Warning: Smartphones are facing a wave of sophisticated cyberattacks.

According to ANSSI, the popularity of smartphones and the amount of sensitive data they store, from personal photos and location information to bank accounts and work data, has made these devices an attractive target for any group, from cybercriminals to state-backed actors.

In recent years, ANSSI has had to deal with an increasing number of phone-related intrusions, including cases where users were tracked through spyware or exploited due to vulnerabilities resulting from unsafe usage habits. These attacks are becoming more sophisticated, harder to detect, and on a larger scale.

In response to this alarming situation, ANSSI and the UK's National Cyber ​​Security Centre (NCSC) have collaborated to release an in-depth report analyzing how attackers target mobile devices. The goal is to help governments, businesses, and users understand the risks and implement appropriate defense measures.

The report indicates that attackers could exploit this vulnerability through:

1. Vulnerabilities in mobile networks and wireless connectivity

- Mobile networks from 2G to 5G: attackers can intercept communications or locate users.

- Public Wi-Fi: easily spoofed or eavesdropped on.

- Bluetooth and NFC: These can be exploited for intrusion or data theft if users do not turn them off when not needed.

Most concerning are zero-click attacks, a type of attack that doesn't require the user to click on a link or download any files. They directly exploit vulnerabilities in the operating system or application, making them virtually undetectable to the victim.

2. Vulnerabilities in operating systems and applications

ANSSI stated that operating systems, despite significant security efforts, can still become "backdoors" for hackers. A malicious application or a minor vulnerability can allow attackers to read messages, collect location data, access personal photos and files, install tracking software, and maintain control of the device for extended periods without detection.

The stolen data is used to carry out phishing, extortion, or deep intrusions into organizations' internal networks.

The threat to businesses and society is becoming increasingly serious.

ANSSI warns that the blending of personal and work devices makes smartphones a dangerous "gateway" for businesses for the following reasons:

Many employees store passwords, important documents, and work emails on their phones.

- Personal devices are often not managed by enterprise security policies.

- Spyware can monitor high-level communications, posing a risk of industrial espionage.

With increasing reliance on mobile devices, the impact of cyberattacks is spreading from individuals to society as a whole.

ANSSI recommends urgent protective measures.

The French cybersecurity agency has issued a series of recommendations to mitigate risks:

- Turn off wireless connections such as Wi-Fi, Bluetooth, and NFC when not in use. These connections can be exploited remotely without the user's knowledge.

- Avoid using public Wi-Fi networks. Many public Wi-Fi networks are rigged with listening devices or are impersonated to steal data.

- Always keep your operating system and applications updated. Updating and patching security vulnerabilities is the most important factor in preventing zero-click attacks.

- Use strong passwords and restrict app access, granting each app only the minimum necessary permissions.

- Prioritize authentication apps over SMS codes because SMS codes are easily intercepted through vulnerabilities in mobile networks.

- Activate advanced security features of the operating system such as Lockdown Mode on iOS and Enhanced Protection Mode on Android. These two modes are especially useful for people at risk of being targeted.

- Do not use biometrics to unlock devices. ANSSI recommends using passcodes instead of fingerprints or facial recognition, although it does not state the reason, experts believe that biometrics are easily forced into unlocking devices in certain sensitive situations.

Smartphones are becoming one of the most heavily targeted devices in the world. Warnings from ANSSI indicate that the sophistication of these threats has far exceeded the awareness of the average user.

Therefore, raising security awareness, limiting unnecessary connections, and implementing the protective measures recommended by ANSSI are crucial to safeguarding personal data as well as the safety of both businesses and society.