From Ashley Madison to Snapchat, security leaks are constantly publicised in the media. It is becoming an increasing headache for enterprises as the amount of information available online is growing exponentially every year, and so the rewards for hackers are increasing with it. But how easy is it for someone to hack into a mobile phone?
In January this year there was a widely-publicised case where the FBI were offering a one-time fee to hackers who could help them break into an iOS device.
The Hacker’s Toolkit
The toolkit for a hacker is easily purchased and modified. Items such as the Pineapple access point (AP), which are marketed for ‘reconnaissance’, can be bought for under $100. Worrying, they can easily be used to carry out phishing attacks.
How to phish on an Apple device
Everyone’s familiar with old school phishing emails. Those one that claimed you had won a competition or inherited a fortune. Well, just like those emails, the aim of phone phishing is to get the user to click and download a profile onto their device. There are certain technologies (eg. Twilio) that can detect which carrier is being used. From here, the hacker is able to send a text to the mobile, designed to look like it comes from a legitimate source, such as ‘find my phone’ or something official from Apple itself.
The key is prevention
Once hacked, there is no way to know your information is being re-routed. Most experts agree that the best form of protection is prevention. Users should be exercising caution when downloading large numbers of apps, in particular if they are not from an official app store. They should also pay attention to the Wi-Fi networks their phone is accessing. For enterprises seeking to limit the risks to corporate devices, there are two main options. Firstly, education and internal training programs can give employees the knowledge that will reduce the likelihood of risky behavior. As any IT or mobility administrator will tell you, however, employees can often be stubborn or otherwise unresponsive to even the best training programs. The most secure option is to invest in technologies that will give admins insight into behavior. EMM solutions will safeguard the apps that can and can’t be downloaded to end-user devices and MTD vendors can offer visibility and protection from this type of attack. To see how Wandera can help keep your organization secure, please request a demo.Wandera Newsletter
Sign up for the latest news and tips on security and access for businesses.