Each smart phone is always connected to the internet and applications are downloaded from different sources. Hence securing all these applications is a monumental task as each application has its own security vulnerabilities.
In an interview with DigitalCIO.com, Clement SAAD, CEO, Pradeo, uncovered some of the startling revelations and explained how serious challenge it is to secure your device from cyber threats.
Q. 1: Mobile Applications have been identified as the primary threat source for mobile security. But at the same time without applications, your mobile phone won’t be smart anymore. How to balance these both and keep your mobile safe?
Clement Pradeo: The digital revolution comes with growing security challenges. Several strategies can be used to achieve this balance and keep your mobile device safe. For any user, it’s important to respect basic security practices: only download applications from reputable sources, keep applications and OS updated, review application permissions, be wary of links and attachments, and stay away from public WiFis.
For companies, using mobile security solutions and utilizing built-in security features is a must have, as they are heavily targeted by cybercriminals and offer direct access to sensitive data.
Q. 2: Most mobile users are not well aware of the right device configuration, which in turn may reduce the threat occurrence. Now educating all of them in a short span is also not easy. Then how to face this situation?
Clement Pradeo: Educating a vast and diverse population of mobile users requires time and patience. To raise awareness to the public, we need to demystify cybersecurity, by putting in light the multiple attacks targeting mobiles every day, in a digestible and relatable way.
Using media channels and social media amplifies the reach of those messages, making it more accessible to the public. For companies, a constant education of employees on mobile threats and safe usage practices is essential.
Q. 3: We have witnessed that the US, India, and a few more countries have identified Chinese apps as a serious concern for mobile security. Stealing of personal data by these apps has become a common phenomenon. How to prevent such activity and especially spyware?
Clement Pradeo: When it comes to Chinese apps, such as Temu, the requests for permissions to access data such as photos/videos, Geo-location or contact list should raise suspicions. The prices of products on the application are low because the users indirectly pay by sharing their data.
However, it is possible to simply refuse the permissions, and legal intrusive apps such as Temu and others are usually not able to bypass this refusal. Malware, on the other hand, can. To minimize the risk of downloading malware, it is advised to not download applications from unofficial stores.
Q. 4: Cloning has become a significant challenge for mobile security. What is your thought in this regard?
Clement Pradeo: Knowing that 94% of applications can currently be cloned by cybercriminals, we see cloning as a worrying trend. Additionally, with the Digital Markets Act (DMA) coming into effect in March 2024, smartphone users, whether on iOS or Android, will have the option to download apps not only from the traditional Apple App Store and Google Play Store but also through third-party app stores.
This upcoming legislation reinforces our conviction that cloned applications are bound to dramatically increase. The opening of third-party app stores offers a new avenue for cybercriminals to distribute malicious clones of legitimate apps, endangering users’ identification data and personal information.
Q. 5: What transformation have you witnessed in the mobile device attack methods & nature as compared to few years back?
Clement Pradeo: As years pass, attacks are becoming more sophisticated. Phishing attacks are notably becoming more dangerous because of their low cost and large reach, thanks to the development of generative AI. A new phishing attack has also been developed in recent years, quishing. Quishing stands out by exploiting QR codes to target its victims, as QR codes are generally trusted, especially in physical environments such as stores.
Q. 6: Do you believe that AI & ML will make the job tougher & tougher for mobile security developers, since the attackers have immense knowledge to use the same technology to break into?
Clement Pradeo: Yes, that’s why it is crucial to continuously engage in R&D, to stay up to date with hacking techniques, anticipate them by putting ourselves in the hacker’s shoes, and assess vulnerabilities before they are identified. All these incentives are essential to stay several steps ahead and that’s what we do at Pradeo.
Q. 7: Where is the mobile security landscape heading for in future?
Clement Pradeo: The future of mobile security is heading towards greater sophistication and resilience. Anticipating threats is and will continue to be the key to effective protection, as well as automating responses to ensure action is taken before damage occurs. Additionally, enhancing the accuracy of threat detection to reduce false positives will lighten the workload of analysts.
