Guest Blog Post By: Ryan Fahey an Information Security Professional who is currently a security researcher at the Infosec Institute.
Mobile users be warned: the malicious malware attacks once focused exclusively on PCs have been redirected at mobile devices. From loopholes in operating systems, to poor mobile app coding, to an uptick in malware attacks, we’re seeing users fall prey to a variety of security issues. While the risks seem to be growing by the moment, here are the eight most common concerns right now:
1. Where did I leave my phone?: Lookout Labs estimated that a mobile phone was lost in the U.S. every 3.5 seconds in 2011 – and that nearly all who found lost devices tried to access the information on the phone. Now, I hope the “access” was an attempt to determine the owner, but who knows? Even temporarily misplacing a phone can put sensitive data at risk as you have no way of knowing who has the device and the person’s intent. Designing mobile device OS systems and applications with defenses against unauthorized users can go a long way to protecting individuals’ data.
2. Securing files at rest: Encrypting files on mobile devices is a must. After all, who wants sensitive corporate data to end up in the wrong hands? Without the proper encryption, not only are personal documents up for grabs, but also passwords to bank apps, credit card apps, and even business apps. By encrypting sensitive data, one ensures would-be thieves gain a whole lot of nothing.
3. Browsers beware: Mobile users love to browse the web on the go, but did you know this activity opens up phones to serious security risks? The problem is that users cannot see the full URL or link, much less verify whether the link or URL is safe. That means that users could easily browse their way into a phishing-related attack.
4. Update, update, update: People have a tendency to point fingers at mobile device vendors when it comes to security mishaps, but they aren’t always to blame. Updates and patches designed to fix issues in mobile devices are not quite as cut and dry as with PCs. O/S vendors for mobile devices often release updates and patches when users report bugs in the system, but carriers then tend to delay releases that may affect other applications.
5. Layered defenses: The sad truth is that even letting someone borrow one’s mobile device for a few minutes can pose a security risk when multifactor authentication is not implemented. Protecting devices against unauthorized access, not only protects mobile phone users but also companies offering extranet access to their network.
6. Coding that isn’t up to code: Sometimes developers make honest mistakes, inadvertently creating security vulnerabilities via poor coding efforts. Whether failing to implement encrypted channels for data transmission or proper password protection, ineffective development can lead to security weaknesses whether in PCs or mobile phones.
7. Bluetooth benefits: As easy as Bluetooth is to use, it can be just as easy for attackers to gain access to one’s phone and everything stored within. It’s fairly simple for a hacker to run a program to locate available Bluetooth connections and Bingo – they’re in. It’s important to remember to disable the Bluetooth functionality when not in use.
8. Malware on the rise: Malware in mobile devices is serious business and isn’t going away anytime soon, with 2013 projected to be far worse than 2012. Take the Android malware incident in January which impacted more than 600,000 phones, with the malware capable of upgrading itself to expand to other apps. Yet another reminder to the mobile world to only download apps from trusted sources.
For a more in-depth look at the risks outlined above and others that might impact your mobile users, check out the mobile forensics training course offered by the InfoSec Institute.