You may still need a feature phone for safe calls, SMSes

NEW DELHI: In the wake of reported snooping attacks on smartphones owned by people who matter (WhatsApp-Pegasus spyware being the latest example), making that humble feature phone your secondary companion wont be a bad idea as it still has a smaller attack surface.

The feature phone in your pocket can be used for basic calling and texting requirements, keeping you away from the prying eyes of nation-state bad actors or individual hackers looking to spy on your data, as the device will be free of third-party apps that open possibilities of “backdoor” entry by hackers who exploit vulnerabilities lurking in the operating system and codes.

Smartphones today present more danger than ever. Researchers have found vulnerabilities that impact the camera apps of Android-based smartphones, presenting significant implications to hundreds of millions of smartphone users.

Reports also surfaced that hackers may use a critical vulnerability in WhatsApp to execute snooping attack on both Android and iOS devices via sending a downloadable MP4 file.

According to Prateek Bhajanka, Senior Principal Analyst at Gartner, it is high time that we acknowledge the fact that nothing is inherently secure, and 100 per cent security is unattainable and impractical.

“Yes, a feature phone has a smaller attack surface compared to smartphones, but it does have an attack surface. Large scale attacks leveraging SS7 vulnerabilities have come to light, which feature phones are subject to,” Bhajanka told IANS.

An SS7 attack is an exploit that takes advantage of a weakness in the design of SS7 (signalling system 7). While the SS7 network is fundamental to cellphones and its operators, the security of the design relied entirely on trust.

The fact is: We do not read or hear security breaches in feature phones often because smartphones are goldmines for data when it comes to people of importance — politicians, journalists, judges, celebrities, key members of the civil society and more.

Sanjay Katkar, Chief Technology Officer of cybersecurity firm Quick Heal, said that cybersecurity awareness and adoption in India, particularly among smartphone users, is extremely poor.

“Very few smartphone users have any security solution installed on their mobile devices. Most users also don’t follow basic security hygiene, such as applying software patches and updates, and often click on suspicious links without verifying their veracity,” Katkar told IANS.

This leaves Indian smartphone users vulnerable to threats in the cyberspace.

“With the global threat landscape evolving at a rapid pace, cyber-attacks are becoming more sophisticated. There will be more advanced threats to target smartphones, making these devices sitting ducks for such attacks,” he warned.

Tarun Pathak, Associate Director at Counterpoint Research, said that people would not switch device segment for security.

“There are still many basic things within a smartphone which people don’t know that can prevent them from being exposed to malware or fix the security issues (like software and security updates).

“In a mobile-first country like India, security is an elephant in the room and is one area which users still don’t rate high in terms of preference and there is lack of awareness on that front,” Pathak told IANS.

Moreover, said Bhajanka, implementing security or fixing security weakness in feature phones is all the way more difficult as embedded operating systems are difficult to patch and security vendors aren’t actively offering security products for feature phones.

“Also, the feature phones may relatively be more secure than smartphones, but they can’t be immune to state or nation-sponsored attacks or snooping which Pegasus is an example of,” Bhajanka informed.

The only option that remains, added Katkar, is to be wary of cyber-attacks and follow robust security hygiene to counter the growing risk.

“One must strike the right balance between security and convenience, and smartphone users should be more aware of security hygiene practices such as — do not download apps from illegitimate sources or publishers, do not click on weird links, have a passcode, etc.,” advised Bhajanka.

However, trying a feature phone as an additional device won’t be a bad idea, as it still remains a low-target, low-profile device.

(Nishant Arora can be reached at nishant.a@ians.in)