Just last month, vulnerabilities in iOS 9.3.5 were being exploited by the notorious NSO Group, maker of surveillance software, to read text messages and emails, record sounds, collect passwords, and even track the calls and whereabouts of users.
Meanwhile, on the Android side, a Linux bug first introduced in Android 4.4 (and present in all future versions) left 1.4 billion users vulnerable to hijacking attacks.
These hacks aren’t happening in a vacuum. Mobile malware is a frontier ripe for cybercriminal activity. According to a 2015 Pew Research Center Report, nearly two-thirds of Americans own a smartphone, and roughly one in five of those users conduct most of their online browsing using their phone instead of a computer.
Here are some ways you can protect yourself, your data, and your phone.
- Lock your phone with a password or fingerprint detection. At the very least, if you leave your phone on the counter at Starbucks or if it’s stolen out of your pocket, cybercriminals will have to get through that first gate. Set the time on your password lock to be short as well—30 seconds or less should cut it.
- If it’s not already the default on your phone, consider encrypting your data. Doing so is especially useful for protecting sensitive data, whether that’s business emails or investing and banking apps.
- Set up remote wipe. If your phone is lost or stolen, you’ll be able to wipe all of its data remotely (and therefore keep it out of the hands of criminals). You can often also use remote wipe to find your phone’s location.
- Back up phone data. Consider connecting your device to its associated cloud service in order to automatically back up data (and encrypt it). However, if you don’t trust the cloud, be sure you connect to a PC or Mac to sync data regularly in order to preserve photos, videos, apps, and other files.
- Avoid third-party apps. If you’re on an iPhone, you don’t have much of a choice. However, for Android users, staying on Google Play and not allowing apps from unknown sources keeps you relatively safe. If you do decide to use third-party apps, research to be sure you’re not getting a malicious one. Read reviews, and if the app asks for access to too much personal data up front, don’t download it.
- Avoid jailbreaking your iPhone or rooting your Android. While the processes are different, the end result is bypassing what phone manufacturers intended (including security protocols) and ultimately weakening the security of your device.
- Update operating systems often. When that pop-up reminder comes up, don’t ignore it. Charge your phone, clear out some space, and install the update right away.
- Be wary of social engineering scams. Cybercriminals love to spoof banking apps, send phony texts meant to collect personal data, and email malicious links and attachments. Just as you do on your computer, view any communications from unknown sources with a careful eye. If it seems fishy, it very likely is.
- Use public wifi carefully. Yes, you don’t want to use up all your data. However, public wifi is inherently insecure, so try not to make transactions or transmit sensitive data while using it. Consider using a VPN service to encrypt data transmitted online.
- Download anti-malware for your mobile device. If you do happen to download a malicious app or open a malicious attachment, mobile anti-malware protection can prevent the infection.