ANSSI, France’s national cybersecurity agency, argues that smartphones have become a prime target for threat actors and is calling for stronger protective measures.
The ubiquity of smartphones and the sensitive data they handle, both privately and professionally, has made them an interesting target for cybercriminals, state-sponsored threat actors, and so-called Private Sector Offensive Actors (PSOA).
That’s why, over the past few years, ANSSI has handled several cases involving mobile phones compromised due to irresponsible use or spyware targeting individuals.
To better protect citizens, businesses, and organizations from the growing and diverse threat landscape, France’s cybersecurity agency and the United Kingdom have published a comprehensive report on how to handle these risks.
The report examines how attackers exploit weaknesses and vulnerabilities in cellular networks, WiFi, Bluetooth, and NFC to intercept communications, track user movements, or remotely exploit malware. Specifically, the rise of zero-click attacks is worrisome because such attacks leave no visible traces.
Operating systems and applications may also serve as an intrusion vector for threat actors to collect sensitive information from victims. Data obtained in this manner may, in turn, be reused to launch phishing campaigns or gain persistent, undetected access to a specific network or device.
Due to the increasing risks to both society and the corporate sector, France and the United Kingdom are advocating for stronger security measures. To mitigate these threats, both individuals and organizations should play their part.
ANSSI recommends that users disable wireless features such as WiFi, Bluetooth, or NFC if they’re not in use. In addition, public networks shouldn’t be used because you don’t know who is secretly looking over your shoulder. They can also be spoofed.
Furthermore, operating systems and software should always be kept up-to-date. Users should only rely on strong and unique passwords, and app permissions should be restricted. Instead of SMS-based verification, users would be smart to trust authentication apps.
Operating systems should be hardened by enabling OS-specific features, such as Lockdown Mode in iOS and Advanced Protection Mode in Android.
Lastly, users are advised to protect their smartphones with non-biometric passcodes. ANSSI doesn’t explain why we shouldn’t use fingerprints or facial recognition to safeguard our devices.
Your email address will not be published. Required fields are markedmarked