Dangerous Liaisons: Vulnerable Mobile Applications

Friday September 29th, 2023

As we head into spring, danger to your company’s, and even your home network, lurks. According to Check Point’s Mobile Security Report 2021, 46 percent of organizations had at least one employee download a malicious mobile application that threatened their organization’s networks and data. Just recently, a team headed by associate professor Zhiqiang Lin at Ohio State University found hidden and dangerous behaviors within many mobile apps. His team researched 150,000 apps and discovered that around 8.5 percent or 12,706 apps contained “backdoor secrets” or hidden behaviors. One scary hidden feature is the built-in “master password” which allows anyone with the password to access private data within the app.

Apps such as TikTok and Snapchat are particularly dangerous for security reasons. Hacking both of these apps has never been easier. In fact, a simple google search of the words “hacking snapchat” provides about 4.5 million results in .41 seconds. Googling “hacking TikTok” yields 8.8 million results in .49 seconds. Attackers are very creative, and they can leave you with a compromised phone.

Security concerns with TikTok have been in the limelight recently. In December 2022, the “No TikTok on Government Devices Act” was passed via unanimous consent by the Senate, meaning no member objected to the bill. In June 2021, the firm announced that it would collect “biometric identifiers and biometric images” from its users’ content. This includes “faceprints and voiceprints.” It is unclear what the company plans to do with this information. Sharing this information with the Chinese government is a concern for many people since TikTok is owned by Beijing-based ByteDance.   

Here are some important tips for cell phone safety while on your company’s network:

Refrain from accessing any personal mobile apps.

This is extremely important because a malicious attacker could infiltrate your firm’s network. In some cases, the attacker can remain undetected for a long period of time and do some serious damage.

Avoid storing sensitive information such as passwords on your phone.

Avoid storing confidential information such as company passwords, banking account information, sensitive text messages or voicemails, etc. on your phone. This can be especially problematic if you have your multifactor authentication app and your stored primary password on your phone.

Make sure you put a passcode on your phone.  

This is quick and basic. Consider selecting more than just a 4-digit code. Some phones will allow a longer passcode. This will make it harder for an attacker to crack your passcode if your phone is lost or stolen.

Check your privacy and security settings.

Making important changes in the “settings” area of the phone will allow you to limit an application’s access to the data on your cell phone. This includes accessing your location, pictures, contacts, notes, etc.

Turn off Bluetooth when not in use.

Bluetooth allows your cell phone to communicate with other devices. It also could allow an attacker to access your personal information or intercept your calls. It is important to only use it when you need to connect with a specific device.

Always review the apps you downloaded.

If you see an app on your phone that you do not recognize, delete it immediately. You may have unknowingly downloaded a malicious app. Also, attackers can discretely install spyware on your phone.

Consider installing Antivirus protection on your cell phone.

Today there are some great antivirus programs for your cell phone. Bitdefender, Norton, McAfee, and Kaspersky have all gotten great reviews.

Cybersecurity shouldn’t be taken lightly, especially for organizations that come in contact with a great deal of sensitive data like ASOs, PEOs and service bureaus. Reviewing these tips—and sharing with your employees—can help ensure that you and your company stay safe.

Learn more about the isolved Network

Tom Watson

Chief Information Security Officer