Mobile Security has become a crucial aspect of protecting sensitive data and information. Malicious attacks once focused on PC’s have now shifted to mobile phones and applications. Mobile makers are aware of this fact and are investing heavily in security.
Mobile device attacks can be split into 4 main categories:
These categories are a generalization of the various types of attacks and now we’ll take a closer look into the types of issues that are currently plaguing mobiles. This is not an exhaustive list by any means, but one will begin to understand just how at risk mobile devices are.
1 – Physical Security
Lookout Labs estimated that a mobile phone was lost in the USA every 3.5 seconds in 2011 – and that nearly all who found lost devices tried to access the information on the phone. Now, I hope the “access” was an attempt to determine the owner, but who knows? Even temporarily misplacing a phone can put sensitive data at risk.
2 – Multiple User Logging
Mobile phones have come a long way, but they are still not versatile machines like computers. Multiple users on mobile devices still have trouble in opening unique protected accounts. Simply put, what one user does on a mobile device is hardly a private affair. Customizable 3rd party solutions are available, but it’s much safer when phones are not shared.
3 – Secure Data Storage
Mobile phones need good file encrypting for strong security. After all, who wants sensitive corporate data to end up in the wrong hands? Without the proper encryption, not only are personal documents up for grabs, but also passwords to bank, credit card and even business apps. Encrypting sensitive data ensures would-be thieves gain a whole lot of nothing.
4 – Mobile Browsing
Perhaps one of the best features of mobile devices is the ability to browse the web on the go, but this also opens up the mobile phones to security risks. The problem is that users cannot see the whole URL or link, much less verify whether the link or URL is safe. That means that users could easily browse their way into a phishing-related attack.
For a deeper look into mobile device security, check out the iPhone forensics course offered by the InfoSec Institute.
5 – Application Isolation
There are mobile applications for just about everything, from social networking to banking. Before installing any app that comes your way, be sure to read the application access request for permission agreement. This often overlooked agreement contains valuable information regarding specific permissions on how the app is to access your device.
Be mindful of what your application purports to do and what it is that it actually does. Chances are a calculator application does not need access to the internet or your personal information.
6 – System Updates
People have a tendency to point fingers at mobile device vendors when it comes to security mishaps, but they aren’t always to blame. Updates and patches designed to fix issues in mobile devices are not quite as cut and dry as with PCs. Mobile devices vendors often release updates and patches, but unfortunately carriers don’t always stream them due to commercial or bureaucratic reasons.
7 – Mobile Device Coding Issues
Sometimes developers make honest mistakes, inadvertently creating security vulnerabilities via poor coding efforts. Many times there is bad implementation of encrypted channels for data transmission or even improper password protection. Ineffective development can lead to security weaknesses whether in PCs or mobile phones.
8 – Bluetooth Attacks
As easy as Bluetooth is to use, it can be just as easy for attackers to gain access to one’s phone and everything stored within. It’s fairly simple for a hacker to run a program to locate available Bluetooth connections and Bingo – they’re in. It’s important to remember to disable the Bluetooth functionality when not in use.
9 – Malware on the Rise
As is the case with computers, malware is rather damaging to mobile phones. The news does not get any better either. 2014 is projected to be far worse, leaving industry leaders and mobile device users no choice but to become proactive about mobile protection. For example, take the Android malware incident in January which impacted more than 600,000 phones.
10 – Serious Threats in New Features
Newly added features and updates are serious risks too. The Neat Field Communication, or NFC, technology is a prime example. NFC is designed to allow people to use their mobile phones as a wallet to purchase products. Unfortunately, all one needs to do to take over the mobile device is brush a NFC chip embedded tag over the phone.
It should not come as a surprise that security is such a problem considering the wide variety of mobile devices and smartphones available today. Every phone and mobile OS has its own unique security issues and one should always take precaution, especially as we are becoming increasingly dependent on our mobile devices.
This article was contributed by Rohit T, a security researcher for the InfoSec Institute, an IT security training company in business since 1998.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.