written by
Zack Calloway

Handheld Vulnerability: Is Your Smartphone Compromised?

Layered Security Approach vid 4 min read

So you’ve tapped a bad link on your phone.

You’re not the only one. Truth be told, this happens all the time. Once you realized your mistake, it all seems so obvious. But in the moment, that link seemed too good to pass up (or too urgent to ignore).

These scam links are getting better and more sophisticated. We’re not seeing so much “hot singles in your area” these days — most people know by now that the sketchy links are no good. These days scammers target business users with legit-sounding offers or urgent-sounding messages that act like they’re from work.

In other words, it’s quite possible that the scam was so well disguised that you’d never have known if it weren’t for that strange outcome. Whatever the case, the important question to ask is this:

What now?

What’s done is done, but you still need to take steps to make sure your smartphone isn’t compromised. Here’s what you need to know.

Understand the Threat Vectors

First, understand the potential threat vectors in play with bad links on your phone. As we see it, there are at least three: malware, data theft, and phishing schemes.

Let’s look at each of these in greater detail.

Malware

Malware is hostile software that gets installed on a device without the user’s consent and that usually completes actions the user does not want. It’s a much larger problem on computers than on phones, but the threat of mobile malware continues to rise.

There are all sorts of types of mobile malware, each with a specific end goal. Some grant remote access to a device, while others hijack the device to do other stuff in the background (like mine crypto or perpetuate click fraud).

Data Theft

Often in connection with one of the other two threat vectors, data theft is a considerable threat for mobile users. As more people use their personal phones to do work, there are more sensitive files on phones than ever before.

But data theft goes far beyond just the files actually stored on the phone. Data thieves might also target your location data or even your typed inputs via a keylogger.

Phishing Schemes

Likely the most prevalent threat vector via mobile is the phishing scheme — usually over SMS. The way this works is you’ll receive a text message, usually urgently worded, telling you of some kind of problem at work or with an account. When you click the link in the text, you’re taken to a fake login page. If you’re fooled into entering your credentials, some bad actor somewhere now has everything necessary to log into that account.

OS Matters, and So Do Those Pesky OS Updates

When considering mobile malware and other threats from bad links, the OS that you’re using matters. Android is particularly vulnerable to these exploits, including through links to malicious APKs hosted on bad actors’ servers. A fake SMS message prompting you to update an app could instead install malware, giving the bad guys a way in.

Apple fares far better than Android and does not share that SMS/APK vulnerability. Still, Apple’s iOS is far from immune to other security threats.

Both companies are constantly patching vulnerabilities in their OSes, too. Stay on top of those updates to keep yourself more secure.

Steps You Can Take to Secure Your Smartphone

While smartphone security is an ongoing challenge, these simple steps can help you secure your smartphone and reduce the risk.

Keep Your OS Up to Date

Exploiting old, unpatched software is the oldest trick in the book for bad actors. It’s no different on mobile, and that’s why those OS updates matter. Even the ones that don’t include any shiny new features usually squash dozens if not hundreds of bugs.

And you can bet that as soon as the bad guys learn of a promising (now-patched) bug, they go looking for phones that haven’t updated and are still vulnerable.

Consider Apple When It’s Time to Upgrade

Die-hard Android fans can skip to the next point, because this one’s painful. If security is your highest priority, consider switching to an iPhone next time around. They aren’t perfect, but they are much more secure.

Watch for Apps You Didn’t Download, Auto-Launchers, Extra Battery Drain

Keep an eye out for new app icons that you didn’t intend to download, plus any apps that seem to auto-launch. Sudden and extra battery drain is also a big red flag. Now, all of these are common Android scenarios that are rarely heard of in iOS. But all of these point to the possibility of malware or, at the least, compromised apps on your device.

Last Resort: Factory Reset the Phone

If you’re reasonably sure you’re dealing with malware on your smartphone, the only sure way to eliminate it is to do a full factory reset, which completely wipes everything off the phone. Deleting problematic apps is a start, but you won’t know for sure whether something is lingering in the background. A factory reset is a drastic step, but one that’s sometimes necessary in the name of security.