Contactless Technology Attacks Threaten Individuals, Businesses

By | Managed Services News

Aug 14

Hackers know people are using their mobile devices now more than ever.

With COVID-19 related social distancing requirements, contactless technology like quick response (QR) codes are skyrocketing in popularity and frequency. But contactless technology also poses a threat to users less familiar with their risks and more curious to scan them.

Contactless technology attack vectors typically include QR codes, barcodes and magstripes on credit cards and ID cards. A hacker can embed a malicious URL containing custom malware into a QR code. It could then exfiltrate data from victims’ devices when scanned.

A malicious URL in a QR code could also direct to a phishing site. The site then encourages victims to divulge banking or other personal information, which the hackers could then steal.

To learn more about the threat posed by contactless technology, we spoke with Alex Mosher, MobileIron‘s global vice president of solutions. He also talks about how unified endpoint management (UEM) can help stop contactless technology attacks.

MobileIron's Alex Mosher

MobileIron’s Alex Mosher

MobileIron’s phishing protection for iOS and Android devices now detects and remediates phishing attacks across all mobile threat vectors.

Channel Futures: Have attacks involving contactless technology increased during the pandemic?

Alex Mosher: I don’t necessarily think there has been a greater volume of contactless attacks, but we’ve seen an increase in attacks across other mobile threat vectors during the pandemic. Hackers know that people are using their mobile devices – and in many cases, their own unsecured devices – more than ever before to connect with others, complete online payments and access corporate data. That’s why they are increasingly targeting mobile devices and applications with sophisticated attacks. I expect we’ll continue to see mobile attacks trend upward as the pandemic continues to surge.

CF: Do contactless technology attacks threaten both individuals and businesses? If so, how?

AM: Yes, contactless attacks threaten both individuals and businesses. A contactless attack on your mobile device could not only result in your personal information being compromised, but it could potentially weaponize that device against your company and result in sensitive corporate data being leaked. That’s why enterprises need to ensure mobile devices that have access to business resources are secure.

CF: Why are so many mobile users left unprotected from these types of attacks?

AM: It’s easy to manipulate users on mobile devices because people interact with mobile devices much differently than they do with laptops and desktops. For example, the mobile user interface prompts users to take immediate actions, while limiting the amount of information available due to small screen size. That’s why being able to stop attacks on mobile devices is incredibly important.

CF: Can MSSPs and other cybersecurity providers help prevent contactless technology attacks? If so, how?

AM: MSSPs and other cybersecurity providers need to help today’s companies rethink their security strategies to focus on the technology at the center of the everywhere enterprise: mobile devices. A mobile-centric zero trust security approach can provide the visibility and IT controls needed to secure, manage and monitor every device, user, app and network being used to access business data.

CF: How can UEM help protect against these types of threats?

AM: With UEM, organizations can achieve comprehensive control over their business data and employees can increase productivity. A UEM solution allows for continuous enforcement and protection of data, both on the device and on the network. Organizations can also build upon UEM with a mobile threat defense solution to detect and remediate mobile threats such as contactless attacks, even when a device is offline.

Network Security Startup Scores $40 Million in Funding

Perimeter 81, a secure access service edge (SASE) and network-as-a-service provider, has completed a $40 million Series B funding round led by Insight Partners.

The financing will help support Perimeter 81’s growth, and accelerate the company’s …

About the Author