Due had discovered a rise in malware

Due
to technology, mobile devices are not just a means of voice communication
anymore, it has evolved into a complete computing platform, primarily because
of an increase in both its storage and processing capabilities. The emergence
of mobile platforms such as iOS and Android have also had an effect 1. With
internet speeds comparable to that of a PC, the amount of users accessing the
web through their phones has surpassed desktop access. Thus mobile phones are
the primary choice when it comes to accessing information such as emails,
social media, banking and other financial services 2.

There
are a lot of security and privacy risks involved with mobile phones. Modern
smartphones know a lot about its current owner. It is able to know the users
current and past location, photographs, private text messages and banking
credentials. Due to the fact that the phones are always connected to the
internet, it is highly susceptible to hacking and malware exploits 3. It is
reported that “at least 80% of mobile apps have security and privacy issues” 4,
which suggests that the mobile environment has a whole is far from secure and data
privacy and security presents severe worries for users. MacAfee 5 in 2011,
said they had discovered a rise in malware attacks on mobile devices and the
total malware number had gone past 70 million.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

As
mentioned previously, modern smartphones have the same processing power as a
desktop unit, nonetheless device manufacturers as well as users have failed to
realize that mobile devices warrant the same level of protection against
malware and hackers as desktop computers. Since modern mobile platforms such as
Android, Firefox and Ubuntu are based on Unix-like operating systems, it
incorporates a lot of security measures such as code signing and hardware
isolation. However, they aren’t still on the same level as desktop computers
possess superior features like firewalls or application control.

The
need for security on mobile phone becomes crucial for the following reasons:

1.       Processing and Storing Sensitive
information: As mentioned earlier, mobile devices nowadays are used for
accessing a wide range of services. Personal activities such as banking and
shopping to Corporate activities like email, enterprise resource planning and
customer relationship management. The fact is that this involves lot of
storing, processing and transmission of highly sensitive data such as login and
banking credentials, which makes it a prime target for hackers.

2.      
Non-transparent
Use of Mobile Devices: Due to the ever growing adoption of smartphones, a
policy named bring-your-own-device (BYOD) was established. It is when an
employee takes and uses his/her personal devices such as mobile device and a
laptop to the workplace 5. This comes with its own fair share of problems
with the main one being privacy. Using ones one device leads to company
information being stored on personal devices, which makes it hard to enforce
restrictions and policies on the phones. A mobile phone is easier to compromise
by an attacker than a company issued devices.

3.       New Technology: As time advances,
new and better technologies are developed. Technologies such as Near Field
Communication (NFC) which makes contactless payments possible and Quick
Response (QR) codes which store data. This opens up new forms of attack such as
eavesdropping. Data corruption and manipulation which are typical security
issues involves when dealing with NFC. QR codes can also be used for enabling
phishing attacks and can also link users to malicious websites which have
worms, viruses and Trojans.

In
comparison with a PC environment, attacks can also have the same devastating
effect on a mobile phone, which can threaten the functionality of the device as
well as applications that hold confidential information. Because of the
portability of mobile phones this brings in more security threats. Each year an
enormous amount of phones are either lost or stolen, the stolen or lost phone
might cost a few hundred dollars, but the personal and corporate information
stored on it is much more valuable. Figure.1 below displays some of the threats
involved in a mobile environment. Some of these are somewhat similar to those
predominant in desktop environment, while the rest are more prevalent in a
mobile environment.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Figure.1. Threats in a Mobile
Environment.

Applications
on a mobile phone can either be native or mobile web. Mobile web security
issues are similar to those of typical web applications due to identical
backbone technology. Native applications take some features such as the
vulnerabilities from web applications which brings in more security risks.  The mobile web is the third most used
platform only behind Android and iOS 7, making use of web development
languages such as JavaScript, XHTML and CSS. Because of similarities to web
applications, they are vulnerable to the same threats and attacks like
cross-site scripting (XSS), SQL injection, HTTP redirects and nonSSL
login.  Native applications is an
application program primarily developed for a use on a particular device or
platform. The fact that it is developed for a particular platform has its
benefits. It is able to take advantage of the operating system features.
Operating systems on mobile applications like iOS and Android offer
device-level encryption. Almost all mobile operating systems offer API’s for
encryption which can be used in the application as well as access permission
for resources. The problem then lies with the application developer who has to
add all of these security features. If sufficient security features are not put
into place, the mobile device is vulnerable to the following risks:

1.       Insecure Storage of Data: This
happens when highly sensitive data is stored on a mobile device or cloud data
in not well protected. This is the due to improper or no encryption of data
stored either on the phone or the cloud.

2.      
Client-side
Injection: Other than the usual injection attacks like HTML injection, SQL
injection and XSS, mobile apps have seen a rise in new attacks such as SMS
attack, which can spread malware and war dialling which can identify phone
numbers that are able to make a successful connection with a modem so as to
gain remote access.

3.       Disclosure of Sensitive
Information: When a sensitive information such as login credentials, access
tokens are hardcoded into the app, this makes it easy for an attacker to gain
this information by simply reverse engineering the code. When the attacker
gains this information, it is only a matter of time, before the sensitive
information is accessed.

Based
on how important the application is, suitable security controls should be put
in place in case any of the threats as shown in figure.1 should ever arise.
These are described as follows:

1.       Multifactor Authentication Schemes:
These are able to address any of the inadequacies that are based on conventional
authentication schemes such as passwords and personal identification number
that can easily obtained by an attacker by brute-force and dictionary attacks,
as well as guessing. An additional layer of security such as one-time passwords
can be added in addition with the user’s credentials, thus strengthening
security.

2.      
Digital
Signature: A Public Key Infrastructure (PKI) can be used to verify authenticity
and integrity. iOS is able to provide support for the management of digital
certificates, which help in providing API’s so as to verify the digital
signature.

3.       Data encryption: This is the most
important requirement for sensitive data both on the device and on the go. This
can be done through SSL/TSL encryption mechanisms. iOS and androids are able to
provide device- and file- level encryption.

Mobile
devices are going to continue to be targeted by attackers, with 224.3 8
million Americans making use of smartphones and e-commerce on mobile devices
becoming more common, these attacks are only going to increase. However, if
these mobile devices are securely managed and potent security features are
incorporated, then the users will be well protected from any potential attack.