Introducing Checkmarx Software Composition Analysis (CxSCA)

Top-10 Essential Challenges of Mobile Security

Mobile Security has become a crucial aspect of protecting sensitive data and information. Malicious attacks once focused on PC’s have now shifted to mobile phones and applications. Mobile makers are aware of this fact and are investing heavily in security.

Mobile device attacks can be split into 4 main categories:

  • OS Attacks: Loopholes in operating systems create vulnerabilities that are open to attack. Vendors try to solve these with patches.
  • Mobile App Attacks: Poor coding and improper development creates loopholes and compromises security.
  • Communication Network Attacks: Communications such as Bluetooth and Wi-Fi connections make devices vulnerable.
  • Malware Attacks: There has been a constant rise in malware for mobile devices. The focus is on deleting files and creating chaos.

These categories are a generalization of the various types of attacks and now we’ll take a closer look into the types of issues that are currently plaguing mobiles. This is not an exhaustive list by any means, but one will begin to understand just how at risk mobile devices are.

1 – Physical Security

Lookout Labs estimated that a mobile phone was lost in the USA every 3.5 seconds in 2011 – and that nearly all who found lost devices tried to access the information on the phone. Now, I hope the “access” was an attempt to determine the owner, but who knows? Even temporarily misplacing a phone can put sensitive data at risk.

2 – Multiple User Logging

Mobile phones have come a long way, but they are still not versatile machines like computers. Multiple users on mobile devices still have trouble in opening unique protected accounts. Simply put, what one user does on a mobile device is hardly a private affair. Customizable 3rd party solutions are available, but it’s much safer when phones are not shared.

3 – Secure Data Storage

Mobile phones need good file encrypting  for strong security. After all, who wants sensitive corporate data to end up in the wrong hands? Without the proper encryption, not only are personal documents up for grabs, but also passwords to bank, credit card and even business apps. Encrypting sensitive data ensures would-be thieves gain a whole lot of nothing.

4 – Mobile Browsing

Perhaps one of the best features of mobile devices is the ability to browse the web on the go, but this also opens up the mobile phones to security risks. The problem is that users cannot see the whole URL or link, much less verify whether the link or URL is safe. That means that users could easily browse their way into a phishing-related attack.

For a deeper look into mobile device security, check out the iPhone forensics course offered by the InfoSec Institute.

5 – Application Isolation

There are mobile applications for just about everything, from social networking to banking. Before installing any app that comes your way, be sure to read the application access request for permission agreement. This often overlooked agreement contains valuable information regarding specific permissions on how the app is to access your device.

Be mindful of what your application purports to do and what it is that it actually does. Chances are a calculator application does not need access to the internet or your personal information.

6 – System Updates

People have a tendency to point fingers at mobile device vendors when it comes to security mishaps, but they aren’t always to blame. Updates and patches designed to fix issues in mobile devices are not quite as cut and dry as with PCs. Mobile devices vendors often release updates and patches, but unfortunately carriers don’t always stream them due to commercial or bureaucratic reasons.

7 – Mobile Device Coding Issues

Sometimes developers make honest mistakes, inadvertently creating security vulnerabilities via poor coding efforts. Many times there is bad implementation of encrypted channels for data transmission or even improper password protection. Ineffective development can lead to security weaknesses whether in PCs or mobile phones.

8 – Bluetooth Attacks

As easy as Bluetooth is to use, it can be just as easy for attackers to gain access to one’s phone and everything stored within. It’s fairly simple for a hacker to run a program to locate available Bluetooth connections and Bingo – they’re in. It’s important to remember to disable the Bluetooth functionality when not in use.

9 – Malware on the Rise

As is the case with computers, malware is rather damaging to mobile phones. The news does not get any better either. 2014 is projected to be far worse, leaving industry leaders and mobile device users no choice but to become proactive about mobile protection. For example, take the Android malware incident in January which impacted more than 600,000 phones.

10 – Serious Threats in New Features

Newly added features and updates are serious risks too. The Neat Field Communication, or NFC, technology is a prime example. NFC is designed to allow people to use their mobile phones as a wallet to purchase products. Unfortunately, all one needs to do to take over the mobile device is brush a NFC chip embedded tag over the phone.

It should not come as a surprise that security is such a problem considering the wide variety of mobile devices and smartphones available today. Every phone and mobile OS has its own unique security issues and one should always take precaution, especially as we are becoming increasingly dependent on our mobile devices.

This article was contributed by Rohit T, a security researcher for the InfoSec Institute, an IT security training company in business since 1998.

Jump to Category