Security News

- Previous Post >>

How to secure your mobile phone and check for spyware?


To effectively detect if your mobile phone has been compromised or infected with spyware, as well as to secure it from potential future attacks, it is important to follow some security best practices.
Below, we will cover a thorough guide aimed at personal and work phones, which are often unprotected compared to corporate laptops with more advanced security tools (EDR/XDR) which are not often found on mobile phones.

  1. Detecting potential compromise on your Mobile device
    1. Review device configuration:
    2. Regularly inspect your phone's system settings and installed apps. Look for any configurations or applications that seem unfamiliar or that you did not intentionally set up.
      • Installed Apps: Unrecognized applications, especially those in foreign languages or from unknown developers, could indicate potential spyware. If you discover suspicious apps, consider a full device reset.
      • Permissions Review: Check app permissions. If simple apps (like a crossword puzzle app) have access to sensitive features (e.g., microphone, camera, or location), this could be a red flag.
      • Security Settings: Review biometrics and other login mechanisms. Ensure all biometric profiles are legitimate and that there aren't any unauthorized additions (how many fingers did you register?).
      • VPN and Certificate Verification: Confirm that VPNs and certificates on your device are ones you've authorized. Rogue VPNs or certificates could intercept your data.

    3. Specific app deep dive:
    4. Review how the apps you are using the most are setup, especially the ones involving some forms of communication.
      • Linked Devices: Check apps like WhatsApp or Signal for unknown linked devices.
      • Email Forwarding Rules: On a computer, inspect email rules to detect unauthorized forwarding, which can silently copy your communications.
      • Backup Settings: Ensure cloud backups are legitimate. Disable any backup to unfamiliar services or unexpected locations.

    5. Install/Use security software:
    6. Security apps can help detect signs of compromise.
      • Only use reputable, paid antivirus apps, as free versions often lack robustness or introduce privacy risks.
      • While antivirus solutions are limited on mobile devices, they can detect known malware.
      • Backup analysis tools, like the Mobile Verification Toolkit (MVT), can help by analyzing backups for signs of compromise, such as spyware. Originally developed by Amnesty International Security Lab, MVT identifies spyware, including advanced threats like Pegasus.
      • Consider using encrypted communication app: WhatsApp with end-to-end encryption turned on, Signal, MS Teams, etc.

    7. Monitor network traffic:
    8. All malware/spyware need to communicate back home, these "call backs" could be detected.
      • Connect your phone to a network with an Intrusion Detection System (IDS) to monitor its traffic.
      • IDS solutions like Security Onion and SELKS can detect unusual traffic patterns, such as data being sent to known malicious domains or unexpected countries.
      • For comprehensive monitoring, use your device over the network for a prolonged period to catch sporadic malicious connections.

  2. Steps to secure your phone against future threats
    1. System and App configuration:
    2. Maintain your phone and app "health".
      • Regular Updates: Keep your OS and all apps updated, as updates frequently patch vulnerabilities that attackers exploit.
      • Limit App Permissions: Revoke unnecessary permissions, especially sensitive ones like camera, microphone, and location. Permissions should align with the app's purpose.
      • Strong Authentication: Use Multi-Factor Authentication (MFA) through apps like Microsoft Authenticator or Google Authenticator for key accounts. Avoid SMS-based MFA due to its susceptibility to SIM-swapping attacks.
      • Mobile Device Management (MDM): For companies, all work phones should be managed through an MDM with a minimum set of required security controls

    3. Network Security:
    4. Be mindful to where you are and how is your data transmitted.
      • VPN Use: When using public or unfamiliar networks, use a reputable paid VPN like ProtonVPN, NordVPN, or PIA. Avoid free VPNs, which often compromise privacy for profit.
      • Secure WIFI Connections: Connect only to trusted networks, and consider turning off automatic Wi-Fi connections to avoid accidental connection to rogue networks.
      • WIFI clean up: regularly review what known WIFI network are setup in your phone, remove the ones you are not using anymore (i.e.: KFC free wifi? Starbucks free wifi? )

    5. Backup Strategy and Verification Tools:
    6. Be ready if you need to start over and keep your phone safe.
      • Regularly back up your phone, preferably offline, and scan these backups with tools like MVT for assurance.
      • Avoid "rooting" or "jailbreaking" your device, as this removes built-in protections, increasing vulnerability to spyware and malware.

    7. Awareness and Proactive Behavior:
    8. Think before you click.
      • Review Security Alerts Carefully: Avoid blindly clicking "Yes" or "Continue" on security prompts, especially for permissions and app requests. Take a moment to assess each prompt's legitimacy.
      • Educate Yourself on Phishing: Phishing remains a common attack vector. Familiarize yourself with tactics to spot phishing attempts via SMS, email, or app notifications.

    9. Consider a Full Device Reset:
    10. If all fails, use the "Nuclear Option"
      • If there are signs of compromise and you're concerned about security, reset your device to factory settings. During this process:
      • Use a separate device (such as a laptop) to reset your critical account passwords.
      • Be meticulous with the apps and data you reinstall; consider each item's necessity and trustworthiness.
By following these measures, you can significantly improve your phone's security posture, minimizing the risks of spyware, malware, and other forms of compromise.
Additionally, these practices establish a strong foundation of digital/security hygiene, safeguarding your privacy and data.

Furthermore, companies concerned with mobile security for their staff should consider implementing a "Mobile Health Service" based on the best practices outlined above.
This service would allow all employees, or only VIP personnel, to visit a designated hot desk for a quick, 15-minute phone "health check."
This approach ensures that staff can easily and promptly receive professional assessments to safeguard their devices against potential security threats.

- Previous Post >>