We've come a long a long way from the days when cellular telephones were used for making phone calls only. Today phones can not only make calls, but they are essentially small computers, capable of doing just about everything that a full-size computer can do.
Since the average person now uses their smartphone for everything from emailing to banking, it only makes sense, then, that cybercriminals are looking at smartphones as a new frontier in the landscape of data theft and cybercrime. The threat of malware and viruses to smartphones is real, with even legitimate app stores constantly removing potentially harmful apps from their offerings.
However, smartphones aren't the only targets for cybercriminals, and in fact may be nothing more than a tool to infect other devices and access bigger payloads. If you use your smartphone as a USB device - that is, you connect it to your computer to sync information (including photos, calendar data, and more) you should be aware of a potentially dangerous threat to your data.
Can a Smartphone Be a Carrier?
Now, you might be thinking, How could my smartphone infect my PC? They have two completely different operating systems.
And while technically you are correct, smartphone to PC malware isn't necessarily designed to infect both machines. In most cases, malware that spreads via USB - which in this case, would be your phone - is a Trojan, hiding behind something else to infect your computer and then cause it to perform unauthorized actions.
For example, say that you download an app from a website, not an official app store where the apps are tested and vetted to block harmful code. The app itself works as it's supposed to, and doesn't show any indication that it's hiding anything malicious. Except when you connect your phone to your computer to download photos from your weekend vacation, the app delivers the Trojan to your computer, where it might begin wreaking havoc immediately, or hide in the background for weeks or even months until something triggers it to act.
Such infections are especially worrisome in the age of Bring Your Own Device, or BYOD. Criminals attempting to gain access to sensitive enterprise networks may develop applications to appeal to corporate users and that won't raise any red flags on mobile device management systems, but which can infect computers when users connect their devices to synchronize contacts or calendars.
Keeping the Intruders Away
Admittedly, reported smartphone-to-PC infections are rare, but it's still important to take precautions. These include:
- Using powerful virus protection that updates in real time. In most cases, your antivirus software will block Trojans or other malware from being delivered via smartphone.
- Disabling Autorun or Autoplay to prevent your computer from automatically installing and running any unidentified malware from your phone.
- Treat your smartphone like the computer that it is. Run antivirus software on your phone to protect against malicious applications, and only install apps from reputable sources.
- Don't connect your phone to unfamiliar computers. While your phone won't become infected by PC malware, it can become a carrier and later infect any other computers it's connected to.
Don't Fall for This Scam
While your smartphone itself can actually infect your computer, there's also a growing problem of users getting viruses thanks to a phone call.
The scam works like this: Unsuspecting PC owners are receiving unsolicited phone calls from someone claiming to be from Microsoft, or in some cases, a computer security. The caller purports to be getting in touch to notify the PC user that there is some type of problem with their machine, and asks for permission to access it remotely to fix the problem. If they get that permission and gain access to the computer, they then have free reign to wreak havoc. People who have fallen victim to the scam report that the caller not only installed malware onto their machines - which they then charge a premium to remove - they also had trouble regaining control of their machines from the criminals.
The best way to avoid falling victim to this type of scheme and inadvertently infecting your computer is to just hang up if anyone makes an unsolicited call claiming to be from Microsoft or another major computer company. Simply put, large companies like Microsoft are not going to take the time to call individual users to notify them of potential issues. If you called for support and provided your information, you may need to provide some type of remote access, but never allow access to a stranger.
Smartphones are useful tools, but they can also be dangerous if you don't take precautions. To protect your data - or your company's data - take precautions to keep malware off your device, and don't let just anyone access your computer.