Three Biggest Hacking Threats to Your Android

Three Biggest Hacking Threats to Your Android

• Data in transit: Android devices and mobile devices in general are especially susceptible because they use wireless communications exclusively and often public WiFi, which can be insecure. An attack that is used frequently by hackers is a man-in-the-middle attack where an attacker breaks into the device and redirects data to exploit the resources on it before forwarding it to the original destination. This method allows the hacker to spy on Internet browsing activity, steal keystrokes to identify passwords and isolate the individual's physical location, along with potentially listening to calls and intercepting texts.

• Third party apps: In a recent study, 57% of malicious apps in the Android marketplace were found in third party app stores.

• SMS Trojans: By including premium dialing functionality into a Trojan app an attacker can run up the victim’s phone bill and get the mobile carriers to collect and distribute the money to them. Another malicious usage of SMS involves using an infected device to send out SMS text messages to all contacts in the address book with a link to trick the recipients into downloading and installing the worm, thereby infecting many devices at one time.

Three Steps you can take to protect your Android device

• SSL encryption for the device: SSL is one of the best ways to secure sensitive data in transit.

• Test third party apps: Try to install Apps from first party vendors like Google. If you do buy apps from a third party store, vet the security/authenticity of any third party code/libraries used in your mobile application by using a mobile security vendor. Read the permissions that apps require before downloading them. Examples of permissions apps can request that may raise red flags are permission to reveal your identity or location or send messages to the Internet.

• Be wary of SMS Trojans: Implement controls to prevent unauthorized access to paid-for resources. If an application asks for a payment via SMS, exercise additional caution.