When you own a computer, you know you need security, and the same may even be true of owning smartphones, too.
One of the more frustrating things to deal with when owning gadgets of any kind is the security risk associated.
For instance, when you walk around on a holiday carrying expensive gear, it’s often a good idea to have some insurance in case some nefarious individual tries to go after you and takes it from you. In that horrible situation, the gadget can at least be paid for and returned with a new one, even if things like memories will go with a digital camera’s memory card disappearing.
You can’t really get insurance for a computer or even a smartphone, but the data — that part that you can’t return if something is stolen — is the critical thing, and so we protect what we can by backing up and keeping the information locked down.
Backing up is easy, but getting into the habit can be a drawn out thing, but provided you do this every month to every few months with your most important files, you’re at least saving yourself heartbreak.
But locking down your information is a different matter altogether, and with millions upon millions of security risks, it makes sense to be an adult and grab security software, and this has been the general guidance for anyone owning a computer for over the past 15 years, especially as we started to communicate and connect more effectively using that thing called the internet.
Your phone, however, isn’t seen as something to protect, and while many devices have security software made available to it, few people invest in this location. Call it an expectation of the mobile manufacturer to lock down the environment, because that’s often what we expect: you buy an Apple, so Apple protects you, and you buy a Samsung and its Knox software keeps your Android phone locked down.
These systems aren’t foolproof, however, and in the case of some extreme forms of security attack, a suggestion of mobile security is recommended.
In the case of a recently detected malware called “Pegasus”, security company Bitdefender highlighted an ability to steal messages, call records, take screenshots, log keyboard keystrokes from smartphones, and take control of a phone’s camera and microphone, essentially turning a device into a pocket spy for the cybercriminal who happened to release the virus.
“Even though Pegasus was detected on a limited number of devices worldwide, it is a tough reminder about how ill-intended parties can leverage the flexibility of the Android operating system and build rogue applications for surveillance and monitoring,” said Bitdefender’s Bogdan Botezatu.
“Smartphones “hear” and “see” almost everything we do 24h a day, 7 days a week, while other Android implementations, such as Smart TVs see the most intimate moments of our private life,” he said.
Essentially, Pegasus is a “Remote Acces Trojan”, also known as a “RAT”, a piece of software that can take over a device by being innocuous at first, but then revealing itself to be exactly what the Trojan horse was: a decoy with a nasty sting.
Trojans aren’t new in the mobile security world, and tend to be among the most severe of security attacks, but they’re rare in the mobile world, with most mobile security attacks occurring as either intrusive ad-based malware or ransomware developed to lock down those important files you’ve forgotten to back up and charge you a ransom in order to gain access again.
But with a form of Trojan now making its way to mobile devices, the recommendation is pretty clear, especially as security experts have seen this coming due to how common mobile operating systems like Android OS have become.
“Considering Android is estimated to have overtaken Microsoft Windows for the first time as the world’s most popular operating system in terms of total internet usage across desktop, laptop, tablet and mobile combined, it’s likely that malware with similar RAT capabilities will proliferate,” said Botezatu.
It’s not hard to see from this what the security professionals are going to advise: a security software subscription, and one that’s kept up-to-date.
In Australia, we haven’t yet heard of Pegasus or any of its Trojan siblings doing any local damage, but now that Google has discovered a form that can attack mobile apps, you can bet it will be doing its best to stop it from proliferating on its App Store.
Currently, this attack is only being used on Android, and while Google and its partnered manufacturers will plug the hole as quickly as possible, attacking operating systems will not stop. After all, Android may have more users than Windows globally, but iOS is still a big target, and Apple has had to plug a hole in the past year for something very similar.
So what’s the solution?
Right now, your best bet is to stay safe, reading before you touch or click, and if you can, finding some security software that doesn’t feel like it costs you much at all.
On Android, we’d suggest the free version of security apps that scan application installs, with software from Symantec or AVG or any other major security company getting the apps looked at before they become a part of your phone. Remember to only install apps from the official app store, too, and if a website ever tells you to install an app, question it, close the window or tab, and try finding that same app in the official app store. If it doesn’t exist, you know you’re dealing with a scam.
On iOS with the iPhone and iPad, that’s not really much of a big deal, just make sure to keep your phone and tablet up-to-date, because your security fixes will come through official updates.
And if you’re at all concerned, do what you’ve been told to do on Windows and Mac all this time: invest in security. At least it’s a markedly safer option than hoping nothing bad happens.