Knowing mobile device threats

On:
In: Dinesh Regmi

Knowing mobile device threats

Though IMEI can help in disabling the stolen device and recovering it, but the harm provided by hackers to the phone and data cannot be prevented. Therefore, it is important to know the risks or threats related to mobile phones.

Security Risks of Mobile Device

After doing a lot of harm to computers, attackers are now moving towards the mobile devices to gather the data they want and harm the users. Devices with poor protection setting are easily available, the hackers find easy targets to satiate their hunger for cybercrimes and earn money by illegal means. Some of the common threats that can put mobile security at risk are:

Eavesdropping: Eavesdropping is a real-time intervention in the personal conversation of others over an electronic medium. The attackers can intercept the communication on phone, video calls or instant messaging using IP based calls and other technological tools.

Unauthorized access: It is very common practice that people save their personal information and login details on their phones for easy access. This makes it very easy for the hackers to get the crucial information of user by gaining access to their mobiles. By accessing a single device, the hacker can fetch the information of multiple accounts.

Theft and loss: Mobile devices are loaded with a lot of personal information like pictures, emails, social media accounts, banking apps, telephone contacts, important files and sometimes even login details of accounts. By merely losing a device, the user can lose all the data and becomes susceptible to online threat.

 

Unmanaged applications: It is advisable to keep the applications on the phone updated and managed. Failing this, user can invite hackers to intrude in their systems and get access to data.

Absence of mobile firewall: Due to non-availability of firewall on mobile devices, they are open to hackers via untrusted communication ports. In return, this puts mobile and sensitive information on high risk.

 

 

Mobile Malware

One of the biggest threats to smart phones; mobile malware is a malicious software that collapses the system by targeting wireless-enabled PDAs (Personal Digital Assistants) and mobile phones. They also lead to leakage or loss of private information. Because of the excessive and common use of PDAs and wireless phones, it has become very difficult to safeguard them from risks such as virus, malware and electronic attacks.

Mobile malware is intended to exploit the mobile operating system’s vulnerabilities. It collects confidential information and user data. It is specifically designed to deactivate a mobile device and remotely control it by allowing a malicious user to enter it to snip private data from the device. With the increasing competition and trends, high-profile mobile malware is increasing in strength and number. Targeted attack is one such attack, wherein the attacker makes all possible attempts to break the security measures of any particular company or person.

Android is the most widely used operating systems these days and this makes Android mobile operating system more vulnerable to malware attack, rather than iOS and Windows OS. Root malware is another common malware attack, inhere the attacker gains administrative rights and digs into the data of victim’s phone without their permission. Therefore, it is advisable to keep the mobile operating system updated to the latest version, which will minimize the risk of mobile malware attacks.

Vulnerabilities of Mobile Applications

The discussion regarding the security of mobile often ends up including the Smartphone, operating system and privacy settings. However, if the problem is analyzed logically, it is actually the mobile application which is the major source of attacks. No matter how good the app performs and how user friendly are its features and functionality; the application would be of no use if it cannot secure the crucial mobile data. Below is the list of some of the common vulnerability of mobile applications:

Insecure data storage: If the data is not stored in secure manner, the user can put the information at risk. Apart from synced cloud data storage apps, there are several mobile applications that promises data storage feature with data hiding function. This may entice cybercriminals to access the sensitive data by developing similar apps and malware. Users must avoid the myths that the data itself is protected on their mobile devices.

 

Insecure data storage: If the data is not stored in secure manner, the user can put the information at risk. Apart from synced cloud data storage apps, there are several mobile applications that promises data storage feature with data hiding function. This may entice cybercriminals to access the sensitive data by developing similar apps and malware. Users must avoid the myths that the data itself is protected on their mobile devices.

Improper transport layer protection: Whenever the users search for any information on the Internet, it interacts with the remote server that receives the device request, looks for the requested information and sends it to the client. During this exchange between server and mobile device, the transmission must be protected. Avoiding this practice can open the doors for hackers to fetch data from insecure communication.

Poor authorisation and authentication: If authorization is not handled properly, even a good authentication mechanism can cause issues. Mobile users must make it a practice not to access the data that is not meant for them. Mobile apps only trust the client side authorization, which can come out as a drawback. Gullible mobile users may trust any server request or skip the authorization process for quick execution of the app. This could make the mobile device prone to attacks. Such risk can be minimized if the server side authorization are properly analyzed and checked.

Broken cryptography: Considering that the system is protected if the cryptography is in Place is a misunderstanding. Hackers remain active in solving and breaking even the strongest of cryptography techniques. Predictable keys, short protection Codes, cryptography type and weak ciphers are some of the failures. Incorporating the latest secure encryption technique that is not yet solved can prevent the mobile device from hacking.

Threats Associated with Bluetooth Devices

Not just the installed mobile applications, but also the installed software can cause security issues on a smart phone. Bluetooth is a perfect example to explain this case. Bluetooth is a Wireless Local Area Network (WEAN) that allows exchange of data over a short or limited area from mobile devices. It can be used to connect mobiles, printers and laptops on a local area network.

Bluetooth connections are susceptible to the following types of attacks and threats:

Bluesnarfing: The unauthorized access of data through an open and insecure Bluetooth connection by a wireless device is referred as Bluesnarfing. Keeping the phone in Bluetooth discoverable mode can make the device vulnerable to this attack.

Man-in-the-middle attack: When a perpetrator attempting unauthorized access secretly joins the authorized Bluetooth communication of two parties; such attacks are known as Man-In-The-Middle (MITM) attacks. The attacker can alter, modify, relay or steal the data exchanged between the parties.

Backdoor hacking: When an untrusted device gains access to another mobile device via Bluetooth to collect the data of the latter, this practice is known as backdoor hacking. Pairing an untrustworthy device through Bluetooth connection can invite this attack.

Please follow and like us:
fb-share-icon
Tweet
fb-share-icon

Leave a Reply

Your email address will not be published. Required fields are marked *