Are You Ignoring Your Phone Security?

Do you consider your phone security when you think about general IT security? Unfortunately, many of us have it only as an afterthought…if we consider it at all. While a majority of folks have come around to understanding the need for extra steps to protect ourselves and our businesses while on a PC, it may not be as evident that a phone can be a security breach in many of the same ways a PC can.

After all, we use our phone for many of the same basic tasks. We commonly enter passwords and access sensitive and personal material. Because of these things, phone security is tantamount to any IT security in most ways.

Luckily, many of the same processes and protections we use for PC use can also apply to phone security. We’ve covered many different techniques, approaches, and ideas in past blogs posts which can apply to both traditional PCs and mobile devices. (Here are some quick links to articles on 2022 IT Resolutions, security while traveling, and business continuity if you’d like a refresher.)

More specific to phone security, however, is a recent malware example called BRATA. Belonging to a family of tools called RATs—Remote Access Trojans—the Brazilian Remote Access Tool Android has been around for a few years but has reared its head with some nasty new features. Generally speaking, a software trojan (named after the Trojan Horse of Greek Mythology) is any malware that attempts to trick a user as to its true intent. As outlined in this article from Bleeping Computer, BRATA has tailored approaches to attempt to convince a user to download the seemingly helpful app, including via SMS indicating a security app specific to a certain bank.

The user may then be sent to a website intended to impersonate the actual website of the intended bank. In some cases, live technicians are available to help with the install. As Paul Wagenseil at tomsguide.com describes:

Of course, the technician is really a crook, and the permissions you’ve given the new app hand over control of your phone. They include the abilities to see what you type and do on the phone, make phone calls, send and view text messages, access saved photos and files and — most importantly — act as a “device administrator” that can lock and unlock the screen, modify system settings and remote wipe the device.

This, of course, is a very scary prospect as it would allow theft of sensitive passwords and destruction of any evidence remotely.

This can lead to issues for individuals and businesses alike. One could have all the phone security in the world, but if it is intentionally or unintentionally bypassed, that phone security is rendered inept.

A few tips for remaining safe against BRATA and other RATs:

Only download apps from Play/Apple store
Do not grant/revoke unnecessary access (and grant “only when using app” access for things that do make sense)
Use MFA whenever possible, to include apps or sites
Only plug phones in to trusted charging OEM devices
Don’t trust SMS messages from unknown sources or even known sources with unusual requests
Use a trusted bank app (downloaded from the appropriate app store) rather than clicking a link to a browser, especially from an SMS message
Install antivirus on Androids for increased phone security
Create company mobile management policies for any devices that access work assets

There’s no doubt…it can be a lot to think about. If your business needs a helping IT hand to work on phone security or general IT issues, don’t hesitate to CONTACT our team of experts and we can get you headed in the right direction!

Tabbie Coulter

great professional service and very timely!! would highly recommend for your IT needs.

Jessie Palma

I love this company. They have soo much talent there and they always fix it so quickly! They are very professional and courteous! I've gotten to know some of them because we treat each other like human beings :) It's like having an extended family.

Fernando Perez

Awesome management! Great company.

Joseph Silbaugh

I needed to add an older laptop to the business account for my use on the road. CIO did everything remotely for me. It made the task so easy. They updated everything, added my office 365, my 3 emails and checked everything. Great job, quick and efficiently no stress. I recommend them highly

Kay Westerhold

Always a quick response. Issue solved and can continue on with the task every time. Great job CCIO!!

Bill Fissell

The service was prompt, friendly and knowledgeable. Could not ask for more than that.

Kevin Slack

Upgraded our router with Comcast. It did not go smoothly until Steve Plumlee got involved and got everything working well. When Steve is working on our IT issues, they get resolved. Amen.

Hickory Falls Family Entertainment Center

Thanks for going more in-depth with your engineers and investigating solutions and resolving some of our email challenges.

Bill Moorman

Certified CIO is a smart, professional and friendly team of engineers to work with. I am a bright person but computers can make me feel incompetent. The team at Certified CIO never allows you to feel awkward even asking the most basic questions. You have been a lifeline many times. Thanks for your support.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Better IT for Business. Call Today! (717) 340-6000 (443) 283-0666

Are You Ignoring Your Phone Security?

Share This Story, Choose Your Platform!

Better IT for Business. Call Today!
(717) 340-6000
(443) 283-0666