How The Bad Guys Can Target Your SmartPhone

Most modern mobile devices provide mobile advertising identifiers, known as MAID.  This identifies a particular device, for on-line advertising purposes.  Targeted advertising has been around for some time and is becoming more and more precise.  At the same time, increasing amounts of personal data is generated and shared with advertisers through the intermingling of daily life and networked technology.

Ad networks generally allow ads to be targeted to specific MAIDs.  The specific targeting features used have been developed for legitimate business purposes, however, computer science engineers at the University of Washington have found that if cyber criminals obtain a smartphone’s MAID, it can be used for social engineering attacks.  A user’s MAID can be obtained by gaining access to a Wi-fi router or listening in on an unsecured Wi-fi network.

Information that can become accessible by accessing a user’s MAID includes the apps they use, health conditions, political status, religion, dating habits, personal interests and more.  They are even able to track your location and movements.  Criminal hackers could pass along malicious ads based on your location, compromising your mobile device.  You don’t even have to click on the ad, since information is passed along as to where the ads are being served and that information is used to track you through space.

Here are some recommendations to protect yourself:

1. Do not grant location access to any apps unless 100% necessary.
2. Try keeping your mobile data safe by browsing only on protected Wi-Fi networks to limit the amount of confidential data you release. Protected Wi-Fi networks require that you enter a password to connect vs. shared public Wi-Fi networks where no password is required.
3. Do not click on any ad banners that are being displayed on your phone. It is very hard to know if these banners are malicious or not. Delete them or wait to verify them on your computer where you can preview any links and the urls they point to.
4. Consider resetting your MAID. Instructions for iPhone users can be found HERE.  Instructions for Android phone users can be found HERE. 
5. Consider turning off location access to apps on your phone. Instructions for iPhone users and be found HERE.  Instructions for Android phone users can be found HERE.
6. Implement security awareness testing and training for your organization. This should not only cover protecting Smartphones, but also how to spot malicious email links, attachments and more.

BSC Solutions Group offers an affordable, award-winning testing and training service.  Contact us today to find out more.  Remember that employee actions are your greatest IT security risk.