Like each new year, 2016 brings the promise of technology that’s better than what was launched the year before. But along with the exciting tech products that we’re looking forward to seeing in 2016, there are a few less-than-exciting things to deal with in the new year. The worst of those? The security threats that you’ll need to watch out for in 2016. Read on to learn about the security threats that you’re most likely to hear about in the headlines in the coming months.
Min-Pyo Hong, chief executive of mobile security firm Seworks, reports for VentureBeat that terrorism “will overshadow mobile security concerns” in 2016. Hong predicts growing concern offer the use of apps like Telegram and Redphone, which use end-to-end encryption to prevent eavesdropping on users’ conversations, and even an increase in the ways that terrorists will use what appear to be innocent apps and media services to communicate with each other.
2. Payment app hacks
Hong also considers it likely that leading mobile payment platforms, like Apple Pay and Samsung Pay, will be “seriously compromised” in 2016. Hackers are most likely to do that not by actually breaking the systems’ algorithms, but by analyzing the systems to “identify bypass measures and vulnerabilities, leading to credit card information fraud, extortion, and unauthorized use.” Hackers have already added stolen credit card information to Apple Pay accounts without bank verification, and even apps like Venmo will be vulnerable to such exploits.
3. Mobile web browser exploits
Another piece of software that’s likely to be hacked in the coming months is the web browser you use on your smartphone. Hong notes that hacking via a mobile browser is one of the most efficient ways to compromise the entire device, since exploiting a browser vulnerability enables the hacker to bypass many of the device’s system-level security measures. Mobile versions of Chrome, Safari, and Firefox are likely as hackers find and exploit operating system and kernel-level vulnerabilities.
4. Remote hijacking or eavesdropping
One of the greatest things about Android is its open, customizable nature. But that’s also one of its biggest liabilities, especially when it comes to the apps that device manufacturers load onto their smartphones — apps that can open devices to remote hijacking. OEMs are expected to find and patch such vulnerabilities more frequently in 2016. But even user behavior can leave a device vulnerable to related attacks, such as the choice to enable your device to automatically connect to insecure networks, where insecure apps can leak your information, or hackers can intercept messages that you send or receive.
5. DDoS attacks
While denial of service attacks, which are aimed at making a service or resource unavailable to its users, have so far been an infrequent, if annoying, problem, Hong thinks that they’ll evolve significantly in 2016. Mobile devices and other Internet-connected devices will enable hackers to complete more advanced attacks by hijacking devices into DDoS bots and making it more difficult to detect and prevent attacks.
6. Internet of Things attacks
As The Cheat Sheet recently reported, many smart home gadgets and other Internet of Things devices aren’t secured against hacking, and many neglect basic security measures. They watch your activity, leave communications exposed, use vulnerable communication protocols, and neglect to protect your data and personal information. As more devices come online without basic protections in place, hackers will be more capable of gaining access to private networks and exploiting the many variables and vulnerabilities across them. Hackers will even be able to take control of networks of Internet of Things devices to launch attacks against other targets.
7. Extortion attacks
Kim Zetter reports for Wired that another big security threat to look forward to in 2016 is an uptick in extortion hacks, where attackers threaten to release sensitive company or customer data if the victim doesn’t pay a ransom or meet some other demand. High-profile extortion attacks on record for 2015 include the notorious Ashley Madison hack and the hack of InvestBank in the United Arab Emirates. Both exposed customer account information, and extortion attacks can also result in the exposure of company secrets and even customers filing lawsuits against the victimized company if it doesn’t handle the situation well.
8. Attacks that change data
One of the next big things on the security threat front is expected to be cyber attacks that change or manipulate data instead of simply deleting or releasing it. Even slight data alterations can have significant consequences, and Zetter notes that some data manipulations could even result in accidental deaths. Data manipulations can be difficult to detect until something drastic has happened.
9. Chip-and-PIN exploits
Banks have begun rolling out chip-and-PIN cards to thwart attackers who want to grab card data. These new cards are equipped with a chip that authenticates the card and generates a one-time transaction code. The system can’t stop fraud altogether, however. In some markets where chip-and-PIN cards have been available for years already, instances of fraud where the card is present have decreased. But instances of fraud where the card isn’t present, such as transactions completed online or over the phone, have increased. Because neither a PIN nor a signature is required when a card is used online, hackers can simply steal card numbers. More hacks aimed at doing so are likely to make headlines in 2016.
In 2016, you can expect to hear more about vulnerabilities created by backdoors, either ones created by the manufacturers of software or installed by hackers. Moreover, government agencies like the FBI and NSA are going to continue pushing for encryption backdoors in the new year.