Fortinet, a cyber security solutions company, reminds Malaysians on the high cybersecurity risks associated with using ‘compromised’ smartphones, following a recent announcement by Malaysia’s largest banking group Maybank to ban access by ‘jailbroken’ iPhones and Android smartphones to its mobile banking app.
“Jailbreaking or rooting is the process of hacking mobile devices to bypass Digital Rights Management (DRM) restrictions by disabling a key feature of the operating security architecture system which is the sandbox feature. This will allow the device’s owner to run unauthorized software, change the existing operating system and provide access to users’ critical data,” said David Maciejak, Head of FortiGuard Lion R&D team, Asia Pacific, Fortinet.
“Once a device has gone through jailbreaking, the user runs the risk of opening his or her device up to malware apps. A flaw in the jailbreaking process creates vulnerabilities and provides easy access for cyber criminals to remotely plant malware onto a user’s device,” added Maciejak.
Fortinet said there are many security concerns on a jail-broken device which users may not be aware of. As jailbreaking removes the security restrictions on a mobile device, some apps may be given access to the core functions of the phone such as contact lists and the ability to send emails or make calls.
With the increasing frequency of cybersecurity attacks on mobile devices, it is crucial for Malaysians to apply best practices and deploy mobile security measures.
Fortinet offers Top 5 mobile cybersecurity tips that users may find useful in minimizing cyber threats on their mobile devices:
1. Download Trustable Applications Only
Only download app from trusted sources, such as reputable app stores and download sites. Remember to look at the developer name, reviews and star ratings.
2. Strengthen Authentication on your Phone
All major smartphone operating systems allow users to automatically lock their phones after a period of inactivity. Unlocking can be done by entering a personal identification number (PIN) or fingerprint. Avoid easy-to-guess numbers like “1234”, and use more than four digits for the PIN and leverage the fingerprint reader as far as possible. Ensure data can be remotely wiped so that if the phone is ever lost or stolen, users’ data will be difficult to access.
3. Firmware Updates
Make sure to download firmware updates including the browser as soon as they are available for your device in order to avoid any malicious exploits of security holes in outdated versions.
4. Keep Your Personal Data Private
Refrain from providing your phone number to websites unrelated to your professional activity. For example, there is no reason to provide your cell phone number on your personal Facebook account.
5. Turn Off Bluetooth After Use
Do not use public Wi-Fi networks for bank transactions and turn off Bluetooth connection when not in use. Such measures remove a possible attack avenue which can act as open windows for eavesdroppers intercepting the transaction or installing spyware and other malware on user’s mobile devices.