Is your smartphone safe?

Michael Cooney of Network World once said, “When it comes to security, most mobile devices are a target waiting to be attacked."

That’s pretty much the conclusion of a report to Congress on the status of the security of mobile devices this week by watchdogs at the Government Accountability Office. Combine the lack of security with the fact that mobile devices are being targeted by cybercriminals. For example, the number of variants of malicious software aimed at mobile devices has "reportedly risen from about 14,000 to 40,000 or about 185% in less than a year, the GAO stated”

"Mobile devices face an array of threats that take advantage of numerous vulnerabilities commonly found in such devices. These vulnerabilities can be the result of inadequate technical controls, but they can also result from the poor security practices of consumers," the GAO stated. "Private [companies] and relevant federal agencies have taken steps to improve the security of mobile devices, including making certain controls available for consumers to use if they wish and promulgating information about recommended mobile security practices. However, security controls are not always consistently implemented on mobile devices, and it is unclear whether consumers are aware of the importance of enabling security controls on their devices and adopting recommended practices."

Like Viruses and spyware that can infect your PC, laptop, there are a variety of security threats that can affect mobile devices. We divide these mobile threats into several categories

Application-based threats.

• Downloadable applications can present many types of security issues for mobiles.
• “Malicious apps” may look fine on a download site, but they are specially designed to commit fraud.
• Even some legitimate software is exploited for fraudulent purposes.

?Application based threats fall into these categories:         

• Web based threats: Mobile devices are constantly connected to the internet and frequently used to access web-based devices and so web-based threats occur.
• Network based threats: Mobile devices typically use cellular networks as well as local wireless networks (WiFi, Bluetooth). Both of these types of networks can host different classes of threats:
• Network Exploits: This takes advantage of flaws in mobile operating system or other software that operates on local or cellular networks. Once connected, they can install malware on your phone without your knowledge.
• WiFi sniffing: This technique intercepts data as it is traveling through the air between the device and the WiFi access point.
• Many applications and web pages do not use proper security measures, sending unencrypted data across the network that can be easily read by someone who is grabbing data as it travels.

Physical threats:

• Mobile devices are small, valuable and we carry them everywhere with us, so their physical security is also an important consideration.
• Lost or Stolen Devices are one of the most prevalent mobile threats.
• The mobile device is valuable not only because the hardware itself can be re-sold on the black market, but more importantly because of the sensitive personal and organization information it may contain.

How do we fight back to keep our mobile devices secure? We can,

• Enable user authentication.
• Verify the authenticity of downloaded applications.
• Enable two-factor authentication for sensitive transactions.
• Install anti-malware capability.
• Install a firewall.
• Install security updates.
• Remotely disable lost or stolen devices.
• Enable encryption for data stored on device or memory card
• Enable whitelisting
• Establish a mobile device security policy
• Provide mobile device security training
• Establish a deployment plan.
• Perform risk assessments.
• Perform configuration control and management.

Image source