So much of our everyday lives are connected to the online world. We’re using apps to chat with friends and find love. We’re completing diplomas and degrees through online programs. We’re banking online and making digital transactions for almost everything — less than half of Americans under the age of 50 worry about keeping cash in their wallets.
As computers and mobile devices increasingly become people’s primary tool for everyday tasks, cybersecurity has only become more important. Every day, people’s accounts are compromised, and people want to know how to protect themselves. But how can they protect their sensitive data? Which devices are the most secure?
The truth is that neither PCs nor smartphones are fully secure platforms. Whether you’re accessing the internet through your notebook, tablet or smartphone, there are basic steps that you need to take to keep your data secure.
Table of Contents
- What Are Mobile Security Threats?
- Why Your Mobile Data May Be at Risk
- Smartphones vs. PC Security: Which Is Safer?
- 4 Security Precautions to Take When Using Your Devices
What Are Mobile Security Threats?
Smartphones and tablets were built from the ground up with the connected world in mind. Developers for Android and iOS envisioned a software ecosystem where users could connect with people all around the world and find new content of all kinds from creators. To protect users as they explore this content, developers built in security requirements to devices and the mobile operating software.
Unfortunately, some users place far too much trust in the security of their mobile devices and fail to protect themselves and their data. A survey from Consumer Reports found that 34% of smartphone users don’t use any security measures to protect their device — not even a lock screen protected with a four-digit PIN.
There’s an element of risk that users are exposed to when using their devices to connect with other systems. While Android and iOS both have robust security protocols, hackers have found ways to abuse limitations or loopholes in device hardware and software — or take advantage of the lax security practices of end-users.
What kinds of threats do users of mobile devices face? In a 2017 report, the United States Department of Homeland Security (DHS) categorized five different types of mobile security threats:
- Denial of service: When malicious code denies or degrades service received by users, it’s called a denial of service attack. These attacks overload networks and jam wireless communications.
- Geolocation: For cellular networks to connect with a user’s device over mobile data, they need to know the device’s location. This requirement opens up the possibility for users to be physically tracked using their device location.
- Information disclosure: Mobile devices can be used to get unauthorized access to user information. Data can be intercepted in transit or leaked from apps with poor security practices. Researchers worry about the threat of users being eavesdropped on, possibly through surreptitious activation of device microphones or cameras.
- Spoofing: In a spoofing attack, attackers impersonate someone or something that a user trusts to get access to their systems. A spoofing attack might take the form of an email that looks like it’s from a boss or trusted associate. Attackers also create Wi-Fi access points that appear legitimate but demand information from users that can be later used to crack their login credentials elsewhere.
- Tampering: Tampering attacks modify hardware, data, software or firmware without authorization, giving unauthorized users access to sensitive data and services.
All told, there are a variety of potential threats that users face as they use their smartphones, tablets and other connected devices. While it’s true that there are protections built into the software and hardware of these devices, people need to recognize that there’s nothing magical about their smartphone that protects them from cybersecurity threats.
Why Your Mobile Data May Be at Risk
Cyberattacks aren’t just theoretical exploits that could happen — they are all-too-real problems that people face every day. If you’re not making safe and informed choices about protecting your data, you could easily become the victim of a cyberattack.
Why might your mobile data be at risk from a cyberattack?
1. You may have installed an infected app.
In 2019, security researchers discovered a widespread adware attack now called SimBad. The malware was part of a Software Development Kit (SDK) distributed to app developers as a tool for serving ads to end-users. Over 200 apps made use of this SDK, many of which were downloaded over one million times. All told, the adware was downloaded over 150 million times.
What did this adware do? Like other adware, SimBad can display ads and browser pages without user control. Left uncontrolled, SimBad could have been used to trick people into giving up their login information through phishing websites.
Thankfully, Google was quickly alerted about this threat, and the company removed the infected apps from the Google Play Store. The SimBad situation shows, though, that users need to be vigilant about the apps they install. Infected apps can expose user data to a cyberattack.
2. You may have been the victim of a phishing attack.
Sometimes, getting sensitive data from people is as easy as asking them for it. In a phishing attack, a hostile party pretends to be a trusted entity to get users to give them information, typically login credentials. Then, that login information can be used to access other data, like bank account or credit card information.
Phishing attacks take many forms. Sometimes, cyber criminals will create a fake website or portal that resembles the one that users trust. Users who aren’t paying close attention to the site may try to log into it as usual, and inadvertently give away their login credentials.
Another strategy, commonly called spear-phishing, involves sending messages directly to people. Typically sent through email, these requests might send users to a compromised website. To get users to follow the link, spear-phishing attacks usually make up a problem or emergency — they might claim that the user’s email box is full, for example. Other spear-phishing attacks are more personalized. Hostile parties might impersonate your boss or supervisor and request specific information.
3. You may have visited an unsafe website.
Whether you’re browsing the internet through your PC or your mobile device, you may have compromised the safety of your data by visiting an unsafe website. One category of cyberattack called browser exploits involves finding loopholes in the code of popular web browsers and using them to mislead visitors and gain access to their devices and information.
For example, a security researcher recently found that he could exploit the behavior of Google Chrome on mobile devices to show users a fake URL bar. This browser exploit could be used to convince users that they’re on a safe, trusted website when, in reality, they’re not. Even further, when users try to navigate away from the site using the fake URL bar, they could be steered into yet another compromised site.
Smartphones vs. PC Security: Which Is Safer?
So, are smartphones more secure than laptops? Are computers the safer option? Which should users prefer when accessing, creating and storing sensitive data? To answer these questions, we have to consider the similarities and differences between today’s mobile devices and PCs.
Processors and Systems-on-a-Chip
A processor is at the heart of both PCs and smartphones, performing the necessary mathematical calculations for the device to function. PCs, whether desktops or laptops, typically have processors created by Intel or AMD. Smartphones, on the other hand, usually have a system-on-a-chip fabricated by Qualcomm, Apple or Samsung.
So do smartphones or PCs have safer processors? Honestly, there’s no simple answer here. There are vulnerabilities that appear for individual processor families, like the ZombieLoad attack which targets Intel chips, but no clear winner when it comes to cybersecurity.
For smartphones and PCs, processors are connected to two kinds of storage. One type of storage is slower, but larger in size, and is used for storing application files and user-created media. The other, RAM, is faster and is used for the data currently being worked on by the processor. Additionally, it’s common for both smartphones and PCs to be connected to a variety of cloud-based storage systems. Instead of storing years of photos on one breakable device, many users prefer their photos to be stored on online platforms provided by Apple or Google.
In terms of hardware used to store data, cell phone security is quite similar to PC security. Android and Apple devices, however, use a strategy called application sandboxing to limit how much damage an infected app can cause on any given device. Instead of providing applications full access to a device, applications are limited to a specific “sandbox” of functions and storage.
Desktops and laptops are not without their own strategies for protecting user data, however. Apple products of all kinds support app sandboxing. Microsoft protects users in a variety of ways, including requiring administrator access for potentially dangerous tasks. All told, there is robust security for user data built into PCs and smartphones — as long as people make effective use of it.
There are some differences between the ways that notebooks and desktop PCs connect to the internet and the ways that smartphones connect to the internet. All of these devices often use Wi-Fi signals to connect to networks, but PCs often use a wired network connection. Wired networks are often considered the most secure because users need to have physical access to the network to connect. Smartphones, tablets and some laptops, on the other hand, use radio signals like 4G LTE (and soon, 5G) to connect to cellular towers.
So what should people use for the most secure connections? Wi-Fi or their device’s cellular data connection? Wi-Fi can provide a very secure connection, but it depends entirely on how the network is set up. Users should be wary of using public Wi-Fi to access sensitive information, like their bank accounts. Phishing attacks commonly use publicly available Wi-Fi to trick users into compromising their data. Cellular connections are not immune to exploits, but they are often a safer choice, especially for people who are traveling.
So, are PCs or mobile devices more secure? While there are differences between smartphones and PCs, it’s better to just think of both of them as computers. Smartphones and tablets might be smaller and use different input devices, but they have similar hardware. Broadly, smartphones and PCs are vulnerable to the same kinds of attacks, and users should follow the same precautions to secure their devices and their data. People have had an unfortunate tendency to think of smartphones as phones, leading them to neglect the security practices that they learned to use with computers. If we think of all of our devices as computers, we’re more likely to make better security choices.
4 Security Precautions to Take When Using Your Devices
Since both PCs and mobile devices are computers that need to be protected with strong security practices, there is a common set of strategies that users can implement to protect their devices and data.
How do you maintain data privacy on your devices?
1. Keep Your Software Updated
Here’s a simple lesson that users of all devices need to take to heart — update your software, and keep it updated. Whether you’re using an Android phone, an Apple tablet or a Windows notebook, the best security will be provided by the most up-to-date operating system. Most of these updates can be provided automatically and installed at a time when you’re not using the device.
2. Protect Your Devices and Accounts with Strong Passwords and Passcodes
Today’s devices are equipped with multiple tools for securing access against unauthorized users. You can lock the screen with a passcode, your fingerprint or face identification. There are encryption tools and antivirus apps. There’s no reason to be one of the 34% of Americans who fail to use any security measures for their smartphones. Protect your device!
Similarly, there are commonly-accepted best practices for the passwords you create for your accounts. Use different passwords for all of your accounts, especially for your bank account and your primary email address. Strive for passwords that are lengthy and suitably complex, yet easy for you to remember. When available, use multi-factor authentication tools.
3. Use Secure Network Connections
Not all networks are equally secure. A wired connection to a secure, firewalled network is your best choice, but it’s not always an option. Elsewhere, use only trusted WiFi connections, relying on your cellular connection when necessary. Remember that cybercriminals often use legitimate-looking WiFi connections to conduct phishing attacks.
4. Use Trusted App Stores and Check Permissions
As much as possible, use a trusted app store to purchase, download and manage your apps. While you can’t trust everything on Google’s Play Store or Apple’s App Store, these services are much better than the alternatives. These companies invest considerable resources into curating the available apps and removing infected or exploitative apps as they find them. These services will also keep your apps updated automatically, helping ensure that you’re using the most secure versions of the apps you love.
BlackStratus Can Help
Cybersecurity is tricky enough for individuals to figure out. For businesses, it is a much more significant problem. In today’s bring-your-own-device culture, companies have to maintain security even as employees connect to a wide range of systems with a vast array of devices.
If you have questions about the types of security solutions available for your business or organization, contact our team. BlackStratus provides industry-leading security products and services and is well-positioned to help you solve your security and compliance challenges.
- 10 Mistakes Businesses Make Before and After a Data Breach
- How Much Should Your Company Invest in Cybersecurity?
- What to Know About the Future of Cloud Computing and Data Security
- 5 Impacts a Data Breach Has on Your Business
- 5 Tips for Developing the Perfect Password