September 4, 2013
Mobile security is the latest threat to loom large on the burgeoning mobile user groups across the globe. Global software security giant Symantec’s report on mobile security has indicated that 35 percent of (adult) mobile users have either encountered mobile theft or lost their data, during the period 2010-2011. This is actually the period when the frequency of mobile threats almost doubled — making mobile phone users increasingly vulnerable to identity and data theft.
A.T. KEARNEY’s report on The Mobile Economy 2013 has revealed a steady surge in global mobile subscribers, which interestingly is growing four times faster than global population. However, this has also given rise to innumerable security threat issues like mobile device theft, mobile fraud, mobile spam and concerns around data privacy.
Here in this article, we make an attempt to explore and mitigate the mobile security risks that have been seeping into the mobile industry in 2013. Do you think your mobile too requires a 24/7 security shield, just like we have for PCs?
TOP MOBILE SECURITY THREAT ISSUES and SOLUTIONS
The exclusive delivery point for mobile applications in most cases (iPhone, Android, Windows Phone or Blackberry) is an app store or application marketplace where much of the devices’ security depends on the selection process at those distribution points.
Mobile devices tend to rely on applications to download and view data, running popular OS and web-based applications provided by the app stores, thus making them a target for application and OS vulnerability exploitations.
Solution: Deploy signature detection technology offered by an anti-virus or intrusion prevention system (IPS).
2. Malware Spread
In spite of several stringent measures incorporated by IT departments to secure internal applications, data and corporate devices, where they fail mainly is in securing the network from an individual Smartphone. The culprit here is the malware that can infect a user’s Smartphone from the public mobile network, then spread to the corporate network (evading perimeter security measures).
Solution: Behavioural analysis technology deployed by IPS.
Exploitation of Mobile Resources.
As many of you may be aware, Smartphones are an easy deployment target into botnets. The threat is botnet operators can install bot malware and then control the Smartphone (remotely) to send spam or launch network attacks. This may be intrusions like vulnerability hacking, network flooding, scanning or instinctive force as well.
Solution: Signature detection and behavioural analysis technology by IPS.
The economic slowdown or the global meltdown of 2009-10 still has its repercussions and has resulted in a censorship of IT and security budgets inclusive of the mobile industry. This has made things tough for IT managers because they are now required to manage the surging number of mobile users and the proportional threat perception to restricted mobile security budget.
Solution: The best you can do is join an effective lobby for budget escalations.
Another prominent security threat faced persistently by mobile users involves a kind of attack that directs packets to a mobile device stopping it from going into sleep mode. The perils of the attack can be detrimental because it involves sending as little as 40 bytes every 10 seconds, and in the process wastes ample resources, draining the Smartphone battery.
Solution: Packet inspection engine designed specifically for wireless network architecture and protocols, by several security entities like Alcatel-Lucent and Bell’s Lab to name a few.
Social Engineering Intrusions
There has been a growing influx of mobile security threats from attackers who use techniques to trick users into providing sensitive information such as SSNs, credit card numbers, user names, passwords and more. And this threat perception has grown as more and more users utilize their Smartphones as payment devices.
Solution: Be alert and do not trust anyone seeking confidential information. It is better to be wary first than sorry later.
With mobile frauds on the rise, operators are assuring users that effective technical safeguards are installed and these, combined with customer awareness, are sufficient protection.
Solution: Adopt technical and process deterrents to safeguard customer accounts, which can be done either by refuting or blocking attempts to hijack the account or to open a new ‘clone’ account in your name.
Mobile theft is becoming a problem for people around the world (many indicate the increasing resale value of Smartphones in emerging markets responsible). Many theories also point toward the rise of financial transactions being executed and sensitive data shared through mobile phones as the reason for such thefts.
Solution: Ensure to logout after each transactions and preferably refrain from storing sensitive data in your mobile device.
The emerging dynamics of the mobile industry, besides making our life simpler and the world a small place, has created a fragmented mobile ecosystem, leading to concerns in mobile security. It is important that possible corrections be made and deterrents put in place to nullify the threats.
Todd Riddle is an iPhone application developer associated with a custom mobile application development company. He is passionate about leveraging technology to meet bottom-line results. In his spare time, he regularly writes on various topics related to mobile app development.