How safe is your phone from hackers? iPhone and Android have the same big problem: the economy

It’s November, it’s Black Friday season, and it’s possible there may be a phone on your shopping list. If you want maximum security, what do you choose: iPhone or Android? But when it comes to computers, what if it’s a Windows or a macOS? But there are also tablets. Android OS or iPad (which is a modified iOS)? The decision is not easy, but I can simplify it in case of security.

From now until the end of the year, I take the myths and dismantle them in hopes of helping you understand a little better about cybersecurity, hackers and vulnerabilities in devices that have become indispensable in our lives. I’m not a cybersecurity expert, which is why two people from Bitdefender who know a lot more about this subject will help me every time: Liviu Arsene, Cyber ​​Threat Specialist, and Bogdan Botezatu, Director of Cyber ​​Threat Research.

It was January 2019, the month of the biggest technology event: the Consumer Electronics Show in Las Vegas. Apple has been missing from CES for several decades, but made an exception in 2019. He didn’t have a booth yet, but he put a simple advertisement in town: a black background, an iPhone and the message “What happens on your iPhone stays on your iPhone”. or not directly, whether its devices are safe, or at least safer than those of the competition.

But how true is this in an advertisement and in a myth? Very little as I would have learned from Bogdan and Liviu.

The purpose of cyber threats is simple: money. Financial gain motivates most of the attackers. The attackers mobilized by the various governments act independently of them and there are also researchers who discover vulnerabilities and inform their respective companies. The first category includes groups known as APT (Advanced Persistent Threat) and, as a rule, does not address the user directly, but institutions, especially banks, as the Carbanak group did. But let’s start with those who aim for your money.

“Initially, they were banking Trojans whose purpose was to steal the username and password for the account and take your money without your knowledge. Then came the approach of ransomware, when the attacker wants you to know that you are. been infected, because it makes money by encrypting your data and unlocking it only after paying the “reward.” Then there were the coin mining threats (generating digital currencies like Bitcoin using your computer resources – no). You didn’t know you be infected, but they were earning money thanks to the use of your resources. Finally, there are the threats that deceive you, the classic fraud, where you enter your card details online on a fake site “, summarized Liviu.

In the case of Apple, Bogdan notes a special feature. “Apple devices are subject to limitations when it comes to installing from sources other than the official store, the App Store, or the Mac Store. Whatever you do, you can’t get infected unless you jailbreak. And whoever does the phone jailbreak knows what to do and how to protect themselves or accept the risks. And those who don’t have nowhere to install malware. Here, however, is a “gift.” Cyber ​​threats come in two ways: through applications or those that shape your behavior “.

Despite the myth, the threats have not remained at the level they were 10 or 20 years ago. “Threats in the latter category, while not harmful in themselves, collect information about how you use your phone, what you look at, where you navigate,” Bogdan explained. “It aggregates information and stores it in huge databases from which marketing agencies, for example, can derive behavior. They claim to be anonymised, but whenever such an agency is hacked or hackers obtain information from them in any way, it is proven that they are not as anonymised.

Nowadays, especially phones have become the main device for most of the users. On them we have frequently used social networks, we have messaging applications, images, but also bank accounts. And the privacy component is just as important, if not more important, than others. “In short, even though Apple’s platforms are secure and there is very little malware for devices, the privacy component is very important and should be viewed as a potential threat,” added Bogdan.

Liviu has noticed a way you can expose yourself to a cyber threat quite quickly. Apps like Gmail, Twitter, Facebook and others not only open links in a browser separate from Safari (or the one set as the default on iPhone); one internal. A fake page, opened in such a browser, can fool you quite easily. What you could avoid with a dedicated security solution, despite the security offered by the operating system or application in which you opened the connection: online fraud does not take into account the myths you believe in.

“It’s important to remember that if we don’t just limit ourselves to the iPhone or iPad, including Apple computers, there are enough types of malware,” Liviu noted. “What’s on Windows is also on macOS. Maybe the malware volume or the number of victims is different, but that doesn’t mean users are safe. The biggest problem for macOS users is PUA applications ( Potentially Unwanted Application), which gives you a lot of ads, you can end up taking them from third party sources to the main app store and you find yourself installing a bunch of toolbars, redirecting your traffic, you find yourself spamming all kinds of new ones windows “.

“There’s also macOS ransomware. It’s not just myths that there’s Mac malware, it’s a reality,” Liviu added. In fact, the infected apps part is perhaps a bit more secure, but that’s the big online fraud area. There are many victims there “.

Bogdan recalled “platform agnostic” threats, such as phishing. “Every user should be aware that there are many fraudulent sites that mimic banks, online stores, all kinds of institutions or services they interact with and try to get credentials on those accounts,” he explained.

“Phishing on Netflix, banks, Amazon, eBay, PayPal – these are probably among the most common threats that iOS users can face, because they come through email, messages, are in the form of a web page and can disaster if you fall into trap. All you have to do is get to a page like this, it seems legitimate, you put your login details on that page and you have lost access to your account. “

He also mentioned what a cybersecurity solution would do in this case: even if you’re not careful, it filters out the fraudulent component of your page that tries to compromise your accounts or steal critical data, such as your card’s security code.

Apart from the threats encountered on a large scale and which amount to hundreds of thousands, there is another type of threat that no one is truly prepared for. The WhatsApp case was mentioned by Bogdan. Liviu added what it might mean that Apple is switching to processors like on the phone and for its computers.

There is another nuance to know about Apple, as Liviu summed up. “The company also works through the” security through obscurity “strategy. I’m not very flexible when it comes to what you can do in the operating system, but that doesn’t necessarily mean security. For example, a vulnerability on iOS can sell up. to a million “dollars, especially if it is a remotely exploitable zero-day. There are companies that trade vulnerabilities like this. In fact, most of the time they sell to governments, but that doesn’t mean you’re 100% safe. ”

In this context, Bogdan added the “motivating” component of the whole mix. “[Aplicații ca WhatsApp, Telegram] they claim to provide end-to-end encrypted conversations and that no one can intercept the conversations. Hence a lot of interest from the police, the FBI, the CIA and many other intelligence agencies. They invent exploits that they use for wiretapping “in the spirit of the law”, only those tools, at some point, end up in less legitimate hands, like oppressive governments spying on their citizens. If these tools fall into the hands of psychopaths, they lead to attacks on high-profile people or more special targets: tycoons, politicians, journalists, activists. No matter how secure the technology is, vulnerabilities in applications or the operating system can make exploitation possible, “he concluded.

Liviu added that it’s not necessarily about drawing a line between platforms, which is safer than another. “It’s more about attackers’ interest in taking advantage of a vulnerability on a given platform. Here I can recall the eternal battle between Windows and Linux, the latter having a better reputation, but what you find on one” is found when it comes to malware. Obviously, the volume is different: it is smaller. It’s the iOS or Android architecture, you find different types of vulnerabilities, different types of attacks, which work and deliver the same types of malware. “

Finally, consider something useful for your digital health – regardless of platform, it always helps you pay attention to what you install, what links you open and where you enter your personal, crucial data. As much as cybersecurity is held by manufacturers, software developers and specialized companies, so important is the most vulnerable “component” of the entire chain: you, me, us – users. This is also the problem mentioned in the title. We may never reach the 100% safe point. But we can bring that percentage as close to 99% or more as possible. And we do it without taking into account the myths.