That way, you don’t need to use your pet’s name as your only form of protection to keep your money where it belongs and out of the pockets of thieves,” he says. As you secure your accounts, avoid the password mistakes hackers hope you make.
When was the last time you updated your phone? It may be key to protecting your device against malware and other cyberattacks. Phones that are too old to receive security updates should be replaced, according to Pargman. “Even if it seems to still run, there’s risk in using an old phone that hasn’t received the latest security updates,” he says. You can find out how long your device will be updated by checking the “end of life” or “end of support” date on the manufacturer’s website. Samsung updates devices for up to four years, Apple provides regular updates for iPhones for about five to six years, and Google supports its Pixel line of phones for at least three years. FYI, that’s not the only warning sign it’s time for a new cell phone.
Reports of identity theft have sharply increased in the past few years, with millions of cases detected since March 2020 alone. Recently, thieves have used stolen identities to open new mobile phone accounts, or hijack an existing account and upgrade phones or add phone lines. Victims may receive large bills from their carrier or charges from accounts with other carriers that identity thieves opened without the victims’ knowledge. Secure your mobile phone account by creating a password or PIN with your carrier, which will be required to make any changes to your account in the future. Hackers can also do these scary things with your cellphone number.
How to safeguard your device
In addition to taking specific precautions for each of the mobile security threats listed above, Pargman recommends downloading anti-virus programs for your smartphone. Apps like Norton Security and Antivirus, McAfee Mobile Security, and Kaspersky Antivirus and Security can help to spot malicious apps if they have been installed. You should also make sure to keep your smartphone’s operating system (Android or iOS) up to date at all times, he says. Here are more tips to protect your phone from viruses. Also, learn how to make a private phone call to keep your phone number safe.
- Randy Pargman, senior director for Binary Defense
- Identity Theft Resource Center’s Help Center
- FTC.gov: “Your phone could be hijacked by an identity thief”