It has been published by Rachit Garg.
Table of Contents
As human civilization evolves in a myriad of meandering ways, it is only understandable that the dimensions of technological sophistication will grow manifold correspondingly. This socio-technological phenomenon can be best observed through a raft of cool gadgets and devices that aim to usher in an unparalleled sense of comfort at our fingertips. It’s nothing short of a technological renaissance where the yardsticks of revolution are benchmarked more through “Clicks”, “Bleeps”, “Pings”, “Buzzes”, “Likes”, “Comments”, “Views” and “Share”.
Means of influence and its extent of expanse
Indeed. Few modern inventions have influenced and shaped our way of interacting with our immediate surroundings like mobile phones have. Truth be told, it has not devised a way to transform our world. Rather, “it” has become the way itself. From being a clutch of disconnected archipelagos to one unified global village, pervasive mobile connectivity has been the chief catalyst in this silent socio-technological reformation that has swept mankind off its feet.
The arc of human progress has been dramatically broadened by mobile communications due to their transformative powers, despite the fact that the tangible resources resulting from our latest technological innovations are at our fingertips in a way never seen before.
Furthermore, with the mobile internet, we are in for a total paradigm shift since smartphone computing now acts as the unique portal to a parallel, virtual world whose dynamics are decidedly different. Mobile internet has completely revolutionised the way we access and use a lot of day-to-day stuff through an unfettered stream of information. However, this so-called digital diet that we are being fed through an array of mobile apps at each moment is not an out-and-out wholesome blessing.
Far from it. Mobiles spew out the good, the bad, and the ugly all at once, making them the perfect double-edged sword to deal with from the standpoint of cybersecurity in particular. The stealthy steps of digital encroachment that we are all being subjected to by a plethora of mobile apps and various online platforms have their fair share of pitfalls. Some of these apps are good, some of them are bad, and some of them are downright a menace, acting under the benign camouflage of so-called “utility”.
Cybersecurity and the spectrum of dangers
But the discourse of cybersecurity is not that simple and follows rather a serpentine and crooked path of trick and deceit, often smacked, as it were, with an ulterior motive to penetrate and eventually exploit the slightest lacunae, vulnerabilities, or whatever gaps in security that those apps or online platforms offer, intentionally or inadvertently.
With the sheer mushrooming of various banking and financial apps that deal with colossal databases containing absolutely crucial and vitally sensitive personal and non-personal data, the implications of data security or any breach of it are far-reaching and perennially pregnant with dangerous consequences for any organisation or individual as well.
Avenues of traps and risks
Easy, entertaining, and powerful enough to juggle multiple tasks while being online at the same time are what make smartphone computing a lucrative domain for potentially dangerous cyberattacks. Due to their increased popularity and pervasive usage, today’s mobile devices have evolved to be incredibly powerful tools that can house a lot of different types of information, both sensitive and non-sensitive, and, most importantly, can share them with others absolutely at will and across platforms. Now, let’s look at some of the potential areas, or so-called traps, from which cyberattacks spring into action:
Developers who follow weak coding practises may inadvertently leave an in-built lacuna or two for hackers to exploit later. Such poor design faux pas may stem from various factors, including the practise of different coding procedures by the concerned developers. Sidestepping secure coding practises may just metamorphose into an unwitting invitation to perilous prospects. Such non-standard practises are always fraught with risky possibilities that may leave the entire app vulnerable to the shadowy attacks of hackers.
Poor or weak authentication mechanisms
The absence of an authentication process, weak authentication processes, or easy, predictable passwords that can be manipulated or guessed are another potent source of threat. The use of automated tools to repeatedly guess login credentials until the hackers finally break into the system and gain complete access is another doomsday scenario in all such cases. The sense of threat is compounded all the more by the fact that mobile applications do not require online authentication on every attempt. This particular loophole leaves the entire application potentially exposed to all sorts of cyberattacks.
Inadequate data encryption
Lack of proper encryption protocols can lead to data being intercepted midway through or during storage, with its confidentiality severely compromised. Hackers exploiting this lacuna can be in a position to steal, tamper with, or do anything they want with those data. Observing a high standard of encryption while transferring any data is an absolute must to safeguard its integrity.
Unpatched, un-updated apps
The perils of unpatched software are another shadowy area where the possibility of a potential attack lurks silently yet definitely. Developers generally release updates and patches to plug the known loopholes in the system. Failure to do so, either by the developer or by the end-user, makes the app that much more susceptible to hacking and eventual exploitation since the compromised database may just find its way to the dreaded dark web. The reason is that hackers are always on the prowl to locate and manipulate any such flaw in the older versions of the software.
Social engineering attacks
Social engineering is an umbrella term consisting of various nefarious and unethical methods that hackers employ to trick people psychologically into revealing some confidential information that they would not have done otherwise. While other forms of cyberattack exploit the technical flaws of the system itself, social engineering manipulates the frailties, biases, and emotions of the human mind and psychology that operate the very system. Hackers can use any one social engineering tactic or a combination of multiple tactics to ultimately gain unauthorised access to that very system. Some of the social engineering tricks include:
Phishing attacks involve malicious attempts that trick the victim into believing a particular email, message, link, or website is completely legitimate and genuine. Once the victim clicks the link given inside, it either installs malware or takes them to a fake website that ultimately steals their confidential information like login credentials, credit card numbers, CVV, etc. These sinister efforts often mimic a trusted source, thus hatching a wicked ploy to trap an unsuspecting victim into its cobweb only to betray him or her treacherously in due course of time.
Pretexting involves orchestrating a scenario where hackers impersonate the identity of someone in authority, like a representative from the bank, a specialist from tech support, etc., to gain the trust of the victim and ultimately secure all the confidential information. Along with that, the hackers also employ various soft skills to lend a touch of genuineness to the entire heist under camouflage.
Baiting attacks make use of something that appears pretty lucrative and enticing. It could be a USB drive or any electronic device labelled alluringly so that the victim feels tempted enough to accept and use it ultimately on his machine, computer, or laptop. And when he eventually engages with that bait, he just unwittingly helps install deadly malware in his system, thus paving the way for the data to be stolen or tampered with.
Spearphishing attacks are also phishing attacks but done with more thorough preparation and background research. In such cases, hackers generally do detailed research on the potential victim in advance and then send highly personalised mail spiced up with individual details or specific social references that mirror a sense of legitimacy, albeit highly camouflaged. Owing to their sophistication, these attacks are highly difficult to isolate and avoid.
Malware or trojan apps
Downloading malicious apps from third-party app stores or websites, disguised as completely benign and harmless, can be treacherous. Once installed, they can not only toy with the confidentiality and integrity of the data stored in the system but also the various utilities of the system itself in a perfidious manner.
Apart from all these deceitful ways and methods discussed above, hackers can employ tailgating, intimidation, or even highly personalised impersonation in the form of a voice message or email address of a close colleague to obtain access to very sensitive or highly classified information.
Mobile devices these days, by their sheer ability, have the capacity to store a wealth of personal and non-personal information within their memory while acting as perhaps the most powerful gateway to connect with the digital world out there. However, their widespread popularity makes them soft prey for an array of digital predators operating at the shadowy intersection of information and ignorance.
However, the following measures can largely mitigate, or better yet, shut down completely, in some scenarios at least, the dreaded prospect of a breach in data security and confidentiality and, in the process, save millions of dollars, as well as any resulting irreparable dent in the trust and respect of the investors and potential investors in the image and credibility of the concerned company:
- Use strong passwords and enable two-factor authentication (2FA).
- Download apps only from trusted sources.
- Keep your operating software and apps up to date.
- Review and limit app permissions.
- Use a mobile security app.
- Be cautious with public charging stations.
- Periodically review app permissions.
- Encrypt your device.
- Use a VPN on public Wi-Fi.
- Regularly backup your data.
- Keep the device physically safe and secure.
- Disable Bluetooth and Wi-Fi when not in use.
- Be careful about what links you click on
It should be noted that in this ever-evolving digital landscape of mobile security, complying with and maintaining even the above fourteen measures might not prove sufficient at times. In this age where the value of information is only spiralling upward, keeping yourself abreast of the latest technological developments and breakthroughs must form your first line of defence against these cunning, manipulative attempts to con you and your near and dear ones. And all these apply to developers and end-users alike.
Cybersecurity is a shared responsibility and you alone cannot win the war, even though you may win the battle. By being proactive and vigilant individually, you not only remain one step ahead of the curve but also ensure that you participate and contribute optimally in this collective crusade.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: