Monitoring activity and data usage. Currently, almost all MDs have a multitasking mode and allow running several processes in the background. In the first versions of the OS for MD, developers did not pay such significant attention to usability and interface issues, providing mobile users with the ability to fine-tune control over the activity of mobile applications. Currently, the simplification of the interface has almost completely deprived users of the ability to influence running processes and services. These changes allowed malware and spyware to remain on MD for a long time unnoticed. The table below presents typical scenarios, goals and risks of interception of information on MD.
Almost all of the presented risks have already been realized on one or another MD and OS; the risk of confidential information leakage from MD should not be underestimated.
Unauthorized connection to the network. Most spyware and malware will need a channel to communicate with the control center after infecting MD. In the case of "sleeping" malware, the delay between infection and sending information outward can exceed several months.
Similarly, controlling malware on infected devices requires a data channel to enable functionality and real-time control, such as turning on the microphone or taking covert photos. The table below shows the most common methods for unauthorized network connections and the risks associated with them.
Vector
Risk
E-mail
Allows you to send data of any size and format
SMS
Can be used to send service commands and control the backdoor
HTTP get/post
A complex browser-based attack vector that can also be used to command and control an infected device
TCP/UDP socket
A low-level attack vector that also allows sending data of any format and size
DNS
A difficult to implement low-level attack vector that allows taiwan whatsapp data to be secretly transmitted from a device
Bluetooth
Transfer data of any size and format, within Bluetooth range
WLAN/WiMAX
A complex high-speed attack vector for infecting and then controlling and managing a device
The presented attack vectors can be combined in the context of a targeted attack, infection can occur via email or SMS, and subsequent control of the malware is carried out from a close distance via Wi-Fi or Bluetooth.
It is worth noting that the risk of a targeted attack is significantly higher when connecting to public Wi-Fi networks, for example, in an airport waiting room or in the subway. According to the results of an analytical study by the company "Security Code", more than 70% of users connect to public Wi-Fi networks.