Why care
The smartphone has become a core object for the use of cyberspace, insofar as it is a device that is not just a mobile phone, but an authentic pocket computer where multiple functionalities can be found. This importance is not always accompanied by a corresponding concern for cybersecurity. For example, a smartphone that has no locking and authentication mechanism leaves all stored files, such as photos and documents, and installed applications, such as email, online banking or social networks, exposed to third parties.
As a mobile object, the smartphone accompanies the life of each individual very closely, storing traces of daily life like few other devices: the shared images; the journeys made with the help of GPS; the run monitored by an app; the history of messages and phone calls; among many other aspects. When professional email or other applications used for professional interactions are available on the smartphone, work context data is also at risk if you are not careful. When you protect your smartphone, you protect access to all this information.
Did you know that?
The compromise of a
smartphone through theft or simple loss can jeopardise a lot of information that needs to be protected, especially if no mechanism to block the device has been activated. In addition, a malicious programme installed on the
smartphone that allows spying on the user's activity through the camera, for example, can have extremely privacy-invasive consequences. In addition, the
smartphone is often used as a second authentication factor through an SMS,
token or
email. Therefore, compromising this device can help a malicious agent bypass the extra layer of security that multiple factor authentication allows.
Many of the frauds conducted through so-called "social engineering" are done using phone calls to capture personal data or lead people to make bank transfers. These phone calls are called vishing, a word that results from the contraction of the word "voice" with the word
“phishing”. So it is
phishing through voice instead of
email. This technique is also widely used through SMS, the so-called
smishing (contraction of "SMS" with
“phishing”), where often a
link is shared that can lead to fraudulent
websites or the installation of malicious
software.
It is also very important to keep your system and applications up to date. As with any computer, these updates allow you to fix security vulnerabilities that are discovered over time. Also as with a computer, access to public Wi-Fi should be done through a VPN, thus avoiding the security vulnerabilities found in a public network, which may allow an outsider with the appropriate knowledge to access it. Alternatively, in such cases, it is preferable to use the operator's data.
Considering that the
smartphone is a device where new applications are easily installed, many of them "apparently" free, some care must be taken with the criteria that are used to make these installations and with the access authorisations to functionalities that are granted. Applications made available outside of recognised platforms for this purpose are less subject to verification and criticism. You are more likely to encounter a malicious application in this context, which may bring with it
software which, for example, spies on users and violates their personal data
(spyware). Moreover, even apps that do not install malicious
software can be abusive towards users, unnecessarily accessing their camera, photos or contact list, with the possibility of this data being used for unauthorised commercial purposes. An app that you do not pay for with money is generally an app that pays for itself with user data.