Which Mobile security threats are out there?
Targets for attackers
Cell phones and tablets have never been more attractive target for criminals, as they are now. The main three targets for attackers are:
- Data: smartphones usually contain sensitive data like personal photographs, credit card numbers, passwords, authentication information, activity logs (dialled numbers, received messages).
- Identity: mobile phone can easily be associated with real person.Their contents are valuable. It has become an increasingly popular to steal people's identities to commit crimes.
- Availability: bearing in mind that a lot people depend on their phones, by attacking a smartphone it is possible to disrupt someone's daily activities and business life.
It is important to remember that in order to lock your smartphone a unique, four digit PIN needs to be set. Many devices nowadays include a biometric reader to scan a fingerprint for reliable access. However, research shows that consumers seldom employ these safety mechanisms. Moreover, if users do use a password or PIN they often choose easy passwords and PINs, such as 1234 or 0000.
Consumers hardly ever use two-factor authentication when conducting sensitive transactions on mobile devices. Many studies show that people generally use static passwords instead of two-factor authentication when using their smartphones for online sensitive transactions. Sadly, such actions have security drawbacks: passwords can be guessed, forgotten, written down and stolen.Two-factor authentication requires the use of two reliable authentication factors:
- Something the person knows, e.g. a password or a PIN
- Something the person owns, e.g. a mobile phone
User to blame
Among others, Android seems to have attracted a lot of attention from malicious code writers due to it's popularity. However, other platforms are also potentially at risk. Consumers download malware unknowingly when looking for games, utilities, or other useful applications. Mobile malware is similar to a virus on a PC. For example, it can bog down your phone's processing speeds, check email and instant messaging history and send out emails to all contacts, sometimes delete important files and calendar entries, and cause system crashes.
Most mobile devices do not have pre-installed security software when purchased. To protect against malicious applications it needs to be installed by the user. Even though such software may slow operations and affect battery life, without it, the risk to get under attack is always high.
Another common problem is that operating systems may be out-of-date. Quite often security patches are not pre-installed on new devices on time. It can sometimes last for months before security updates are provided by manufacturer. It is generally a complex process and depending on the nature of the vulnerability may involve many parties for a fix to be released.
A lot of times mobile phones that are older than couple of years may never receive security updates as they are out of support by manufacturer. For some models it may be just 12 to 18 months until no further updates are available. These devices may face increased risk as newly discovered vulnerabilities would never get fixed.
It is uncommon for mobile devices to have firewalls to limit connections. Whenever a mobile device is connected to the network, different ports are used to communicate with other devices and the Internet. The purpose of firewall is to acts as a protection layer between the mobile device and the network. If a port is not secured, a hacker may access device through an unsecured port.
It has become increasingly popular to install unauthorized modifications. The process of removing limitations in order to be able to add features is called "jailbreaking" or "rooting". There are different reasons why someone would jailbreak or root their smartphone. One of the reasons is to bypass digital rights management restrictions which is limiting users from spreading copyrighted media. Other reasons may include desire to gain direct access to the file system, user interfaces or network capabilities. A rooted or jailbroken smartphone is vulnerable to malware and viruses and its operating system is easier to be compromised. It should come as no surprise that most device manufacturers cancel their warranty if a user jailbreaks his phone.
Interested in mobile security?
- Most common attacks on mobile phones
Cybercrime is worth big money. So as people move away from using PCs and toward smartphones and tablets as their primary computing devices, digital crooks have taken note.
- Smartphone security
We trust our smartphones with our most precious information – personal pictures, text messages, and emails. But are they really worth our trust?