If you didn’t attend our recent mobile phone security webinar, you may wonder what all the fuss is about – surely mobile phones are protected against cyber threats you ask.
Unfortunately you have to remember that your mobile phone or tablet is just another computer and, as such, is still as vulnerable to cyber threats and attacks as your laptop or PC.
Consider this:
- Your phone often contains valuable personal and business data – banking apps, sensitive information etc.
- Devices like phones are easily lost. They’re also fairly easy to steal. Criminals know this and it makes you and your staff targets because of what these devices contain.
- Cyber criminals have very sophisticated methods to hack into devices these days. And they also do things like ‘shoulder surf’ – for example, peering over your shoulder in a crowded place to try and catch you entering a password or PIN, or view sensitive data.
And that’s not all unfortunately. News articles like this one from well-known publication ‘Tech Radar’, report that Apple has just fixed three Zero-Day flaws, which were intended to hack vulnerable iPhones, Macs and iPads.
What are zero-day cyber attacks?
A zero-day attack is when cyber attackers discover a flaw and exploit the vulnerability – usually in software – before the developer (Apple in this case) is aware of it or has released an official patch or update. This effectively gives them ‘zero days’ to fix the problem.
Apparently the vulnerabilities here resided in the multi-platform WebKit browser engine. WebKit is Apple’s browser engine and the underlying technology in the Safari web browser, as well as being used in all web browsers on iOS and iPadOS. Tech Radar points out that, “As such, WebKit is an attractive target for threat actors looking for vulnerabilities that can be used to grant access to the target.” Worrying right?
The list of impacted devices is here (and it’s not just mobile phones):
- iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), iPod touch (7th generation), and iPhone 8 and later
- iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later
- Macs running macOS Big Sur, Monterey, and Ventura
- Apple Watch Series 4 and later
- Apple TV 4K (all models)
- Apple TV HD
You will be relieved to hear that Apple has addressed these particular zero-day flaws but everyone should check that they have installed the latest updates on their devices in order to include the fixes.
Recent releases are listed on the Apple security updates page.
How to reduce the risks of being the victim of cyber attack
Bear in mind that we have given examples of the most recent bugs but there have been others in the past and there will be many more in the future.
If you tighten up your cybersecurity protection you will be more ready for these attacks.
As well as updating your software when prompted you should take other steps to lessen the risk of becoming a victim:
- Avoid using public WiFi wherever possible as it isn’t secure and criminals can hack in. Use mobile data instead or a VPN.
- Use strong passwords which aren’t guessable – criminals will check for obvious passwords like your favourite football team or pet’s name, well-known strings of letters like abcdef, or numbers 123456 – or the word ‘password’, ‘querty’ or ‘guest’. Use separate passwords for personal and business use and make them longer. Use a different password for your bank account!
- To tackle the challenge of remembering all your passwords, keep them in a Password Manager, rather than writing them down or having an Excel spreadsheet or other list on your computer.
- Some accounts, like bank accounts, use multifactor authenticaton and will send you a code to verify your identity. You can set up a similar system of multifactor authentication on your phone. Microsoft and Duo are two examples of authenticators.
- Only download approved apps.
- Be aware that you might receive spam and malicious messages and emails – look out for them and don’t open any links that you can’t verify.
For businesses it is vital that you nurture a culture of cyber awareness and have the appropriate measures in place to mitigate cyber security risks. This might mean having a cybersecurity expert or team and a suitable cyber security strategy.
If you aren’t sure where to start you can contact us for a chat. Or book a free Cyber Security Audit with us here.