A Better User Experience Could Reduce Smartphone Security Issues
A Better User Experience Could Reduce Smartphone Security Issues GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Internet & Security
400tmax / Getty Images Many people fail to appreciate the extent of sensitive information in their smartphones and believe that these portable devices are inherently more secure than PCs, according to recent reports. While listing the top issues plaguing smartphones, reports from Zimperium and Cyble both indicate that no amount of built-in security is enough to prevent attackers from compromising a device if the owner doesn’t take steps to secure it. "The main challenge, I find, is that users fail to make a personal connection of these security best practices to their own personal lives," Avishai Avivi, CISO at SafeBreach, told Lifewire over email. "Without understanding that they have a personal stake in making their devices secure, this will continue to be an issue."
Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire Hidden Android Administrator Apps What Is 'Whaling?' Wi-Fi vs. Ethernet: Which Do You Need? Microsoft Edge Could Make Zero-Day Bugs a Thing of the Past A Brief Introduction to Computer Network Security Encrypted Messages on Multiple Devices May Increase Risks, Experts Say Finding and Using the Windows 7 Firewall Warhammer+ Could Be Better Than Expected Be Careful, Your Smart Home Gadgets Are a Security Risk You Could Still Be at Risk From the Log4J Vulnerability Sony's New Camera Sensor Shows Smartphones Still Have Room to Improve That Call From Your Bank Might Be a Scam Experts Say It's High Time We Stop Relying on Passwords Smartphone Hacks Are on the Rise, Experts Say Apple’s New Lockdown Feature Isn’t for You Be Careful, That Password Pop-Up Could Be Fake Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies
A Better User Experience Could Reduce Smartphone Security Issues
But people need to take responsibility, too
By Mayank Sharma Mayank Sharma Freelance Tech News Reporter Writer, Reviewer, Reporter with decades of experience of breaking down complex tech, and getting behind the news to help readers get to grips with the latest buzzwords. lifewire's editorial guidelines Published on March 22, 2022 11:27AM EDT Fact checked by Jerri Ledford Fact checked by Jerri Ledford Western Kentucky University Gulf Coast Community College Jerri L. Ledford has been writing, editing, and fact-checking tech stories since 1994. Her work has appeared in Computerworld, PC Magazine, Information Today, and many others. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming Two recent reports highlight that attackers are increasingly going after the weakest link in the security chain: people.Experts believe the industry should introduce processes to make people adhere to security best practices.Proper training can turn device owners into the strongest defenders against attackers.400tmax / Getty Images Many people fail to appreciate the extent of sensitive information in their smartphones and believe that these portable devices are inherently more secure than PCs, according to recent reports. While listing the top issues plaguing smartphones, reports from Zimperium and Cyble both indicate that no amount of built-in security is enough to prevent attackers from compromising a device if the owner doesn’t take steps to secure it. "The main challenge, I find, is that users fail to make a personal connection of these security best practices to their own personal lives," Avishai Avivi, CISO at SafeBreach, told Lifewire over email. "Without understanding that they have a personal stake in making their devices secure, this will continue to be an issue."
Mobile Threats
Nasser Fattah, North America Steering Committee Chair at Shared Assessments, told Lifewire over email that attackers go after smartphones because they provide a very big attack surface and offer unique attack vectors, including SMS phishing, or smishing. Furthermore, regular device owners are targeted because they are easy to manipulate. To compromise software, there needs to be an unidentified or unresolved flaw in code, but click-and-bait social engineering tactics are evergreen, Chris Goettl, VP of Product Management at Ivanti, told Lifewire via email. Without understanding that they have a personal stake in making their devices secure, this will continue to be an issue. The Zimperium report notes that less than half (42%) of the people applied high-priority fixes within two days from their release, 28% required up to a week, while 20% take as much as two weeks to patch their smartphones. "End users, in general, do not like updates. They often disrupt their work (or play) activities, can change behavior on their device, and could even cause issues that can be a longer inconvenience," opined Goettl. The Cyble report mentioned a new mobile trojan that steals two-factor authentication (2FA) codes and is spread through a fake McAfee app. The researchers fathom the malicious app is distributed via sources other than the Google Play Store, which is something people should never use, and asks for too many permissions, which should never be granted. Pete Chestna, CISO of North America at Checkmarx, believes that it’s us who will always be the weakest link in security. He believes that devices and apps need to protect and heal themselves or be otherwise resilient to harm since most people can't be bothered. In his experience, people are aware of the security best practices for things like passwords but choose to ignore them. "Users don't buy based on security. They don't use [it] based on security. They certainly don't ever think about security until bad things have happened to them personally. Even after a negative event, their memories are short," observed Chestna.Device Owners Can Be Allies
Atul Payapilly, Founder of Verifiably, looks at it from a different point of view. Reading the reports reminds him of the often reported AWS security incidents, he told Lifewire over email. In these instances, AWS was working as designed, and the breaches were actually the result of bad permissions set by the folks using the platform. Eventually, AWS changed the experience of the configuration to help people define the correct permissions. This resonates with Rajiv Pimplaskar, CEO of Dispersive Networks. "Users are focused on choice, convenience, and productivity, and it is the cybersecurity industry's responsibility to educate, as well as create an environment of absolute security, without compromising user experience." The industry should understand that most of us aren’t security people, and we can't be expected to understand the theoretical risks and implications of failing to install an update, believes Erez Yalon, VP of Security Research at Checkmarx. "If users can submit a very simple password, they will do that. If software can be used although it was not updated, it will be used," Yalon shared with Lifewire over email. id-work / Getty Images Goettl builds on this and believes that an effective strategy could be to restrict access from non-compliant devices. For instance, a jailbroken device, or one that has a known bad application, or is running a version of the OS that is known to be exposed, can all be used as triggers to restrict access until the owner corrects the security faux pas. Avivi believes that while device vendors and software developers can do a lot to help minimize what the user will ultimately be exposed to, there would never be a silver bullet or a technology that can truly replace wetware. "The person that may click on the malicious link that made it past all the automated security controls is the same one that can report it and avoid getting impacted by a zero-day or a technology blind spot," said Avivi.Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire Hidden Android Administrator Apps What Is 'Whaling?' Wi-Fi vs. Ethernet: Which Do You Need? Microsoft Edge Could Make Zero-Day Bugs a Thing of the Past A Brief Introduction to Computer Network Security Encrypted Messages on Multiple Devices May Increase Risks, Experts Say Finding and Using the Windows 7 Firewall Warhammer+ Could Be Better Than Expected Be Careful, Your Smart Home Gadgets Are a Security Risk You Could Still Be at Risk From the Log4J Vulnerability Sony's New Camera Sensor Shows Smartphones Still Have Room to Improve That Call From Your Bank Might Be a Scam Experts Say It's High Time We Stop Relying on Passwords Smartphone Hacks Are on the Rise, Experts Say Apple’s New Lockdown Feature Isn’t for You Be Careful, That Password Pop-Up Could Be Fake Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies