Mobile Device Security
Mobile device security is the use of method and practices to secure the data and other information stored on the mobile devices, such as smartphones and tablets Securing the data is one of the major concerns of mobile technology due to heavy use of mobile devices. Common mobile security issues are data loss or mobile theft In these conditions, the users not only lose theft mobile phone, but also lose the vital data and sensitive information stored on it. Device data leakage to untrusted party is another issue that victim faces on losing his device.
Need of Mobile Device Security
Hackers are ready with every possible trick to get an access into the users’ mobile device. Hence the mobile device security is a must to protect the data from hackers. There is no shortage of people, who breach the security norms to exploit mobile users and earn profits. The recent introduction of mobile wallets has evoked hackers to increase the crime in the form of virtual pickpockets.
Though these devices are provided with protection standards like encryption and password security, the users must be aware of the security threats and ways to avoid them.
Mobile Operating System
An operating system especially designed for mobiles devices to allow them to run applications and programs is called a mobile Operating System (OS) when the power button on a mobile device is pressed, the mobile OS loads the necessary files to run the OS and shows the home screen filled with icons of different applications (or apps). Activities like managing phone calls, connecting with wireless networks, web browsing, exchanging text messages and executing other applications are managed by the mobile OS. Some of the Mobile Operating Systems that are used globally are:
iOS: Owned by Apple, iOS is a mobile operating system specially designed for Apple’s hardware. It is installed on devices, such as iPad, iPhone and iPod Touch and has a direct manipulation based user interface. It operates using multi-touch gestures to control elements such as buttons, sliders and switches.
Android: Owned by Google, Android is an open source operating system designed for touch screen mobile devices. The OS is based on the Linux kernel and allows developers to make programs as per their choice by accessing unlocked hardware. It operates using touch gestures to control actions like swiping, pinching, tapping and entering text using the virtual keyboard.
Windows Mobile: Owned by Microsoft, Windows Mobile is a mobile operating system designed for smartphones. Windows Mobile OS can be recognised by tiled set up and dubbed metro, through which tiles can be moved and interchanged using the metro. Users can browse the web using mobile-optimized version of Internet Explorer, known as Edge in Windows 10 Mobile.
IMEI (International Mobile Equipment Identity) is a unique number, which is used to identify mobile handsets (using UMTS, GSM and LTE networks) or devices which connect to a cellular network. IMEI is as important as the phone’s operating system and is printed on every phone inside the battery space. There is also a code that you can enter and display the IMEI number on the handset screen using USSD. This code varies from operator to operator.
IMEI number is also used to prevent the threat of mobile theft. GSM networks use the IMEI number to identify legal devices and can block the stolen phone from accessing the network. The victim whose phone is stolen can call his network provider and ask them to blacklist the phone by providing them the IMEI number to prevent the device from being misused.
Role of IMEI Number
An IMEI number (eg. 568438126755154) is useful for many events, such as:
- Mobile phone usage can be tracked by cell phone provider using IMEI number.
- Subscribers can be identified using IMEI number.
- Gadget type can be recognised using IMEI number.
- Remote device can be easily disabled using IMEI number if stolen.
Knowing mobile device threats
Though IMEI can help in disabling the stolen device and recovering it, but the harm provided by hackers to the phone and data cannot be prevented. Therefore, it is important to know the risks or threats related to mobile phones.
Security Risks of Mobile Device
After doing a lot of harm to computers, attackers are now moving towards the mobile devices to gather the data they want and harm the users. Devices with poor protection setting are easily available, the hackers find easy targets to satiate their hunger for cyber-crimes and earn money by illegal means. Some of the common threats that can put mobile security at risk are:
Eavesdropping: Eavesdropping is a real-time intervention in the personal conversation of others over an electronic medium. The attackers can intercept the communication on phone, video calls or instant messaging using IP based calls and other technological tools.
Unauthorized access: It is very common practice that people save their personal information and login details on their phones for easy access. This makes it very easy for the hackers to get the crucial information of user by gaining access to their mobiles. By accessing a single device, the hacker can fetch the information of multiple accounts.
Theft and loss: Mobile devices are loaded with a lot of personal information like pictures, emails, social media accounts, banking apps, telephone contacts, important files and sometimes even login details of accounts. By merely losing a device, the user can lose all the data and becomes susceptible to online threat.
Unmanaged applications: It is advisable to keep the applications on the phone updated and managed. Failing this, user can invite hackers to intrude in their systems and get access to data.
Absence of mobile firewall: Due to non-availability of firewall on mobile devices, they are open to hackers via untrusted communication ports. In return, this puts mobile and sensitive information on high risk.
One of the biggest threats to smart phones; mobile malware is a malicious software that collapses the system by targeting wireless-enabled PDAs (Personal Digital Assistants) and mobile phones. They also lead to leakage or loss of private information. Because of the excessive and common use of PDAs and wireless phones, it has become very difficult to safeguard them from risks such as virus, malware and electronic attacks.
Mobile malware is intended to exploit the mobile operating system’s vulnerabilities. It collects confidential information and user data. It is specifically designed to deactivate a mobile device and remotely control it by allowing a malicious user to enter it to snip private data from the device. With the increasing competition and trends, high-profile mobile malware is increasing in strength and number. Targeted attack is one such attack, wherein the attacker makes all possible attempts to break the security measures of any particular company or person.
Android is the most widely used operating systems these days and this makes Android mobile operating system more vulnerable to malware attack, rather than iOS and Windows OS. Root malware is another common malware attack, inhere the attacker gains administrative rights and digs into the data of victim’s phone without their permission. Therefore, it is advisable to keep the mobile operating system updated to the latest version, which will minimize the risk of mobile malware attacks.
Vulnerabilities of Mobile Applications
The discussion regarding the security of mobile often ends up including the Smartphone, operating system and privacy settings. However, if the problem is analyzed logically, it is actually the mobile application which is the major source of attacks. No matter how good the app performs and how user friendly are its features and functionality; the application would be of no use if it cannot secure the crucial mobile data. Below is the list of some of the common vulnerability of mobile applications:
Insecure data storage: If the data is not stored in secure manner, the user can put the information at risk. Apart from synced cloud data storage apps, there are several mobile applications that promises data storage feature with data hiding function. This may entice cyber criminals to access the sensitive data by developing similar apps and malware. Users must avoid the myths that the data itself is protected on their mobile devices.
Insecure data storage: If the data is not stored in secure manner, the user can put the information at risk. Apart from synced cloud data storage apps, there are several mobile applications that promises data storage feature with data hiding function. This may entice cybercriminals to access the sensitive data by developing similar apps and malware. Users must avoid the myths that the data itself is protected on their mobile devices.
Improper transport layer protection: Whenever the users search for any information on the Internet, it interacts with the remote server that receives the device request, looks for the requested information and sends it to the client. During this exchange between server and mobile device, the transmission must be protected. Avoiding this practice can open the doors for hackers to fetch data from insecure communication.
Poor authorisation and authentication: If authorization is not handled properly, even a good authentication mechanism can cause issues. Mobile users must make it a practice not to access the data that is not meant for them. Mobile apps only trust the client side authorization, which can come out as a drawback. Gullible mobile users may trust any server request or skip the authorization process for quick execution of the app. This could make the mobile device prone to attacks. Such risk can be minimized if the server side authorization are properly analyzed and checked.
Broken cryptography: Considering that the system is protected if the cryptography is in Place is a misunderstanding. Hackers remain active in solving and breaking even the strongest of cryptography techniques. Predictable keys, short protection Codes, cryptography type and weak ciphers are some of the failures. Incorporating the latest secure encryption technique that is not yet solved can prevent the mobile device from hacking.
Threats Associated with Bluetooth Devices
Not just the installed mobile applications, but also the installed software can cause security issues on a smart phone. Bluetooth is a perfect example to explain this case. Bluetooth is a Wireless Local Area Network (WEAN) that allows exchange of data over a short or limited area from mobile devices. It can be used to connect mobiles, printers and laptops on a local area network.
Bluetooth connections are susceptible to the following types of attacks and threats:
Bluesnarfing: The unauthorized access of data through an open and insecure Bluetooth connection by a wireless device is referred as Bluesnarfing. Keeping the phone in Bluetooth discoverable mode can make the device vulnerable to this attack.
Man-in-the-middle attack: When a perpetrator attempting unauthorized access secretly joins the authorized Bluetooth communication of two parties; such attacks are known as Man-In-The-Middle (MITM) attacks. The attacker can alter, modify, relay or steal the data exchanged between the parties.
Backdoor hacking: When an untrusted device gains access to another mobile device via Bluetooth to collect the data of the latter, this practice is known as backdoor hacking. Pairing an untrustworthy device through Bluetooth connection can invite this attack.
Mobile Phone Antivirus
Antivirus which is used to detect, remove and prevent malicious software on mobile device. It is believed that keeping an antivirus installed on computers is must but mobile phones can work even without antivirus software. PCs can be prone to numerous attacks of malware and malicious application and can causes huge damages. On the other hand, mobile and Smartphone devices are based on new technology and Internet aware platforms, which can deal with modern threats. To conform the fact one can observe that Flash and Java runtime engines are not supported by mobile devices. Besides, applications are usually downloaded from app store and not from untrusted outside sources. Considering the relevance of above facts to be true, one more thing is equally correct that the frequent use of Smartphone for work as well as personal use has provided opportunities for cybercriminals to allow mobile malwares. The introduction of Gunpowder malware in early 2015 is an example to prove this fact. Therefore, it has become important to install an antivirus on mobile devices as well.
Some of the most popular antivirus applications for Android devices are:
- 360 Security
- Avast! Mobile Security
- ESET Mobile Security & Antivirus
- Avira Mobile Security
Some of the most popular antivirus application for iOS devices are:
- Lookout mobile security
- McAfee mobile security
- Avira mobile security
- Trend Micro mobile security
How to Secure Bluetooth Connectivity
Threats caused by Bluetooth attacks cannot be avoided even if the mobile device is secured using latest antivirus application. The best way to avoid Bluetooth attacks is being cautious and aware about the possible threats. To avoid attacks via Bluetooth, users must take the following precautions:
- Always use a security PIN to pair Bluetooth devices securely.
To minimize the chances of PIN cracking, try to pair devices in private location only.
- Regularly check for device updates and security patches on the vendor’s website.
- Never accept a pairing request or Bluetooth messages from unknown users. The attacker usually attaches an infected file along with the incoming file. If the user accepts and installs that file, they can infect the device with harmful code and put mobile data at risk.
How to Secure Wi-Fi Connectivity
The introduction of Wi-Fi networks has made it possible to connect computers, laptops, tablets, mobile phones and other wireless devices to the Internet without the use of cables. Though wireless connectivity has made the Internet access simpler, it also has some drawbacks.
Today, most routers provide web-based configuration. You can only access your router’s web interface if you’re on the same local network as the router. To access your router’s web interface, you need your router’s local IP address. Once you have the IP address, type it into your browser’s address bar and press Enter. Now, login with your username and password. If you’ve not changed the default credentials, check your router’s manual. Once you’ve logged in, you can browse your router’s administration pages and configure its settings.
Reason to Encrypt Smartphone
Smartphone are like basic need these days and it would not be wrong to say they are mini portable computers. Like the protection of Wi-Fi network, the security of Smartphone is also necessary. Almost every crucial and personal information is stored on mobile phones, therefore it is important to protect them with password, and other security tricks.
Most users ignore such security measures for taster and easy access of mobile data but this could be easier for hacker as well. Encrypted mobile contain can surely add an extra layer of protection. Setting a passcode is the easiest way of protecting a mobile device and its data. Android can be secured using android encryption, which asks for a password are security pattern every time the phone is to be unlocked.
Mobile Device Theft
Started as a mere device to make phone calls, mobile phones are now evolved as portable computers. This portability feature has also made Smartphone and mobile devices the most attractive target of theft.
To keep your mobile and its data safe and protect it from theft, follow these suggestions and precautions:
Stay Alert: It is important to stay active and check the surrounding if there is any threat of theft there. Take extra caution and keep checking whether the device is in place. As the user, remains alert for his/her wallet, be aware for protection of Smartphone as well. Before leaving a public place, always check for your phone.
Back up the data: Make it a practice to take a backup of data at regular intervals. By storing a copy of your mobile data on personal computers, cloud system or USB devices, users can get the data in case the phone is being stolen.
Encrypt the device: Keep the mobile phone password protected and enable encryption to avoid unauthorised access in case of device theft.
Insure the device: By insuring the device with a third-party vendor or wireless Internet service provider, users can be sure of replacement if the device is stolen.
What to do in case of mobile theft?
Take following measures to control damage if the mobile device is stolen.
- Avoid the fraudulent use of mobile device by contacting service provider to block the SIM card.
- Report to the nearest police station about the theft with details like description and IMEI number of the mobile phone.
Securing iPhone and ipad Devices
The use of mobile phones and their benefit have put this device at the risk of being stolen. If not handled properly or if the user are careless about their belongings, the mobile device can be stolen anytime. The thief may use the mobile data for some wrong purpose, so it is always better to secure it. The iOS device come with many security features that one can sat to safeguard them.
The interface of IOS devices keep changing, although the general features would be quite similar. Keep reading to know the major features that once can configure to protect Apple devices.
Mobile Security Tools
Today, mobile devices (such as Smart phones and tablets) are much more powerful than their earlier versions. Some Smartphone’s have more RAM (up to 16GB) than most laptops available today, allowing people to use them for performing multiple tasks. In addition, more and more people are storing valuable personal information on their mobile devices, making these devices rewarding targets for cyber criminals. Some common mobile threats are malware, spyware, malicious websites, and email and text message phishing.
Given the importance of today’s mobile devices, security of these small devices is the utmost priority for everyone. Fortunately, protecting your mobile devices from security risks is about maintaining good habits and finding a good mobile security tool. For mobile devices, a mobile security tool is the most essential security component. There are a variety of mobile security tools available in the market. They come with extra features such as antitheft, parental monitoring, lost device protection, intruder alert, remote memory wipe, etc.
Some popular security tools are:
Lookout Mobile Security: It is a free app that protect mobile devices (Android and 105) from threats like malicious apps, unsecure Wi-Fi networks and fraudulent links. The app can also be upgraded to premium version that prevents the device using additional features like malicious website blocker, phishing, privacy advisor, device-to-device data transfer, photo and call history backup, remote locking and wiping and other support services. Lookout Mobile Security can also be used to take contacts back up, restore data on mobile crash and locate the device even when GPD is off.
Snap Secure Mobile Security: It protects mobile data by automatically taking a backup of user data and storing in in their accounts on cloud. The user can anytime access, restore and transfer the data to a new device whenever necessary. It also checks for malware on newly installed apps through its antivirus and antispyware protection feature. User has the facility to check the usage of their personal information via the Privacy Manager feature available in this app (which also has location tracker and anti-theft feature). Moreover, this tool also has the Personal Guardian feature that sends SMS, email or tweet with location details in case of an emergency.
These are free to download security tools with limited features. For added security, users can purchase security apps like Mobilelron and Airwatch, which have more security features compared to the free apps.
Everyone has a mobile device these days. They use these mobile devices for online shopping, paying bills, storing personal information, managing finances and more, thanks to the increasing speed, power and storage capacity of these devices. The increasing use of mobile devices has made them vulnerable to several threats such as Ransomware, online banking fraud and Remote Access Tools (RATs) by cybercriminals. Although these threats are not so common as in the case of PCs and Macs, there is still a significant number of such threats (viruses and malware)—mainly on the Android platform because of its wider reach. A study from 2013 showed that 97% of viruses and malware were on Android phones. There are limited ways to get a virus on your mobile device; for example, installing third-party apps from an unknown source. Hence, it is advisable to download apps from known marketplaces like Google Play or Amazon Marketplace for Android devices and Apple App Store for iOS devices.
A mobile antivirus is a software especially designed for mobile devices such as Smartphone and tablets. You can protect your device against virus and malware that cause popups and unwanted ads by using a trusted antivirus. Mobile antivirus also helps you protect your device against phishing attacks, spyware and adware.
Some mobile antivirus scan apps when they’re being downloaded. This helps prevent malware from infecting your mobile devices. Most mobile antivirus have additional features built in such as password backups, phone theft prevention, photo vault, junk cleaner, WiFi scanner, call blocker and firewall.
There are several factors impacting mobile security:
- Insecure web browser
- Insecure Wi-Fi connectivity
- Lost or stolen mobile device
- Corrupt application downloaded to the mobile device
- Lack of security patches from service providers.
Best secure practices:
- Install security software (antivirus and anti-malware) on your mobile device
- Update the operating system and app regularly (whenever available)
- Install a phone finder app
- Use a backup program
- Set device to wipe contents after specified number of failed login attempts