Let’s fac it, our smartphones are the extension of our
lives, both on a personal and professional basis. If anything happens to it, we are totally
paralyzed, in a way like losing our Internet connection. But given how much we actually use them; they
have been for the longest time a prime target for the Cyberattacker.
There have been countless articles written about how to keep
your device safe as much as possible, so today I am going to be one of them.
But we take a different approach on this one, in that we
focus upon the Android, and all of the smartphones that use them. At the present time, this is the most popular
OS that is around. In fact, it has been
estimated that there are over 3 billion users of it on a global scale.
Most of them have relied heavily upon the antimalware, antivirus,
firewall, etc. that is installed onto
them as the main source of protection.
But truth be told, the malware of today has become so sophisticated and
covert that many of them bypass these traditional safeguards and very often are
not detected in time.
The main culprit behind this trend is believe or not, Generative
AI. Through the use of the various
platforms that have become available (especially that of ChatGPT) a
Cyberattacker can literally create a piece of malicious payload that can be
easily spread in Phishing emails, and even tricking legitimate chatbots that
many people make use of.
The Cyberattacker can now quite easily “jailbreak” into the core
of the chatbot, and manipulate it in a way to launch Social Engineering
attacks. For example, if an end user
went to a website seeking advice on something from a chatbot, it could really be
just a fake, and instead, it could pose questions back, or even engage in a particular
conversation, that will urge the end user to give up their private and
confidential information, ranging anywhere from financial information to their
Social Security numbers.
As a result of all of this, there has been a 61% rise in Phishing
based attacks alone just from Generative AI, and outsmarting the chatbots. Apart from this, another grave threat that is
posed to the Android user is what is known as “Incremental Malicious Update Attacks”,
also known as the “IMUTA” for short.
Essentially, this is where a Cyberattacker will deploy a
malicious payload in an incremental fashion, finding its home in a mobile app that
is not completely secured. In fact, the
major source of where these malicious are deployed is the Google Play Store.
The trick here is that every time the end user updates their
Android device, this malicious payload will become more dominant in the OS, until
is too late to do anything about it. According
to a recent article that was published
in the Journal of Ambient Intelligence and Humanized Computing, the researchers
have demonstrated how IMUTA can be used to breach the privacy of how a voice
search application (which is actually a mobile app) that is downloaded from the
Play Store can add malicious features through the incremental updates. Worst
yet,
The malware can scan and collect private user data from the
device, such as contacts, messages, photos, and transmit it to a remote
server for covert execution.
More information about this threat vector can be found at
the following links:
https://scholars.org/contribution/imuta-malware-breaches-google-play-security
https://link.springer.com/article/10.1007/s12652-023-04535-7
So given just how scary the above scenario can be, what is
an Android user supposed to do? Well,
first keep in mind that all people who use a smartphone are prone to being
hacked. The key here is in mitigating
that risk. So here are some quick steps
that you can take:
1)
Be careful of what you download:
For example, do you really need
this app, or is just a “want to have”? My recommendation would be to download those
apps that you really need. Before you do
so, always check the website of the vendor, and try to find any reviews by
doing online searches. If there
is anything negative about you, don’t download it!!!
2)
Keep your smartphone updated:
Simply put, if there is an update,
install it. If possible, enable your
smartphone to update automatically, but outside of hours when you are not using
it.
3)
Monitor your device:
Beware of any subtle signs that
your device is telling you. For example,
watch for any slowdowns, unusual system crashes, or any pop ups that
appear. These are usually the first
warning signs of the IMUTA threat vector.
My Thoughts On This:
To be honest, if I was shopping for a smartphone or looking
for a replacement, I would go with an iPhone.
I have been a user of one since 2014 or so, and the security features
they have are great. Also, the app store
from Apple is pretty secure as well.
For instance, before any mobile app can be uploaded for
general consumption by the public, Apple requires that the software
developer(s) follow stringent security testing measures, including thoroughly
testing the mobile app in a sandbox environment, then releasing it to a limited
production environment.
Just some food for thought.
No comments:
Post a Comment