Top 9 Mobile Security Threats and How to Avoid Them

TLDR: If your Android or iOS device is compromised, run a malware scan, delete suspicious apps, revisit permissions, avoid public Wi-Fi, and follow specific steps for ransomware, stalkerware, and SIM hijacking. Prioritize your physical safety and seek help from organizations if needed.

Smartphones are ubiquitous devices that hold the keys to our communications, finances, data, and social lives, making them prime targets for cybercriminals.

Threat actors tirelessly evolve their tactics to break into Android devices from Google, Samsung, or Motorola, as well as Apple iOS-based iPhones.

With billions of users worldwide, no one is immune to cyberattacks like spam, phishing, malicious apps, and ransomware.

To stay protected, we must understand and recognize the most common threats to smartphone security in 2023.

This guide outlines those threats, the best defences for avoiding them, and what to do if you suspect your device has been compromised.

Top Threats to Android and iOS Smartphone Security in 2023

Phishing, Smishing, and Vishing

Phishing happens when attackers send you fake and fraudulent messages, attempting to lure you into sharing personal information, clicking malicious links, or unwittingly downloading and executing malware on your device.

They may also trick you into handing over account details for banks, shopping sites, social networks, or email.

Beware! Phishing can be used to install malware or surveillance software on your handset.

Mobile devices are vulnerable to phishing through the same avenues as PCs, including email and social network messages. However, they are also susceptible to smishing, which involves phishing attempts sent via SMS texts.

Spear phishing, also known as targeted phishing, is a more advanced cybercriminal tactic. Attackers conduct surveillance to gather information on their intended victim, typically targeting high-value individuals for financial or political gain.

Vishing, short for voice phishing, is another increasingly popular attack vector. Attackers use voice services like voicemails, automated robocalls, and voice-altering systems to deceive individuals into providing sensitive information.

Your Best Defense:

• Don’t click on links in emails or text messages unless you are absolutely certain of their legitimacy.
• Treat unexpected calls or voicemails with suspicion until proven otherwise.

Physical Security

Many of us overlook a crucial security measure: physically securing our mobile devices.

Without a PIN code, pattern, or biometric check like a fingerprint or retina scan, your handset could be vulnerable to tampering.

Leaving your phone unattended may also put it at risk of theft.

Your Best Defense:

• At a minimum, secure your phone with a strong password or PIN. This way, if it falls into the wrong hands, your data and accounts will remain inaccessible.
• Enable security features provided by Apple and Google to help recover your device if stolen. Apple’s Find My service tracks iPhones, iPads, and AirPods, while Google can also locate your smartphone and tablet.

SIM Hijacking

SIM hijacking, also known as SIM swapping or SIM porting, involves the abuse of a legitimate service offered by telecom firms when customers need to switch their SIM and telephone numbers between operators or handsets.

In a typical scenario, a customer will call their telecom provider, prove their identity as an account holder, and request a switch.

However, an attacker will use social engineering and the personal details they discover about you, including your name, physical address, and contact details, to assume your identity and deceive customer service representatives into giving them control of your number.

In successful attacks, a cybercriminal can redirect your phone calls and texts to a handset they own, including any two-factor authentication (2FA) codes used to protect your email, social media, and banking accounts.

SIM hijacking is often a targeted attack as it requires data collection and physical effort to execute. When successful, it can be disastrous for your privacy and the security of your online accounts.

Your Best Defense:

• Protect your data through cybersecurity best practices to prevent it from being used against you via social engineering.
• Avoid oversharing personal information online.
• Consider asking your telecom provider to add a “Do not port” note to your file (unless you visit in person), especially if your information has been leaked in a data breach.
• Use Have I Been Pwned to check the status of possible breaches involving your data.

Apps: Nuisanceware, Premium Service Dialers, and Cryptocurrency Miners

Your mobile device is also at risk of nuisanceware and malicious software that can force it to make calls or send messages to premium numbers without your consent.

Nuisanceware, more common in the Android ecosystem than iOS, is malware found in apps that makes your handset behave in annoying ways. While not typically dangerous, it can be irritating and drain your battery. You may be bombarded with pop-up ads, promotions, and survey requests, or have ad-laden web pages and videos launched in your mobile browser.

Nuisanceware is often developed to generate fraudulent income for its makers through clicks and ad impressions.

Premium service dialers, however, are more sinister. Apps can contain hidden functions that covertly sign you up for paid services, sending texts and making calls to premium numbers, with victims footing the bill and attackers pocketing the cash.

Some apps can also quietly steal your device’s computing resources to mine cryptocurrency. These apps sometimes slip through an app store’s security net and have been found in official repositories like Google Play. Cryptocurrency mining code can be hidden in seemingly legitimate apps such as mobile VPNs, games, and streaming software.

Your Best Defense:

• Only download apps from legitimate app stores.
• Carefully review the permissions requested by new mobile apps.
• If you experience overheating and battery drain after downloading new software, it could indicate malicious activity. Run an antivirus scan and consider uninstalling suspicious apps.

Open Wi-Fi

Open and unsecured Wi-Fi hotspots are ubiquitous, from hotel rooms to coffee shops. While intended as a customer service, their open nature makes them vulnerable to attack.

Your handset or PC could become susceptible to Man-in-The-Middle (MiTM) attacks through open Wi-Fi connections. An attacker will intercept the communication flow between your device and browser, stealing your information, pushing malware payloads, and potentially allowing your device to be hijacked.

Beware of “honeypot” Wi-Fi hotspots, which are open Wi-Fi spots created by cybercriminals, disguised as legitimate and free, for the sole purpose of performing MiTM attacks.

Your Best Defense:

• Avoid using public Wi-Fi altogether and use mobile networks instead.
• If you must connect to public Wi-Fi, consider using a virtual private network (VPN).
• Always switch to a cellular connection when using sensitive services, such as banking apps, for added security.

Surveillance, Spying, and Stalkerware

Surveillanceware, spyware, and stalkerware come in various forms. Spyware is often generic and used by cyberattackers to steal personally identifiable information and financial details.

However, surveillanceware and stalkerware are typically more personal and targeted. For example, in cases of domestic abuse, a partner (or ex-partner) may install surveillance software on your phone to track your contacts, phone calls, and GPS location.

Sometimes, apps marketed as parental control software or employee monitoring solutions can be abused to invade your privacy.

Symptoms of infection may include higher-than-normal power usage and the presence of unfamiliar apps. On Android devices, you may notice that the setting “allow/install unknown apps” has been enabled. Watch out for unexpected behavior and increased mobile data usage.

Your Best Defense:

• An antivirus scan should take care of generic spyware.
• While there’s no magic bullet for surveillanceware or stalkerware, watch for suspicious or unusual behavior on your device.
• If you think you are being monitored, put your physical safety above all else.

Ransomware

Ransomware can impact mobile devices as well as PCs, encrypting files and directories, locking you out of your phone, and demanding payment in cryptocurrency in return for a decryption key.

Examples of ransomware detected in recent years include Cryptolocker, WannaCry, BadRabbit, and Ruk.

Ransomware is often found in third-party apps or deployed as a payload on malicious websites. You may see a pop-up request to download an app, disguised as anything from a software cracker to a betting app, and your handset can be encrypted in minutes. However, ransomware is less common on mobile platforms than on PCs.

Alternatively, if cyberattackers can steal your Google or Apple ID credentials, they may abuse remote locking features and demand payment.

Your Best Defense:

• Keep your phone up-to-date with the latest firmware and your Android or iOS handset’s fundamental security protections enabled.
• Don’t download apps from sources outside official repositories.
• Run frequent antivirus scans.
• If you encounter ransomware, you might need to restore your phone from a backup or bring it back to factory settings.

Trojans and Financial Malware

There are countless mobile malware variants, but Google and Apple’s fundamental protections stop many in their tracks. However, of all the malware families you should be familiar with, trojans top the list.

Trojans are forms of malware developed specifically for data theft and financial gains. Mobile variants include Zeus, TickBot, EventBot, MaliBot, and Drinik.

Most of the time, users unknowingly download the malware themselves, which may be packaged as an innocent and legitimate app or service. Once on your handset, they overlay legitimate banking app windows and steal the credentials you submit, such as a password or PIN code.

This information is then sent to an attacker and can be used to pillage your bank account. Some variants may also intercept 2FA verification codes sent to your mobile device.

The majority of financial trojans target Android handsets. iOS variants are rarer, but strains still exist.

Your Best Defense:

• Keep your phone up-to-date with the latest firmware.
• Enable your Android or iOS handset’s fundamental security protections.
• Only download apps from official repositories.
• If you suspect your phone has been compromised, stop using financial apps, cut off your internet connection, and run an antivirus scan.
• Consider contacting your bank and checking your credit report if you suspect fraudulent transactions have been made.

Mobile Device Management Exploits

Mobile Device Management (MDM) solutions are enterprise-grade tools suited for the workforce. MDM features can include secure channels for employees to access corporate resources and software, spreading a company’s network security solutions and scans to each endpoint device, and blocking malicious links and websites.

However, if the central MDM solution is infiltrated or otherwise compromised, each mobile endpoint device is also at risk of data theft, surveillance, or hijacking.

Your Best Defense:

• The nature of MDM solutions takes control out of the hands of end users, so you can’t directly protect against MDM compromise.
• Maintain basic security hygiene on your device, keep it up-to-date, and keep your personal apps and information off your work devices.

How Can I Physically Protect My Device?

Your lock screen is the gateway to your device, data, photos, private documents, and apps. As such, keeping it secure is paramount.

On Android, consider these settings:

• Screen lock type: Swipe, pattern, PIN, password, and biometric checks using fingerprints or your face.
• Smart lock: Keeps your phone unlocked when it is with you, and you can decide what situations are considered safe.
• Auto factory resets: Automatically wipes your phone after 15 incorrect attempts to unlock.
• Notifications: Select what notifications show up and what content is displayed, even when your phone is locked.
• Find My Device: Find, lock, or erase your lost device.

On iOS devices, look for these settings:

• Passcode: Set a passcode to unlock your device.
• Face ID or Touch ID: Biometrics can be used to unlock your device, use apps, and make payments.
• Find my iPhone: Find, track, and — if necessary — lock your lost iPhone.
• Lockdown Mode: Dubbed “extreme” protection for a small pool of users considered most at risk of targeted attacks, this feature provides additional security for malicious links, content, and connections. You can enable Lockdown Mode in iOS 16 or later.

What Should I Look Out for as Symptoms of Malware Infection?

If you notice your Android or iOS device is not behaving normally, you may have been infected by malware or be otherwise compromised.

Here are things to watch out for:

Battery Life Drain:

• Batteries degrade over time, especially if you don’t let your handset run flat every so often or you are constantly running high-power mobile apps.
• If your handset is suddenly hot and losing power exceptionally quickly, this could signify malicious apps and software burning up your resources.

Unexpected Behavior:

• If your smartphone behaves differently and you’ve recently installed new apps or services, this could indicate that all is not well.

Unknown Apps:

• Software that suddenly appears on your device, especially if you have allowed the installation of apps from unidentified developers or have a jailbroken smartphone, could be malware or surveillance apps installed without your knowledge or consent.

Browser Changes:

• Browser hijacking, changes to a different search engine, web page pop-ups, and ending up on pages you didn’t mean to could all be signs of malicious software tampering with your device and data.

Unexpected Bills:

• Premium number scams and services are operated by threat actors to generate fraudulent income.
• If you have unexpected charges, calls, or texts to premium numbers, this could mean you are a victim of these threats.

Service Disruption:

• SIM hijacking is a severe threat, normally a targeted attack with a particular goal, such as stealing your cryptocurrency or accessing your online bank account.
• The first sign of attack is that your phone service suddenly cuts off, indicating your telephone number has been transferred elsewhere.
• A lack of signal, no ability to call, or a warning that you are limited to emergency calls only can indicate a SIM swap has taken place.
• You may also see account reset notifications on email or alerts that a new device has been added to your existing services.

What About Government-Grade Mobile Malware?

On occasion, enterprise and government-grade malware hit the headlines. Known variants include Pegasus and Hermit, used by law enforcement and governments to spy on everyone from journalists to lawyers and activists.

In June 2022, Google Threat Analysis Group researchers warned that Hermit, a sophisticated form of iOS and Android spyware, was exploiting zero-day vulnerabilities and was now in active circulation. US government employees abroad have been targeted with government-grade mobile malware.

The malware tries to root devices and capture every detail of a victim’s digital life, including their calls, messages, logs, photos, and GPS location.

However, the likelihood of you being targeted by these expensive, paid-for malware packages is low unless you are a high-profile individual of interest to a government or other organization that’s willing to go to these lengths.

You are far more likely to be targeted by phishing, generic malware, or, unfortunately, friends and family members using stalkerware against you.

What Should I Do if I Think My Android or iOS Phone is Compromised?

If you suspect your Android or iOS device has been infected with malware or otherwise compromised, you should take urgent action to protect your privacy and security. Consider these steps below:

Run a Malware Scan:

• Ensure your handset is up-to-date with the latest operating system and firmware, as updates usually include patches for security vulnerabilities that can be exploited in attacks or malware distribution.
• Google and Apple offer security protection for users, but it wouldn’t hurt to download a dedicated antivirus app like Avast, Bitdefender, or Norton, even if you stick to the free versions.

Delete Suspicious Apps:

• Delete any apps you don’t recognize or use. In cases of nuisanceware, deleting the app can be enough to restore your handset to normal.
• Avoid downloading apps from third-party developers outside of Google Play and the Apple Store that you do not trust.

Revisit Permissions:

• Check the permission levels of apps on your mobile device from time to time.
• If they appear too extensive for the app’s functions or utilities, consider revoking them or deleting the app entirely.
• Keep in mind that some developers, especially in the Android ecosystem, may turn legitimate apps malicious down the line, so stay vigilant.

Tighten Up Communication Channels:

• Avoid using open, public Wi-Fi networks unless essential. Stick to mobile networks instead.
• If you don’t need them, turn off Bluetooth, GPS, and any other features that could broadcast your data.

Premium Service Dialers:

• If you’ve had unexpected bills, go through your apps and delete anything suspicious.
• Call your telecom provider and ask them to block premium numbers and SMS messages.

Ransomware:

• If alerted before encryption, cut off internet and other connections, boot up in Safe Mode, delete the offending app, and run an antivirus scan.
• If your handset is locked, try using a decryption tool like those listed by the No More Ransom project or provide information to Crypto Sheriff for free assistance.
• In the worst-case scenario, perform a factory reset and restore your device from a backup. Remember, paying a ransom does not guarantee your phone will be unlocked or files decrypted.

Stalkerware, Surveillanceware:

• If it’s basic, generic spyware, Google, Apple, or a dedicated antivirus app should detect and remove it.
• If a partner or close contact is monitoring you, removing the app may alert them and risk your physical safety. Some spyware can also be remotely reinstalled.
• Reach out to an organization that can help, consider using a burner phone, and prioritize your physical safety.

SIM Hijacking:

• Call your telecom provider immediately to have your service restored. Visit in person if possible.
• To mitigate risk, consider linking crucial accounts to a number not publicly connected to you, like a pay-as-you-go number.