Each smart phone is always connected to the internet and applications are downloaded
from different sources. Hence securing all these applications is a monumental task as each
application has its own security vulnerabilities.
In an interview with securitydive.in, Clement SAAD, CEO, Pradeo, uncovered some of the
startling revelations and explained how serious challenge it is to secure your device from
cyber threats.
securitydive.in; Mobile Applications have been identified as the primary threat source for
mobile security. But at the same time without applications, your mobile phone won't be
smart anymore. How to balance these both and keep your mobile safe?
Pradeo: The digital revolution comes with growing security challenges. Several strategies
can be used to achieve this balance and keep your mobile device safe. For any user, it’s
important to respect basic security practices: only download applications from reputable
sources, keep applications and OS updated, review application permissions, be wary of links
and attachments, and stay away from public WiFis.
For companies, using mobile security solutions and utilizing built-in security features is a
must have, as they are heavily targeted by cybercriminals and offer direct access to sensitive
data.
securitydive.in; Most mobile users are not well aware of the right device configuration,
which in turn may reduce the threat occurrence. Now educating all of them in a short span
is also not easy. Then how to face this situation?
Pradeo: Educating a vast and diverse population of mobile users requires time and patience.
To raise awareness to the public, we need to demystify cybersecurity, by putting in light the
multiple attacks targeting mobiles every day, in a digestible and relatable way.
Using media channels and social media amplifies the reach of those messages, making it
more accessible to the public. For companies, a constant education of employees on mobile
threats and safe usage practices is essential.
securitydive.in; We have witnessed that the US, India, and a few more countries have
identified Chinese apps as a serious concern for mobile security. Stealing of personal data
by these apps has become a common phenomenon. How to prevent such activity and
especially spyware?
Pradeo: When it comes to Chinese apps, such as Temu, the requests for permissions to
access data such as photos/videos, Geo-location or contact list should raise suspicions. The
prices of products on the application are low because the users indirectly pay by sharing
their data.
However, it is possible to simply refuse the permissions, and legal intrusive apps such as
Temu and others are usually not able to bypass this refusal.
Malware, on the other hand can. To minimize the risk of downloading malware, it is advised to not download applications from unofficial stores.
securitydive.in; Cloning has become a significant challenge for mobile security. What is
your thought in this regard?
Pradeo: Knowing that 94% of applications can currently be cloned by cybercriminals, we
see cloning as a worrying trend. Additionally, with the Digital Markets Act (DMA) coming
into effect in March 2024, smartphone users, whether on iOS or Android, will have the
option to download apps not only from the traditional Apple App Store and Google Play
Store but also through third-party app stores.
This upcoming legislation reinforces our conviction that cloned applications are bound to
dramatically increase. The opening of third-party app stores offers a new avenue for
cybercriminals to distribute malicious clones of legitimate apps, endangering users'
identification data and personal information.
securitydive.in; What transformation have you witnessed in the mobile device attack
methods & nature as compared to few years back?
Pradeo: As years pass, attacks are becoming more sophisticated. Phishing attacks are
notably becoming more dangerous because of their low cost and large reach, thanks to the
development of generative AI. A new phishing attack has also been developed in recent
years, quishing. Quishing stands out by exploiting QR codes to target its victims, as QR codes
are generally trusted, especially in physical environments such as stores.
securitydive.in; Do you believe that AI & ML will make the job tougher & tougher for
mobile security developers, since the attackers have immense knowledge to use the same
technology to break into?
Pradeo: Yes, that’s why it is crucial to continuously engage in R&D, to stay up to date with
hacking techniques, anticipate them by putting ourselves in the hacker’s shoes, and assess
vulnerabilities before they are identified.
All these incentives are essential to stay several steps ahead and that’s what we do at Pradeo.
securitydive.in; Where is the mobile security landscape heading for in future?
Pradeo: The future of mobile security is heading towards greater sophistication and resilience.
Anticipating threats is and will continue to be the key to effective protection, as well as
automating responses to ensure action is taken before damage occurs.
Additionally,enhancing the accuracy of threat detection to reduce false positives will lighten the
workload of analysts.