In this 4-part series you’ll learn why mobile security matters. We’ll explain common threats, debunk myths, and give you the tools to protect your phone and data -- all while speaking a language you still understand. This is part two. Stay tuned for next week’s chapter on adware.
You can learn a lot about someone from the contents of their smartphone.
From the moment you hit the snooze button until you turn off the lights at night, you use your mobile device to catch up on work, deposit checks, photograph special moments, text with friends, and much more. Your smartphone is an extension of yourself and overtime you’ve grown to trust it with private information.
This is why you need to know about spyware, a type of malware that can surveil the activities happening on your phone.
What is spyware?
While it may sound like the makings of a high-tech James Bond gadget, it’s actually a piece of mobile malware. To put it simply, spyware is designed to monitor the activities on a phone, steal data, and transmit it to a third-party for some sort of profit. Once installed, spyware gains access to existing data on your phone and proceeds to oversee future activity without your consent.
Spyware can monitor phone and SMS conversations, website and app activity, and GPS location, and more. It does this in the background of the device and usually goes unnoticed.
Consider the information someone could obtain after listening in on a 10-minute call with your bank or doctor’s office. Given the scope of the data collected, spyware is not a threat to ignore.
How is spyware installed?
In many countries, like the U.S. and the U.K., some spyware has found a quasi-legal position in the market. Some companies have been able to sell it as software that helps parents keep tabs on their kids (as seen by this South Korean government-approved spyware) or manage employee mobile behavior in a corporate setting.
Commercial spyware often lands on your phone by being physically downloaded. If you’ve failed to set a pin or passcode on your lock screen, like 40% of smartphone owners do, a few minutes alone with your phone is all someone needs to compromise your privacy. For as little as $30 per month, someone can gain visibility into your device.
Legal disclaimers conveniently buried within websites note that consent is required before downloading and discourage illegal activity. Needless to say, spyware is not hard to come by if an attacker is motivated.
Despite the strong likelihood of misuse, you can install spyware from vendor websites or app marketplaces, which is why it’s so commonly linked to the suspicious spouse or significant other -- it doesn’t require the work of a technical genius to install.
This spyware is anything but legal and often targets individuals and organizations for financial or political gain. Users can inadvertently download spyware via a web browser (drive-by download), phishing email, or even be fooled into downloading from an app store that may look safe or pretend to be a popular brand.
Once installed, malicious spyware mimics the actions of its commercial counterpart, covertly monitoring and collecting your data.
How spyware puts your data at risk
In the case of commercial spyware, not only is a person taking your data from you, the spyware companies themselves may be storing your data. In the event of a data breach, that private data is exposed: not a situation anyone wants to find themselves in.
A number of these commercial spyware vendors tout millions of downloads. They likely have large stores of data, making them an attractive target for the bad guys.
This was the case with commercial spyware vendor mSpy. In May 2015, attackers breached the company’s servers, stealing the personal data -- emails, SMS, payment, and location data -- of hundreds of thousands of users, according to Krebs on Security. Attackers proceeded to expose the stolen data on the Deep Web, leaving users -- who could be unaware spyware is even on their phone -- vulnerable to identity theft and fraud.
Protecting against spyware
While 41% of smartphone owners believe they are privacy conscious, they still revert to risky mobile behaviors like downloading from unofficial app stores and revealing private information on social networks. The reality is that your phone and data are only as secure as you’re willing to make them. Being proactive with your security and privacy will help you steer clear of threats like spyware:
Lock it down. Failing to set a pin or passcode on your phone is like leaving your front door wide open. As inconvenient as it may be, it’s your only defense if someone gains physical access to your device and intends to install spyware.
Avoid using birthdays or names of loved ones and opt for a strong passcode, using more than just the default number of characters. For extra security, take a tip from 40% of privacy conscious people and make sure you program your phone to lock after 1 minute of non-use.
Say yes to mobile security. Take a few minutes to activate a mobile security app, like Lookout, that detects spyware threats and alerts you before your privacy has been compromised. If you think you may already have spyware on your phone, a mobile security app will equip you with the tools to remove it.
Download on Google PlayDownload on App Store
Avoid sideloading. Sideloading is the act of downloading an app to a device without going through an official app store like Google Play or the Apple App Store. For example, you may encounter spyware via a malicious website or phishing email and inadvertently download it onto your phone.
Steer clear of shady links delivered via email or SMS and avoid websites that appear a bit off. Instead, only download from native app marketplaces, minimizing your risk of encountering malware, like spyware.
For an extra layer of security, Android users can avoid sideloading by making sure the download from “unknown sources” option is toggled off.
Settings > Security > Unknown sources