What are the types of mobile device security?

Table of Contents Show

1. Madware and spyware
2. Viruses and Trojans
3. Drive-by downloads
4. Browser exploits
5. Phishing and grayware apps
How to protect yourself from mobile security threats

Written by a NortonLifeLock employee

Did you know that every year, the number of threats your phone encounters keeps increasing? In fact, the number of new mobile malware types jumped 54 percent from 2016 to 2017.1

The bad news doesn’t stop there.

Once your phone is hacked, your other devices may be next if they are connected. That’s because your overall online security is only as strong as the weakest link in your chain of connected devices. Malware can spread from your hacked phone to your tablet or another mobile device through the network.

This article identifies five mobile security threats and how you can help protect yourself from them.

1. Madware and spyware

Madware is short for mobile adware. It’s a script or program installed on your phone, often without your consent. Its job? To collect your data for the purpose of better targeting you with ads. On top of that, madware often comes attached at the hip with spyware. Spyware collects data about you based on your internet usage and transmits it to a third party. That data is then bought and used by companies to send you advertisements. However, seeing more ads is the least of your worries when it comes to spyware. It also collects information about your location, internet usage, and even your contacts. This makes it a problem not just for you, but perhaps also for everyone you know.

2. Viruses and Trojans

Viruses and Trojans can also attack your mobile devices. They typically come attached to what appear to be legitimate programs. They can then hijack your mobile device and mine the information it holds or has access to, such as your banking information. Viruses and Trojans have also been known to send premium text messages that can be costly

3. Drive-by downloads

Drive-by downloads refer to any malware installed on your device without consent. If you visit the wrong website or open the wrong email, you might be exposed to a drive-by download that automatically installs a malicious file on your mobile device. The file could be anything from adware, malware or spyware to something far more nefarious, like a bot, which can use your phone to perform malicious tasks.

4. Browser exploits

Browser exploits take advantage of known security flaws in your mobile browser. Browser exploits also work against other applications that function with your browser, such as PDF readers. If you see that your mobile browser’s homepage or search page has unexpectedly changed, it could be a sign that you’re a victim of a browser exploit.

5. Phishing and grayware apps

Phishing apps are a new take on an old theme. In the past, criminals would send emails that appeared to come from a trusted source. They’d ask for personal information, such as your password, hoping you’d be trusting enough to respond. Phishing apps are designed to look like real apps, and a mobile device’s smaller screen can make it even more difficult to tell the difference. These fake apps secretly collect the information you input — passwords, account numbers, and more.

Grayware apps aren’t completely malicious, but they can be troublesome because they often expose users to privacy risks.

How to protect yourself from mobile security threats

Mobile security threats may sound scary, but here are six steps you can take to help protect yourself from them.

Keep your software updated. Only 20 percent of Android devices are running the newest version and only 2.3 percent are on the latest release.1 Everything from your operating system to your social network apps are potential gateways for hackers to compromise your mobile device. Keeping software up to date ensures the best protection against most mobile security threats.
Choose mobile security. Just like computers, your mobile devices also need internet security. Make sure to select mobile security software from a trusted provider and keep it up to date.
Install a firewall. Most mobile phones do not come with any kind of firewall protection. Installing a firewall provides you with much stronger protection against digital threats and allows you to safeguard your online privacy.
Always use a passcode on your phone. Remember that loss or physical theft of your mobile device can also compromise your information.
Download apps from official app stores. Both the Google Play and Apple App stores vet the apps they sell; third-party app stores don’t always. Buying from well-known app stores may not ensure you never get a bad app, but it can help reduce your risk.
Always read the end-user agreement. Before installing an app, read the fine print. Grayware purveyors rely on your not reading their terms of service and allowing their malicious software onto your device.

By taking just a few common-sense precautions, you can help protect yourself from madware and other mobile security threats.

Learn more about Norton Mobile Security or download it from an app store now.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.

Mobile devices can be attacked at different levels. This includes the potential for malicious apps, network-level attacks, and exploitation of vulnerabilities within the devices and the mobile OS.

As mobile devices become increasingly important, they have received additional attention from cybercriminals. As a result, cyber threats against these devices have become more diverse.

Like desktop computers, mobile devices have software and Internet access. Mobile malware (i.e. malicious applications) and malicious websites can accomplish the same objectives (stealing data, encrypting data, etc.) on mobile phones as on traditional computers.

Malicious apps come in a variety of different forms. The most common types of malicious mobile apps are trojans that also perform ad and click scams.

Mobile ransomware is a particular type of mobile malware, but the increased usage of mobile devices for business has made it a more common and damaging malware variant. Mobile ransomware encrypts files on a mobile device and then requires a ransom payment for the decryption key to restore access to the encrypted data.

Phishing is one of the most common attack vectors in existence. Most cyberattacks begin with a phishing email that carries a malicious link or an attachment containing malware. On mobile devices, phishing attacks have a variety of media for delivering their links and malware, including email, SMS messaging, social media platforms, and other applications.

In fact, while emails are what people most commonly think of when they hear phishing, they are not even close to the most commonly phishing vector on mobile devices. In fact, emails only account for 15% of mobile phishing attacks, placing them behind messaging, social media and “other” apps (not social, messaging, gaming, or productivity).

Man-in-the-Middle (MitM) attacks involve an attacker intercepting network communications to either eavesdrop on or modify the data being transmitted. While this type of attack may be possible on different systems, mobile devices are especially susceptible to MitM attacks. Unlike web traffic, which commonly uses encrypted HTTPS for communication, SMS messages can be easily intercepted, and mobile applications may use unencrypted HTTP for transfer of potentially sensitive information.

MitM attacks typically require an employee to be connected to an untrusted or compromised network, such as public Wi-Fi or cellular networks. However, the majority of organizations lack policies prohibiting the use of these networks, making this sort of attack entirely feasible if solutions like a virtual private network (VPN) are not used.

Jailbreaking and rooting are terms for gaining administrator access to iOS and Android mobile devices. These types of attacks take advantage of vulnerabilities in the mobile OSs to achieve root access on these devices. These increased permissions enable an attacker to gain access to more data and cause more damage than with the limited permissions available by default. Many mobile users will jailbreak/root their own devices to enable them to delete unwanted default apps or install apps from untrusted app stores, making this attack even easier to perform.

Often, the focus of cybersecurity is on top-layer software, but lower levels of the software stack can contain vulnerabilities and be attacked as well. With mobile devices – like computers – vulnerabilities in the mobile OS or the device itself can be exploited by an attacker. Often, these exploits are more damaging than higher-level ones because they exist below and outside the visibility of the device’s security solutions.

With the large and diverse mobile threat landscape, businesses require enterprise mobile security solutions. This is especially true as the shift to remote work makes these mobile devices a more common and critical component of an organization’s IT infrastructure.

An effective mobile threat defense solution needs to be able to detect and respond to a variety of different attacks while providing a positive user experience. Accomplishing this requires implementing these guiding principles:

A 360° view of security across device, apps, and the network
Full flexibility and scalability
Full visibility into the risk level of the mobile workforce
Privacy protection by design
An optimal user experience

Check Point’s Harmony Mobile provides a comprehensive mobile security to keep corporate data

safe by securing employees’ mobile devices across all attack vectors: apps, network and OS solution. Check To check outsee Harmony Mobile’s capabilities for yourself, request a personalized demo with a mobile security expert. You’re also welcome to try it out for yourself with a free trial. And for further information about the guiding principles and other important aspects of a mobile security solution, check out this mobile protection buyer’s guide.