Advanced Mobile Threats 101

Smartphones are an especially valuable target for hackers, as these devices can be transformed into always-connected spying tools turned against their users. This glossary highlights the advanced threats and tactics facing smartphone users.

IMSI Catcher

A fake cell tower that can be used to capture cellular data from a connected smartphone.

About IMSI Catchers
Mobile espionage

The practice of stealthily gathering data about a target via their smartphone.

How Does It Work?
Phone tracking

The practice of observing a smartphone user’s locations and movements.

What Are The Risks?
Radio frequency attack

A type of smartphone attack over a wireless protocol that forces a smartphone to connect to untrusted equipment.

Data At Risk
Spyware

A type of smartphone malware that is secretly installed on a targeted device to silently observe and gather information.

About Mobile Espionage
Zero-click attack

A type of attack that gives the operator the ability to install spyware on a smartphone without any interaction with the target.

How Does It Work?

Know the basics

Term Definition Example
Vulnerability A security weakness within a system that can be leveraged by a threat actor A threat actor discovers a usable flaw in a popular messaging app
Exploit The means – typically a piece of code – through which a vulnerability can be leveraged for malicious activity The threat actor writes exploit code for the discovered vulnerability
Threat The possibility that a system can be compromised by a threat actor’s activities or methods, often involving one or more exploits With the vulnerability not yet patched by the vendor, a potential target is under threat that their smartphone can be used for spying
Risk The potential for loss, damage or destruction of assets or data as a result of a threat, determined by the severity of impact and the likelihood of occurrence The potential target experiences an increase in the risk that their sensitive information will be discovered
Attack The realization of a threat via an active offensive action by a threat actor The threat actor performs a zero-click attack to stealthily install spyware on the smartphone of a target
Vulnerability
Definition
A security weakness within a system that can be leveraged by a threat actor
Example
A threat actor discovers a usable flaw in a popular messaging app
Exploit
Definition
The means – typically a piece of code – through which a vulnerability can be leveraged for malicious activity
Example
The threat actor writes exploit code for the discovered vulnerability
Threat
Definition
The possibility that a system can be compromised by a threat actor’s activities or methods, often involving one or more exploits
Example
With the vulnerability not yet patched by the vendor, a potential target is under threat that their smartphone can be used for spying
Risk
Definition
The potential for loss, damage or destruction of assets or data as a result of a threat, determined by the severity of impact and the likelihood of occurrence
Example
The potential target experiences an increase in the risk that their sensitive information will be discovered
Attack
Definition
The realization of a threat via an active offensive action by a threat actor
Example
The threat actor performs a zero-click attack to stealthily install spyware on the smartphone of a target