This article will discuss about mobile device security and challenges. Mobile security, or also mobile device security has become increasingly important in mobile computing. Of particular concern is the security of personal and business information now stored on smartphones.
More and more users and businesses use smartphones to communicate, but also to plan and organize their users’ work and also private life. Within companies, these technologies are causing profound changes in the organization of information systems and therefore they have become the source of new risks. Indeed, smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company.
All smartphones as computers are preferred targets of attacks. These attacks exploit weaknesses inherent in smartphones that can come from the communication mode—like Short Message Service (SMS, aka text messaging), Multimedia Messaging Service (MMS), wifi, Bluetooth and GSM, the de facto global standard for mobile communications. There are also exploits that target software vulnerabilities in the browser or operating system. And some malicious software relies on the weak knowledge of an average user. According to a finding by McAfee in 2008, 11.6% users had heard of someone else being affected by mobile malware, but only 2.1% had personal experience on such problem. However, this number is expected to grow.
Security countermeasures are being developed and applied to smartphones, from security in different layers of software to the dissemination of information to end users. There are good practices to be observed at all levels, from design to use, through the development of operating systems, software layers, and downloadable apps.
Challenges of mobile security
A smartphone user is exposed to various threats when they use their phone. In just the last two-quarters of 2012, the number of unique mobile threats grew by 261%, according to ABI Research. These threats can disrupt the operation of the smartphone, and transmit or modify user data. So applications must guarantee privacy and integrity of the information they handle. In addition, since some apps could themselves be malware, their functionality and activities should be limited (for example, restricting the apps from accessing location information via GPS, blocking access to the user’s address book, preventing the transmission of data on the network, sending SMS messages that are billed to the user, etc.).
There are three prime targets for attackers:
- Data: smartphones are devices for data management, and may contain sensitive data like credit card numbers, authentication information, private information, activity logs (calendar, call logs);
- Identity: smartphones are highly customizable, so the device or its contents can easily be associated with a specific person. For example, every mobile device can transmit information related to the owner of the mobile phone contract, and an attacker may want to steal the identity of the owner of a smartphone to commit other offenses;
- Availability: attacking a smartphone can limit access to it and deprive the owner of its use.
There are a number of threats to mobile devices, including annoyance, stealing money, invading privacy, propagation, and malicious tools.
- Botnets: attackers infect multiple machines with malware that victims generally acquire via e-mail attachments or from compromised applications or websites. The malware then gives hackers remote control of “zombie” devices, which can then be instructed to perform harmful acts.
- Malicious applications: hackers upload malicious programs or games to third-party smartphone application marketplaces. The programs steal personal information and open backdoor communication channels to install additional applications and cause other problems. Malicious links on social networks: an effective way to spread malware where hackers can place Trojans, spyware, and backdoors.
- Spyware: hackers use this to hijack phones, allowing them to hear calls, see text messages and e-mails as well as track someone’s location through GPS updates.
The source of these attacks are the same actors found in the non-mobile computing space:
- Professionals, whether commercial or military, who focus on the three targets mentioned above. They steal sensitive data from the general public, as well as undertake industrial espionage. They will also use the identity of those attacked to achieve other attacks;
- Thieves who want to gain income through data or identities they have stolen. The thieves will attack many people to increase their potential income;
- Black hat hackers who specifically attack availability. Their goal is to develop viruses, and cause damage to the device. In some cases, hackers have an interest in stealing data on devices.
- Grey hat hackers who reveal vulnerabilities. Their goal is to expose vulnerabilities of the device. Grey hat hackers do not intend on damaging the device or stealing data.
Feel free to contact E-SPIN for mobile device monitoring, vulnerability & threat and mobile security solution.
To know more about Mobile Security, please click on the link below.