SMISHING & GREYWARE: Come again?

0
4308

Let’s talk about some areas of mobile security that fly under the proverbial radar; Smishng & Greyware. These are terms that the 99.99% of users never hear nor understand the implications of these threats. Let’s break it down;

Smishing – SMS Phishing. This is a simple derivative of the common term “phishing”, which implies using social engineering to trick an unsuspecting user to provide information and/or access to sensitive content. This attack method is predominantly used in conjunction with banking/financial phishing attempts as users are more susceptible to fear-based motivation with regards to their financials.

Greyware – refers to mobile adware and nuisance-based functionality of apps. Malicious apps that have subroutines aimed at gathering sensitive information are on the rise. Tapping into location services, access to the microphone/audio, and having the ability to prompt the user with false notifications are common avenues of nuisance functionality that can be harmful.

It is important to understand that using a mobile device that stores sensitive information can be harmful if the actions of the user are unsafe. Considering the average user uses social media, online banking, and email on their mobile device – these are the three main avenues of attack vectors hackers will attempt to exploit. The financial gain from obtaining an email with its paired password will lead to the compromise of all three elements. This is because the average user uses the same email and password combination for all their services. Password variation is industry best practice for a reason, it is a step in the right direction to avoiding a security breach.

We must be vigilant, we must be ready, and most of all, we must be educated!

 

Adam Zimmerman, Security Solutions Architect

CDW Canada

With over six years of experience in the technology industry, Adam’s experience covers information security operations, cyber security advisory, penetration testing, and advanced exploitation. Adam’s primary focus is  helping organizations build strong security practices and prepare for potential attacks.

Adam holds a Masters in IT Security from the University of Ontario Institute of Technology, where he successfully developed a malware classification tool with a security firm based in Ottawa.  Additionally, he has worked on several cyber consulting engagements as a lead security researcher and was able to develop an exploit for the FAA’s NextGen Air Traffic Control Management System.

Adam currently serves in the Canadian Armed Forces as a Second Lieutenant where he holds a  command position as a Troop Commander for 32 Combat Engineer Regiment of Toronto; specializing in mobility denial and facilitation, tactical breaching, controlled munitions disposal, and various humanitarian support operations.