Cyber Threats and Mobile Communications
This week in the Cyber Security Awareness Month calendar we look at how cyber threats impact your mobile communications, with specific actions attackers take to make you vulnerable to a growing number of cyber threats.
In addition to practical tips for securing mobile communications in general, we’ll show you specific ways Sky ECC protects you from common vulnerabilities.
Mobile communication cyber threats: Apps leaking data
Calling this a leak is a bit of a stretch as many free apps purposely “leak” data to advertisers and other app developers. They do this to make money off your data they collect and store, while also collecting it for themselves to make changes to their app. There is little evil intention in these acts, but they still leave you vulnerable all the same.
Other ways apps cause data leakage include:
- Apps requiring access to a large swath of features on your phone—camera, GPS, contacts, etc.—even if the app doesn’t really need them to work, can expose your data by accident. This is known as “riskware”.
- Hostile apps that push malicious code throughout your phone put other apps into a vulnerable state. These are particularly damaging in corporate settings and are often targeted this way. These apps are “malware” and can even be on your phone right from the factory.
Any amount of data leakage should be unacceptable, but the reality is free apps thrive—and survive—on this data. You have to remain vigilant to stay protected.
How to protect yourself
The way to mitigate risks from data leakage include:
- Limit the amount of data shared by apps as much as possible.
- Only allow the bare minimum amount of access to other apps and features on your phone.
- Never add an app on your phone if it asks for more permissions than are necessary—there are other options out there.
- Don’t just blindly click okay when an app wants to access the camera or your location or Bluetooth. It’s okay to say no.
Having specialized apps make your communications easier, but they also make it easier for hackers to target specific information on your device.
How Sky ECC secures app data
The first thing Sky ECC does to protect your data is simply not collect it. If data isn’t gathered or stored it can’t be made vulnerable.
Two other important steps taken by our app’s security features are:
- Only approved apps are allowed on Sky ECC devices. No one on your Sky ECC contact network can install an app on their device that would put everyone at risk.
- Sky ECC is installed within a secure, encrypted container that protects it from any other apps on the device which, in a highly unlikely scenario, get infected in some way.
There is simply no reason why a secure app can’t do exactly these three things—not collect personal data, protect the device, and protect the app—but so many choose not to. This is especially true with free apps as they only make money from ads and the only way to do that is by collecting your data. Sky ECC is funded by users and does not need, or want, to collect your data.
Mobile communication cyber threats: Insecure Wi-Fi
Everyone loves seeing a sign for free Wi-Fi, especially hackers. With anywhere from 34-44% of all Wi-Fi in the USA not encrypting data at all, and up to 34% in Canada, this is an issue everywhere you go.
Insecure Wi-Fi lets attackers read anything you share over the Wi-Fi network, including where you go on the internet, what you say, and any documents or images you share. Think about that the next use free Wi-Fi at a store, the mall, or favorite café. Even WeWork is susceptible to this, as we hilariously found out via this Nick Cage Kitty.
How to protect yourself
How you can protect yourself includes:
- Check with employees to make sure you get the right connection. Hackers set up free rogue Wi-Fi in public areas that look official, but are anything but.
- Never using a Wi-Fi network without password protection on it. Having to enter a password on a webpage isn’t enough. If the name of the network doesn’t have a closed lock on it, it isn’t protected.
- Disable automatic connections to Wi-Fi networks, and clear out Wi-Fi networks you don’t need anymore.
- Connect to the internet using a VPN which will encrypt your traffic.
- Do not send sensitive communications or documents over networks which you don’t trust. Which is anything but your home and work networks.
There are hackers out there who are looking to quickly steal data from people at the local coffee shop, airport, or anywhere. They may have to sift through a stack of conversations, but one credit card, login, or bank account sign-in is all they need.
How Sky ECC secures Wi-Fi
There are two ways Sky ECC protects you on Wi-Fi:
- Make sure that the connection is secure. This first step is done automatically by the app. If it finds that the connection is not secure then you cannot log into Sky ECC.
- Creates its own secure tunnel with it’s own encryption (like a VPN, but stronger and anonymizing).
Using our zero-trust model for building the app, we knew that proper network security practices had to be built into the app from the ground up. There is no way for you, or anyone else on Sky ECC, to get this wrong as the app checks the connection and uses the secure network protocol without you needing to think about it.
Mobile communication cyber threats: Fake Wi-Fi Attacks
There are a variety of fake Wi-Fi, network spoofing, and man-in-the-middle attacks out there which all do the same basic thing; a hacker opens a Wi-Fi connection, likely with a name like “Free Starbucks Wi-Fi”, and allows anyone to connect to it. They then monitor the network for those who are sharing vital data over it and steal it.
Hackers can also ask for a login name and password to be created for the network connection, steal that, then see if the same details are used to sign into Apple, Amazon, eBay, and other online stores. With people often using the same username and password over and over, this is a lucrative scheme.
How to protect yourself
How you’ll protect yourself is very similar to how you’ll protect yourself from unsecure Wi-Fi as discussed above:
- Ask employees for the exact Wi-Fi network name.
- Never use a Wi-Fi network without password protection on it.
- Turn automatic connections off because attackers can spoof a real network and have you connect to them without you knowing.
- Use a VPN even if you do all of this.
- Never send sensitive data over a network you don’t control.
- Do not reuse passwords. Get a password manager to create unique ones for every site and account.
If you don’t control a network you don’t control your data. There is no guarantee at all that you’ll be able to protect yourself unless you take the steps to do it yourself.
How Sky ECC secures fake Wi-Fi
Our network protections will protect you even if you connect to the worst Wi-Fi network available. The Sky ECC app checks every connection to make sure it is secure before connecting. If it isn’t secure you don’t connect. Even if it is insecure and you still connect for some reason our 521-bit ECC encryption will protect you.
Our zero-trust model has fail-safes backing up our backups. Even if you found yourself on an insecure network, as unlikely as that is, an attacker would only see encrypted data when they intercept your traffic and realized they should move on to an easier target which they can actually compromise.
Mobile communication cyber threats: Phishing
Phishing is an attack usually carried out by email or other messenger service where a link is sent to a victim that looks legitimate, but is anything but. The link leads to a malicious site which seems legitimate but is actually built to take some sort of data. This is most commonly done to organizations like this:
- Someone important in an organization gets an email which looks to legitimately be from someone in the company, or a vendor they deal with.
- The receiver reads that there is a problem with their account and to click on a link to reset their password.
- The victim clicks the malicious link and is asked for their old password and to create a new password.
- The attacker steals the old password and uses it to gain access to the targeted account via the legitimate sign in page.
This is a typical phishing attack, and mobile communications are more susceptible to it as messages come instantly and are opened right away. Desktop email is checked less frequently so people have a chance to find out about scams before ever opening the email.
How to protect yourself
Really good phishing attacks, with sophisticated social engineering, are very difficult to detect. You can protect yourself by:
- Never trusting a link like this. Always go to the page of the app or website yourself and see if it also asks for the same data.
- Contact the administrators of the website or app through legitimate channels to see if this is an email actually from them.
- Enter URLs yourself as even a link in an email can look like it is correct but is actually disguised to go to a site built by an attacker.
If all else fails, contact the person who supposedly sent the email yourself through a different channel and verify it with them.
How Sky ECC secures against phishing
There are a few ways that Sky ECC secures against phishing attacks:
- Your Sky ECC ID is a six digit hexadecimal code that isn’t linked to your name. Attackers can’t find out who you are to send you a message.
- Only your approved contacts can send you a message, this virtually eliminates spam…depending on who your friends and contacts are.
- You cannot click any link sent to you via a Sky ECC message, and there are restrictions on what sites you can visit. This ensures that only trusted sites go over our network, protecting everyone on it.
We have done everything we can to secure against phishing on the digital and app side. At the end of the day, any error here will be by the user who chooses to click on a bad link, not the device itself.
Mobile communication cyber threats: Spyware
Employers, spouses, and private investigators love to put spyware on phones to track all keystrokes, GPS data, and use patterns. While these apps are, to put it nicely, deceptive at best, they are even worse in the hands of a malicious attacker.
Spyware is a bigger threat than any foreign government tracking you as there’s plenty of data to be collected and money to be made here. Spyware keyloggers track each keystroke as you enter a password to your bank account, while GPS tracking can pinpoint your exact location throughout the day.
How to protect yourself
The only way to protect yourself against this on a standard device is to install antivirus and malware detection tools on your phone. These tools will detect and delete spyware from your phone the same as any other malicious app.
How Sky ECC protects you
There is no way for anyone to install spyware on a Sky ECC device because there is no way to install any app which isn’t already approved by us. We also use tamper-resistant hardware and OS-level protections which further harden the device against spyware, showing why the device you choose is essential to your security.
Even if, in some impossible way, spyware was downloaded onto your Sky ECC device it wouldn’t be able to spy on your actual Sky ECC app as it is stored in a separate container and doesn’t let data in or out of it. Even keyloggers are foiled because the keylogger wouldn’t be able to send your data anywhere (because we block connections to sites other than our own).
Cyber threats impact mobile communications the most
The very nature of mobile communications—messages that we want to quickly read and act on—make them more vulnerable. People spend less time thinking about messages sent to their mobile device and hackers know this and exploit it.
The first step is awareness. Read and understand this article and share it with your friends, because they have to be part of the security ecosystem as well. Understand and implement these tactics at all times to stop nearly every digital communication risk which comes your way.
To handle everything automatically, use Sky ECC for your most important and sensitive communications. Sky ECC was built to mitigate these risks as the primary goal. Not collecting data to sell to third parties. Not slapping together something good enough. Contact us using the button below to start using Sky ECC to protect your most important digital communications.