Login Book a call
Search
Clear search icon

Debunking mobile device security risk myths

Rob S
mobile device security risk myth
Back to blog

Table of contents

Want to speak with sales?

Book a call

Misinformation about mobile device security spreads faster than a viral meme. These misconceptions tend to create a false sense of security, which is precisely what cybercriminals rely on. 

So, it’s time to separate fact from fiction. Let’s debunk some of the most common mobile device security risk myths.

Myth 1: Mobile phones are more secure than desktops

Spurred by the outdated belief that most breaches occur within Windows systems, most people assume that mobile devices are innately safer than desktops. 

Despite built-in security features such as biometric authentication, encryption, and sandboxing, mobile devices are just as vulnerable to cybersecurity risks as computers. 

Their portable nature, the rise in mobile phishing, and side-loaded apps are just some of the reasons for this.  

On the whole, no device is more secure than any other, and each has unique vulnerabilities.

Myth 2: No one can track my phone if location services are off

Disabling location services helps but doesn’t make your device completely invisible. Whether you use an iOS or Android phone, there are ways to track it without GPS. 

Proximity-based tracking is an alternative that uses signal strength, access points, and device interactions to infer locations. Examples include:

Cell tower triangulation

First developed to help emergency services locate callers, cell tower triangulation measures the time delay a signal takes to travel back to multiple towers from your phone. Then, it translates the delay into a distance that gives an estimated device location.

Wi-Fi tracking

Wi-Fi tracking detects unique identifiers, like the media access control (MAC) address of devices that connect to or pass near Wi-Fi access points. Tracking these identifiers as the device moves allows systems to gather location data without an active network connection.

Bluetooth tracking

Bluetooth tracking relies on signals emitted by Bluetooth-enabled devices when they are within range of sensors or beacons. 

Beacons are often present in:

  • Airports
  • Retail shops 
  • Smart buildings 
  • Museums

Want to know more about the mobile threats facing small businesses? Check out our latest research report

Myth 3: I’ll know if my phone’s been hacked

It’s easy to assume you’ll be able to tell if your phone’s been hacked. Unfortunately, that’s not always the case. Estimates suggest that over 70% of malware employs stealth-oriented techniques to minimise visibility and evade detection. 

Stealth malware operates quietly in the background without the signs we’ve come to associate with comprised devices, such as: 

  • Freezing 
  • Strange pop-ups
  • Overheating 
  • Poor battery life 
  • Unexplained account activity 

Its primary purpose is to silently collect sensitive data, including passwords, messages, and banking information.

Myth 4: Only high-profile individuals need to worry about mobile security

While celebrities, executives, and politicians are prime targets for cybercriminals, most cyberattacks target ordinary people. 

The majority of cyberattacks are automated and launched at scale – an approach that will only increase with the rise of AI-powered cybercrime. 

The ‘spray and pray’ method targets a large number of individuals through mass, automated attacks. Even if a small fraction of the attacks succeed, hackers can still acquire vast amounts of confidential information.

Myth 5: I can’t be hacked twice

If you’ve ever heard the saying that lightning never strikes the same place twice, you’ll know it’s neither true for lightning nor cyberattacks. 

In reality, being hacked once makes you more vulnerable to future attacks, not less. Let’s look at why.  

  • Exposed personal information: hackers may have access to sensitive data like passwords or security questions. They can sell this information on the dark web. 
  • Credential stuffing: once your login details are exposed, cybercriminals are likely to use them to try and access other accounts and platforms.
  • Copycat attacks: if a company experiences a breach, and it’s covered in the media, other hackers might take notice and attempt similar attacks.

Myth 6: iPhones are immune to viruses

Apple devices have historically been more secure than Android devices due to iOS's closed nature and built-in security features. 

However, it’s a mobile security risk myth that they don’t get viruses. They’re rare but not unheard of.

Jailbreaking is a common tactic that cybercriminals use to remove the software restrictions operating systems impose, making the device, vulnerable to malware and viruses.

Myth 7: Multi-factor authentication provides complete security

There’s no doubt that enabling multi-factor authentication (MFA) significantly improves cybersecurity, but it’s not infallible. 

Cybercriminals have developed ways to bypass MFA. Some of their tactics include: 

  • MFA fatigue attacks: cybercriminals flood your device with repeated MFA requests, hoping you’ll approve one. 
  • SIM swapping: hackers steal your phone number via SIM swapping, redirecting MFA codes to their device. 
  • Brute-force attacks: some MFA relies on weak security questions, which hackers can guess.

Know the facts, protect your mobile device

It’s time to face the facts – cybercrime is only getting more sophisticated. Don’t be misled by mobile device security risk myths, which breed complacency and make you vulnerable to threats. Instead, stay up to date on cybersecurity developments and keep your mobile device safe.

Did you know 59% of SMEs provide no mobile cybersecurity training to staff? Find out why this is a problem and what to do about it in our SME Mobile Threat Report.