Since they first broke onto the market, mobile devices have captured consumer interest as an easy, efficient way to access the Internet. In February 2014, that interest reached critical mass, when smartphone and tablet apps overtook PCs as the most popular way to access the web. This ever-increasing shift has been mirrored in PC sales, which suffered their greatest decline ever in 2013. During that same year, smartphone adoption increased 39 percent, according to research firm IDC, and other studies have shown similar trends in tablet sales.
Now that mobile devices have nosed ahead of PCs in overall popularity, they’ve earned the attention of hackers, who’ve begun targeting mobile operating systems with a new generation of viruses. To keep data safe, users must act accordingly by ensuring that their phones and tablets are more secure.
The Evolution of Ransomware
For years, cybercriminals have used a type of malware called ransomware to hijack PCs. Now, these same entities have begun targeting mobile devices with this same nefarious tactic. In simple terms, ransomware is a type of malware which restricts access to the computer it infects, while demanding some sort of “ransom” to lift the restriction. Most commonly, it takes the form of a false warning which claims that a computer has been locked for showing illegal activities. It may also falsely warn the user that a virus has been detected and then direct the user toward specific software to erase it. Whatever the case, ransomware can render a device unusable or worse.
In recent months, mobile devices began falling victim to these attacks. In June, researchers at Kaspersky Lab revealed that Android mobile devices have been targeted by a major Trojan, which quickly spread to more than 13 countries. Detected as Trojan-Ransom.AndroidOS.Pletor.a, the ransomware infected thousands of phones by encrypting data to disrupt function.
This recent outbreak was just one of several affecting Android devices, which appear to be most vulnerable because they allow users to download third-party apps. Still, because mobile devices hold so much critical data, including payment, personal and sensitive business information, experts agree that cybercriminals will continue to widen their nets, creating new malware aimed at devices that aren’t currently affected.
There are numerous security apps available for most brands of mobile devices; however, experts disagree on their actual value. Since they aren’t currently targeting actual data, mobile malware attacks are being viewed as more of a nuisance in the IT community. Still, because they house critical information, these devices are clear targets for cybercriminals, who are sure to develop increasingly clever ways to circumvent even the latest security methods.
In response to the growing threat, mobile device manufacturers are beginning to develop built-in security features for future devices. In the meantime, users can protect themselves by carefully scrutinizing third-party apps, and avoiding suspicious media files and games. Likewise, they should always update their operating systems to the most current versions, which should contain patches against the newest security threats.
How it’s Impacting the Payment World
Because they breed fear, mobile malware attacks have had a chilling effect on consumer attitudes toward mobile payment technology. According to a report from PayPal which surveyed over 15,000 consumers, although 78 percent of respondents regard paying online as easy, 42 percent don’t use their mobile devices to do it. While many cited a number of different reasons, a large percentage blamed concern about theft of payment data as their main concern.
Still, as troubling as this may seem, the data actually shows that U.S. consumer confidence in mobile payment technology is substantially higher than it is around the world. To maintain and improve this outlook, it’s important for financial institutions to educate their customers about their security and fraud prevention measures designed to keep their transactions safe regardless of the initiating device.