Prevention of mobile security threats helps organizations and individuals to protect their devices, apps, users and content from malicious attacks. Security teams can prevent these threats by using an app that scans devices and configurations within the network, or by setting up security protocols in case malware is present on the network.
Check these steps to minimize the risk of your organization falling into a trap
Install an ad-blocking or anti-crypto mining extension on web browsers.
Since crypto jacking scripts are often delivered through web ads, installing an ad blocker can be an effective means of stopping them. Using ad blockers like the Ad Blocker Plus can easily detect crypto mining scripts. Experts recommend extensions like No Coin and MinerBlock, which are designed to detect and block crypto mining scripts.
Keep your web filtering tools up to date.
If you identify a web page that is delivering crypto jacking scripts, make sure your users are blocked from accessing it again.
Maintain browser extensions.
Browser extensions are meant to make our tasks simpler. But, some of them could be a trap set by an attacker to execute crypto mining scripts.
Use mobile device management (MDM) solution to better control users’ devices.
Bring-your-own-device (BYOD) policies for preventing illicit crypto mining. An MDM solution can help to manage apps and extensions on users’ devices. MDM solutions tend to be geared toward larger enterprises, and smaller companies that often can’t afford them. However, experts note that mobile devices are not as at risk as desktop computers and servers. Because they tend to have less processing power, they do not produce a great deal or profit for hackers.
Here is a list of few best practices to be used for Android phones which may bring down risks related to insecure communication.
Understand that the network layer is highly capable of eavesdropping, thus making it insecure.
- It is important to apply SSL/TLS to transport channels used by the mobile app to transmit sensitive pieces of information, session tokens, or other sensitive data to a backend API or web service.
- When an application runs a routine via the browser/WebKit, using outside entities for third-party analytics companies and social networks could be more secure. Mixed SSL sessions should be avoided as they could expose the user’s session ID.
- Always use a strong, standard cipher suites with suitable key lengths.
- Use certificates signed by a trusted CA provider.
- Do not pin certificate for security conscious applications and never allow using self-signed certificates.
- Always require SSL(Secure Socket Layer) chain verification.
- Always establish a secure connection with trusted certificates from keychain after verifying the identity of the endpoint server.
- Build a UI that alerts users when a mobile app detects an invalid certificate.
- Avoid sending sensitive data over alternate channels (e.g, SMS, MMS, or notifications).
- Apply a separate layer of encryption to any sensitive data before it is given to the SSL channel. In the event of a possible vulnerability in the SSL implementation, the encrypted data will provide a secondary defence against confidentiality violation.
- Only install applications from authorized stores like Google Play or AppStore. To be sure that no application makes its way onto your device from an untrusted source, go to Android settings, choose Security, and make sure that the “Unknown Sources” box is not checked.
- Regularly check updates for your installed applications and your device OS. You can choose to update all installed apps automatically. It’s better to do update the system to the latest version as soon as an over-the-air (OTA) update arrives.
- Install a strong security solution. Downloading apps from only the official stores and updating them regularly alone will not promise maximum security. Malware can lurk into even Google Play and, can also spread by means of exploit kits using yet-unknown vulnerabilities.
- Think Before You Click!
- Keep Your Browser Up to Date
- Keep Informed About Phishing Techniques
- Check Your Online Accounts Regularly
- Use Firewalls
SMS –based Attacks
- Think before you click a link from SMS
- Do not open spam messages
- Keep informed about phishing techniques
To avoid system compromises, it is advised to use only licensed and genuine software. Keep your mobile updated with latest security patches. Install anti-malware solution and update it regularly. Disable Autoplay /Autorun for removable drives.
Always protect your device from Trojans and other threats by using effective anti-malware software.
User & Device Authentication
- Think before allowing store passwords, and your data in mailing apps and browsers
Remember there is no single fool-proof way to avoid mobile security threats.
1 . Wikipedia (https://www.wikipedia.org)
2 . Medium (http://medium.com)
3 . Quora (https://quora.com)