Do you need antivirus on your phone?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so one of the questions I still get asked a lot is whether or not you need an antivirus on your phone now the standard answer I typically give out to this is that if you're a typical user who only uses your phone with standard built-in apps like messaging camera maps and social media probably not which is interesting because that's not what I tell you if you're using a Windows desktop I still recommend installing a third-party antivirus there having said that there's obviously a lot of nuance to that decision and I wanted to cover in this video some of the threats that do exist for phones and the level of sophistication they're at what role antiverse technology if any can play in the prevention of such threats and the differences between IOS and Android so we're going to start the story by talking about Pegasus one of the most sophisticated phone malware ever to exist probably and this was developed by the NSO Group which is an Israeli cyber company which also happens to work with their government if I'm not mistaken so in terms of sophistication we're talking like nation state actor level the interesting thing of course about Pegasus is that it can be installed on an iPhone so the whole notion that iPhones cannot be infected that they're inherently secure was kind of washed away with this one major incident and just to give you a quick idea of what Pegasus is capable of we've got a graphic over here so it shows all the attack factors so you can get infected Via SMS WhatsApp iMessage some unknown vulnerability in a third-party app and then it's in your phone and the capabilities it has once it gets on your phone tries to get Rude access and harvest your data and what can get is all your SMS data all your emails your WhatsApp chats photos and videos can activate the microphone activate the camera record calls I mean in some sense this is one of the most sophisticated Espionage tools that anyone can have right just imagine having a tool on a person that you can can use to record what they're saying at any moment you can see what their texting or you can see their GPS data so you can track them in real time anywhere they go you can look at their calendar so you can see what's coming up what events they're attending now think how scary this is for political purposes or Espionage right like just imagine if a foreign power is able to infiltrate the phone of a president or prime minister and track everything they're doing it's genuinely terrifying how we've all got these um little devices in our pockets that if used incorrectly can be deadly absolutely deadly I mean imagine somebody's trying to assassinate you they get access to this you're pretty much done at that point so putting all of that up there as capabilities for nation-state actors to harness what are more traditional attacks that everyday users get on their phones now surprisingly it's much lower in sophistication so the most typical thing you're likely to get on your phone is a scam or a phishing link sent via messages or email now if it's sent via email it's pretty much the same whether you're on your computer on your phone if it's messages then there may be a component where they expect you to text back and that's how scam might begin a lot of those techniques are more reliant on social engineering rather than technical exploitation in that case a security app may not necessarily make a huge difference especially if the communication is being carried out via phone messages rather than websites because if it's a phishing link you could say well in theory an antivirus or an extension could block that but beyond that the capabilities are quite limited now in terms of access to data the way the iPhone works for most traditional apps prevents third-party apps from acting as malware because every app is kind of like its own sandbox so even if theoretically you've got a ransomware on your iPhone phone it can only encrypt data that you put into its own folders so it wouldn't be much of a ransomware on Android however the story is quite different so you could have malicious packages that act as typical computer ransomware and we've had these since I think 2017 we've got screen lockers we've got things like this that take over your screen ask you for payment into some wallet this is very standard ransomware Behavior same thing that you would see on the desktop of course it's in Cyrillic um locks up your device and then says the service of your device is temporarily suspended all of your personal data is encrypted blah blah blah and then they may pretend to be somebody like FBI whatever we've seen uh computer malware like for a locker do that and in this case even if you did pay the ransom by the way you wouldn't get control of your device back entirely so the malware would still persist there are also crypto miners on Android much more variety in terms of the threats that do exist and that's because I think the custom application side of Android is much more prominent it's much easier to get an app installed you can have third-party apks whereas on an iPhone that would require jailbreaking or you're only installing apps from the App Store and it is difficult for a malware author to get a legitimate app listed on the app store and then replace it with malware there may have been one or two instances of that but it's just not widespread enough to be a threat not to say that the App Store doesn't have its own problems but when it comes to day-to-day malware attacks Android is definitely more susceptible having said that again Android is only more susceptible if you're installing third-party apks it's not like if you're going to the App Store and downloading YouTube you're likely to get a Trojan injected via that process so a lot of this depends on your use case so now that we've talked a little bit about what kind of threats exist I guess it's worth talking about well what an antivirus can do now most antivirus programs on mobile can look for existing threats so they might be able to scan your apps and tell you that Apex is malware they may also be able to do that on a periodic basis and pretend that there's some kind of real-time protection where they're telling you oh you installed a malicious app but the sophistication is much less than what you would get on a desktop environment where they can actually look at the behavior of each app and decide if something is acting maliciously unfortunately that level of sophistication is just not there when it comes to most Security Solutions on mobile phones so in most cases as an average user you're likely not going to be impacted if you install one of those now going Beyond typical antivirus functions now if you want to protect your network activity is it worth installing a VPN on your phone absolutely it's the same thing as on your desktop similarly you should also use a password manager anything related to your internet activity is still crucial and you're just as susceptible to fall into a social engineering trap on your phone as on your computer and that nicely brings us to the sponsors of this video this video is brought to you by malloc a VPN and security app for your phone it's available for both iPhone and Android importantly it's got data shield and it can protect you against spyware crypto mining ads and even adult content if you want to but what's so special about this VPN is that it can scan for spyware like citrox and Pegasus remember the major nation state security threat we talked about you can actually check if your iPhone's got it by downloading it using the link in the description it's a really handy tool and we're going to test it out by visiting XM rig a crypto mining site and as you will see we will not be able to access it while connected they've also got a host of privacy features if you're on Android you can block a lot of telemetry on your device so do check them out using the link in the description thank you all so much for watching please like and share the video If you enjoyed it this is Leo and as always stay informed stay secure

Info

Channel: The PC Security Channel

Views: 38,843

Rating: undefined out of 5

Keywords: The PC Security Channel, TPSC, cybersecurity, cyber security, computer security, internet security, antivirus, anti malware, ransomware, trojan, virus, PUP, best antivirus, best internet security, learn cybersecurity, hacking, hack, security, technology, cyber insurance, cybersecurity degree, best EDR, EDR

Id: OIo9aVcrnN8

Channel Id: undefined

Length: 8min 34sec (514 seconds)

Published: Fri Nov 25 2022