Version française: 🇫🇷
Mobile phones are an integral part of everyday life. Their use in every aspect of life, personal as well as professional, makes them a prime target for malicious actors. Mobile phones actually offer unique opportunities for attackers, stemming from their specific use and functions, despite the regular upgrading of their security by mobile vendors. Attackers mobilising varying capabilities in the pursuit of different objectives are indeed observed regularly exploiting vulnerabilities residing in the wireless networks connecting the devices (Wi-Fi, Bluetooth, cellular network), in the operating systems or in the applications installed on the mobile devices. ANSSI has in particular observed state-sponsored cyber espionage and surveillance operations targeting mobile phones and relying on capabilities either developed in-house by the sponsoring state or acquired from specialised companies offering privately-operated and developed cyber offensive capabilities. These companies facilitate access to sophisticated technologies which, in turn, support the emergence of new threat actors, raising the global threat level. Mobile devices also constitute a prime target for cybercriminal actors hijacking their victim's funds. To a lesser extent, mobile phones are also exploited for detabilisation purposes and privately-operated surveillance operations.This document introduces the various technical methods deployed by malicious actors to compromise mobile phones, and also offers an overall view of the various cyber threats affecting mobile phones, accompanied by real-life examples of cyber attacks observed in France or elsewhere. It also addresses specific security recommendations to users of mobile devices.
Télécharger le rapport : Mobile phones
Threat landscape since 2015
