Today’s mobile operators play a high-stakes game of cat and mouse with hackers and cybercriminals who are phishing and exploiting device network and application (“DNA”) vulnerabilities to undermine customer privacy, cause damage and steal data for profit. These mobile threats include conventional cyberattacks such as email phishing, junk phone calls and SMS spam messages, to more advanced methods including Wi-Fi network spoofing, malware delivery, ransomware, and compromising devices like jailbreaking or rooting.
The telecommunications industry gains some security benefits by design from the modern architecture of smartphones, agreed-upon protocols such as 4G LTE, data encryption and established IT security measures that can protect the telco’s corporate network and infrastructure. However, preventing advanced mobile threats at the user equipment level still remains up to the MNO and its end customers.
Users Need Device-Level Protection
While current iOS, Android and Chromebook devices have built-in security features, these platforms are constantly evolving. New vulnerabilities are discovered every day, and new OS updates are constantly published to repair them. Users are seldom up-to-date on these changes, and unaware of behaviors that expose private data and credentials on their devices. Compounding the security challenge are privacy policies and regulations in place that limit the control the MNO or its corporate B2B subscribers can have over the end user’s device and the data on it, especially in a bring-your-own-device (BYOD) scenario.
Insecure and Rogue Networks Abound
Users who are constantly on the go can make several network handoffs and interactions over the course of a day, tapping into public Wi-Fi access points, connecting to USB ports, Bluetooth devices, running location-based services and more. Global threat data proves that there are a tremendous number of number of potentially dangerous networks and insecure devices available for connection, especially in urban and well-traveled areas. Cybercriminals set up fake “Free Wi-Fi” services to disintermediate a device through a “Man in the Middle” (MITM) attack, and capture data or take control of the device as it attempts to connect to the Internet. Once compromised, any network or device can spread malicious code or malware through interaction with more users.
Application and Malware Threats
Since smartphone users self-administer their devices, they may be running an outdated OS or download insecure apps from app stores. A smartphone that interacts with your network assets can be compromised and weaponized to spread viruses and malware to other users, or steal valuable customer and company data.