Along the massive growth of enterprise mobility, cybercriminals looking for valuable data naturally shifted their interest toward mobile devices. Indeed, smartphones and tablets have inherent capabilities that, when exploited illegally, can provide a direct access to all the data they manipulate. Mobile threats can operate at three different layers of a device: 77% of them use mobile applications, 14% exploit the OS and 9% leverage the network.
From phishing attempts to the more sophisticated Man-In-The-Middle, this article presents the most common network attacks used to exfiltrate data from mobile devices in the corporate environment.
Phishing and Smishing
Until a decade ago, phishing was only known as a computer attack. But with the advent of smartphones and tablets, this threat has molted to target mobile users.
A phishing attack is a scam in which users are tricked into clicking on a malicious link or file or downloading a malicious program from emails or SMS (smishing). The purpose is to steal sensitive details like banking information, account credentials, etc. in order to resell them on the dark web or to commit fraud.
The increase of phishing and smishing campaigns is attributable to the fact that they can simultaneously target a vast amount of users, at no cost.
A Man-In-The-Middle attack happens when a communication between two systems is intercepted. In practice, it happens when a hacker accesses the information exchanged between a device and distant servers.
Most MITM attacks exploit the flaws of unsecure WiFi hotspots, which number has tripled in the last 3 years. De facto, the exposure to Man-In-The-Middle attack is following the same trend.
In some other cases, hackers use IP, ARP or DNS spoofing techniques to display their website instead of the original one expected by the user. To do so, they hide their identity behind a trusted IP address (IP Spoofing) or they answer ARP or DNS requests with their own malicious IP address (ARP/DNS spoofing). This type of MITM attack mostly target financial websites.
Rogue cell tower
Whenever we use a cell phone, we assume that it is connecting to a trusted and secure tower and that our communications are safe.
Although, in the last years the number of cell towers operated by rogue individuals has grown. These unsafe cell towers have the ability to trick any mobile device, Android and iOS, into thinking they are legitimate. Once a device is connected, cybercriminals can intercept every call, SMS and data that it sends via the mobile network. On another hand, rogue cell towers are also often exploited to send SMS from the devices under attack (botnet, smishing…).
You might also be interested in:
- Article: What is a Man-In-The-Middle Attack
- Webinar: How cybercriminals exploit mobile devices’ network and OS to steal business data
- Report: Mobile Threat Report