Demystifying Mobile Security
Demystifying Mobile Security
Mobile is the essential devices of the modern mobile world. We use Mobile to tackle seemingly limitless tasks such as texting, chatting, shopping online, and updating our social networking status, researching, emailing, creating documents, making phone calls, video conferencing, and banking. The list will only grow as smartphone capabilities continue to expand.
According to the studies conducted on smartphone users and usage, the mobile phone market which was approx. 4.08 billion users globally in 2012 grew by 6.2% in 2013 to 4.33 billion users. The mobile marketplace is supposed to raise by 5.1% to 4.55 billion users in 2014 and further by 4.7% to 4.77 billion users. The mobile phone users are likely to reach 6.0 billion globally by 2017.
In 2012 around 58.2% of the global population was using smart phones, this percentage grew to 61.1% in 2013 and is further expected to grow to 63.5% of the global population.
Mobile users are now accessing the internet from their mobile devices, whether it is through a Smartphone or their simple mobile devices. Mobile are attractive devices that can simplify many of our most essential and mundane tasks. Not only do they allow us to connect and interact with others in a simplified manner, but they also allow us to conduct many essential business tasks without the need for comparatively bulky laptops. Mobile devices also carry certain number of risks and threats.
Emerging Threats to Mobile Phones
1- Malware
2- Phishing
3- Virus/worms/others
The most commonly known threat is malware. Malware is used or created by attackers to disrupt many types of computer operations, collect sensitive user information, or gain access to a private mobile device or computer. It includes Trojan horses, worms, spyware, computer viruses, root kits, key loggers and other malicious program.
Because of the nature of Mobile as known as multi-purpose devices, the risk posed by viruses or malware can be visible in surprising ways. Study conducted on the Geinimi Trojan, a malware that is embedded in certain apps and games. For a user to contract this Trojan, all they need to do is download an infected application. After installing the app, the Trojan allows hackers to remotely control the device; these criminals can use Mobile to place phone calls, send and delete text messages, and even locate the device geographically using the phone’s maps application via the GPS (Global Positioning System) functionality that is embedded in the device. If the smartphone’s owner had been using the device to conduct mobile banking, then the hackers would even be able to access their banking account or to record their account information. Once the customer data has been identified or captured, then the hacker can send the data back to the “mother ship” via a number of mechanisms, including e-mail and/or text messages.
Phishing is a deceitful act of attempting to capture personally identified sensitive user information by trustworthy and/or legitimate source e-mail. These forms of attacks can exploit social engineering tactics. Phishing mail may contain links leading to websites that are infected with malware. Using this dependence, they then attempt to acquire sensitive user information such as account passwords, usernames, credit card data and sensitive corporate information. These attacks are quite appealing, typically involving spam e-mail or other communications circulated to many people. Be vigilant of unsolicited communications. It is always suggested to type the URL directly in the browser rather than copy and paste it.
We, as mobile device users, think that we cannot get infected by any kind of viruses on our mobile devices. But, the fact is, we are vulnerable to all types of threats. Some of the most common noteworthy Worms, mobile viruses and Trojans are:
• Skulls: Skull virus swaps all phone desktop icons with images of a skull and the device turn out to be unusable.
• ZitMo: ZitMo malware targets users for online banking information. Once this malware is installed, the corrupt software will forward all incoming SMS. Once hackers have this data, they will use this data to attack your banking accounts.
• DroidKungFu: DroidKungFu is an influential Trojan for Android applications that obtains manager/master privileges on your device. This Trojan horse collects and sends the data to a remote server.
• Zeus: A new Trojan horse that steals customer banking information. This malware is executed by a technique known as man-in-the-browser keystroke logging. Trojan is spread mainly through drive-by downloads and phishing schemes.
• SpyEye: SpyEye injects new fields into a web page. This practice is termed as HTML injection. It demands data from users trying to use their banking websites. Once hackers have this data, they can access your bank accounts.
• Gingermaster: Malware was fashioned for the Android platform mobile devices. This specific malware spreads by installing an application that holds an unseen set of code that runs in the background on the device.
Future threats
One of the key areas that have been established a lot of consideration is BYOD “Bringing your own device”. Looking at the future, we will foresee advanced malwares for mobile devices. Commonly, we presume to see few of the following:
• Malware that takes benefit of your location via Global Positioning System (GPS).
• Hackers will take data from your device and customize it for phishing and social engineering attacks. This is why it is so imperative for you to protect your personally identified information. It is easy for hackers to encroach upon your privacy and then use your data against you.
• We also forecast more applications that look to be genuine, but in reality it is a Greenfield for hackers to attack you.
• More use of Short Messaging Services to transport infected payloads of malware.
• We will also see superfluous malware that is customized to you
• As more mobile devices are infected, a superior number of corporate networks will be infected. This will be a gigantic issue for corporate managers.
Steps you can take to protect yourself
• Always use extra attention and install only approved applications available through your vendor’s authorized application store.
• Before using Wi-Fi hotspot functionality, including Mobile and portable hotspot devices, WPA2 Wi-Fi encryption security must be supported and configured with a strong password to thwart unauthorized access to the Wi-Fi network created by the device.
• Use a password/pin that is challenging for others to predict. There is an unconventional feature that you can use, well-known as two-factor authentication.
• Change your voicemail and phone password frequently.
• Don’t use sensitive personally identified information on public Wi-Fi.
• It is very vital for you to sign out of your applications when you are done with work.
• Check your Twitter/Facebook privacy settings.
• Lock down your security on your mobile device.
• Install OS updates and security fixes as soon as it is available for download to ensure your mobile device firmware is up to date.
Preventative measures – how to reduce the likelihood that your device will be hacked
iPhone
• Make sure you have a password enabled on your iPhone.
• Enable the Erase Data function. The Erase Data functionality adds another layer of security to your iPhone. This feature will erase all data after 10 failed passcode attempts. So, if a hacker steals your phone, it will remove all data after 10 unsuccessful attempted on the password. To enable this, you need toset Erase Data to ON in the Passcode Lock screen. • Find my iPhone – if you ever lose or misplace youriPhone or iPad, youcan use the Find My iPhone / Find My iPad feature. All you need to do is to download the application on your device and get it through iCloud (icloud.com).
• Encrypted Backup – the Encrypt Backup setting is found in iTunes.
Android
• Enable lock screens – you can find this under the Settings | Security settings
• Disable USB debugging – you will find this under the Settings | USB debugging section
• Enable full disk encryption – this is found in the Settings | Security section
• Be sure and only use official application stores Screen lock – make sure you have enabled a screen lock on your phone, thatway it will automatically lock the phone after it is idle for a few minutes
For any device
Make sure that you have the latest OS installed.
About The Author
Nitin Bhatnagar, Head- Business Development (EMEA) at SISA
