Tech giant Samsung has issued a sinister warning to millions of smartphone users, about a potential new form of “zero-click” attack. According to the tech giant, simply receiving an image on your phone could one day be enough for hackers to access your device.
“Imagine this,” said a release from the tech giant. “Your phone receives an image via text and it vibrates gently or it’s on your bedside table, lighting up briefly as you sleep. You haven’t touched your phone, but someone may already be reading your messages, browsing your gallery and viewing other personal data. Zero-click exploits are just the latest threat in an era of increased cybercrime targeting user data.”
Cyber-crime is a rapidly evolving landscape, and attacks on phones surged by 500% last year, as criminals increased their efforts to snare unsuspecting victims. One emerging threat is a form of spyware called Hook, which is aimed at Android users. The dangerous malware allows criminals to hijack mobile phones and extract critical information, such as banking details. It can even spread malware to other users, sparking a devastating domino effect.
Of course, our mobile devices play an increasingly critical role in both work and home life. However, Chief Information Officer Chris Crowther says businesses often overlook them, as they prioritise protecting their office-based networks instead. And this can have damaging consequences.
“If your business invests in anti-virus tech and software, an attacker will know that isn’t your immediate vulnerability,” explains Chris. “So, instead of attacking you that way, they will find out where you are weakest. This might mean targeting the human aspect of your company instead. If one of your employees is all over Facebook or Twitter, criminals might target them with a malware link, relating to something they know they’ll be interested in.”
Chris adds that it is vital never to use the same passwords across your personal life and work life. This is because compromised passwords and logins constantly appear on darkweb criminal sites for sale. And if a company issues work mobile devices, then a sensible cyber-security habit is to keep work and personal mobile devices separate.
If your company allows employees to use their own devices, known as Bring Your Own Device or BYOD, then it’s important to follow the BYOD policy to the letter, otherwise they are at high risk of putting company data at risk. This is partly because employees are very likely to use messaging, social media and e-commerce apps, all of which can leave them vulnerable to cyber-attack through clicking on dodgy links. If successful, this can enable threat actors to steal valuable business information.
“If you are using your personal mobile for business, consider what happens if a cyber-criminal sends you a text about an upcoming parcel delivery,” adds Chris, who co-founded the West of England Cyber Cluster and supports SMEs as a virtual CIO.
“If this is malware and you click on that link, you could then end up with a keylogger on your phone. This is a type of spyware that records user keystrokes, allowing hackers to read anything you are typing into your keypad.
“This could include sensitive data like system passwords, bank account details and credit card numbers. Ultimately, when your business email or Teams account then asks you to re-enter your password, cyber-criminals can access your details. This could have far-reaching consequences for your business.”
While establishing a robust mobile security protocol might sound daunting, Chris says it isn’t as complex as people think. “It’s just about putting sensible controls and policies in place,” he says. “If you need advice, the Business Cyber Centre is here to help SMEs understand how to protect themselves and prosper.”