The evolving dynamics of cyber threats targeting mobile communication infrastructure have made it imperative to strengthen security measures in this domain. These threats pose significant risks to all mobile communication users, particularly high-ranking individuals and those handling critical information. Such individuals' mobile devices, including state and personal communication tools, as well as internet-based communications, are primary targets for unauthorized interception or interference.
Considering the above, the following recommendations are suggested to enhance the security of mobile devices and communications:
Use "end-to-end" encrypted messaging applications supported by your mobile device's operating system. Additionally, when using such applications, pay close attention to the extent of metadata collection and storage by the application and its associated services.
Minimize the use of SMS-based multi-factor authentication (MFA): SMS messages are not encrypted, making them vulnerable to interception by threat actors with access to the telecommunications provider's network. Additionally, SMS MFA is not resilient to phishing attacks and is therefore not considered a robust authentication method for accounts belonging to high-profile or targeted individuals.
Strengthen the passwords for your digital accounts: Use password management applications (e.g., Google Password Manager, LastPass, 1Password, etc.) to create strong, unique, and random passwords.
§ Regularly update the system and applications on your mobile devices (enable the automatic update feature). Additionally, avoid using mobile devices for communication purposes if they no longer support the latest updates.
§ Exercise caution when using VPN (“Virtual Private Network”) solutions: The security and privacy policies of some free and commercial VPN providers may be inadequate or questionable.
§ Review app permissions: Check the permissions granted to applications (e.g., access to location, camera, microphone, etc.) through the “Privacy and Security” section of your device. Revoke any permissions that are not essential for the app's functionality.
§ "Additional Recommendations for iPhone Users":
§ "Enable 'Lockdown' mode: This mode helps protect devices against extremely rare and sophisticated cyberattacks."
§ "Activate 'Lockdown' mode: This mode is particularly designed to help protect devices from extremely rare and complex cyberattacks."
§ Use 'iCloud Private Relay': This service, designed to protect your privacy while using Safari, ensures that no one – not even Apple – can fully see your identity or the websites you visit."
"Additional Recommendations for Android Users":
§ "Keep 'Google Play Protect' enabled to detect and prevent malicious apps. Additionally, exercise caution when downloading apps from other sources."
§ "Enable the 'Always Use Secure Connections' option in the 'Settings' section of the 'Chrome' browser on your Android device. As a result, you will receive a warning before loading any webpage that does not support the 'HTTPS' protocol, which ensures secure data transmission between websites."
§ "Activate the 'Safe Browsing' feature in the 'Chrome' browser on your Android device. This feature provides additional protection against malicious websites, phishing attempts, and dangerous downloads."
Note: The information has been extensively based on the relevant guidelines from the Cybersecurity and Infrastructure Security Agency (CISA) of the United States.
For more detail: https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-best-practices.pdf.
