Security Risk Associated with Mobile Devices
Security Risk Associated with Mobile Devices
The term mobile devices are not limited to cellphones; they include iPads, iPods, Laptops, PDAs and e-Readers. These devices act as a lifeline to the outdoor world, and are frequently used for navigating, social networking, shopping, banking and business purposes. What is often forgotten about these devices is that they are gateways to hackers. “Mobile devices can be used by a hacker as an access point into many other aspects of your digital life as well the lives of others in your network, making mobile security about more than just protecting your phone,” (Certic, 2013). Mobile Technology became widely accepted by most of the world in the early 1980’s and since then, the evolution of technology has shown substantial growth. “Worldwide smartphone sales reached 144.4 million units in the first quarter, a 45% increase year over year, research firm Gartner reported.
Tablet shipments jumped 120%, to 17.4 million units worldwide, according to a report from research company IDC,” (Drew, 2012). In 2013, over 80% of the world’s population uses a mobile phone and to date there are more than 6 billion mobile devices in the world. Concerns regarding cancer in relation to frequent use and security risks associated with the ability to protect the user’s information are controversial. Today, many people carry mobile phones and portable computers that are substantially much faster than one’s average desktop computer and have the ability to carry much of the same information.
These devices have afforded us to remain in touch with colleagues and various people we encounter daily and provide us the opportunity to telework from our homes, thus remaining connected to the internet. With the advancement of technology, we now have the ability to connect and communicate with anyone, anywhere in world. Most mobile devices contain sensitive and highly classified information for some of the most important people and organizations in the world. And with the unlimited variations of information these devices can contain, the ability to protect this information is of high importance, but is also a challenging task.
There are several companies world-wide, where many of their employees carry some form of a mobile device. Many companies provide their employees with a blackberry, while others use a system referred to as Bring Your Own Device (BYOD). BYOD is a system designed to allow employees to use their personal device while remaining connected through the internet. The invasion of computing devices, from laptops to smartphones and tablets, into the workplace bring convenience and increased productivity to employees.
However, this BYOD trend also provides a range of security risks and challenges in terms of securing corporate networks and data, mobile device management, and having security policies. Research shows that majority of businesses are exposing sensitive corporate data to cyber criminals by failing to educate and implement effective BYOD policies. Companies failing to educate their employees on BYOD are jeopardizing their confidential data, exposing it to theft, corruption, hackers, malware and much more. “One of the biggest BYOD risks involves employees or executives downloading personally identifying or confidential client information to their personal smartphones or tablets,” (Drew, 2012). While BYOD offers benefits to companies as well as employees, there are many associated risks. “With the growing number of mobile phone users, the problem of information security becomes rather significant” (Igor, Dmitry, Andrey, Dmitry, Anastasia, Alexander, 2013). The lack of security mechanisms for mobile devices has made its users vulnerable to cyber thieves and hackers.
Fundamental gaps must be closed in order to protect the security of these mobile devices. There are several unique ways hackers or cyber thieves look to obtain information. Hackers often send fake short messaging service (SMS) text messages; this type of attack has become very popular. It occurs when a person receives a text or picture message from another mobile number requiring them to click a link within a time frame to receive monetary value or a free offer. This type technique has been used by hackers to persuade the individual into clicking the link and view the file. Once that takes place, the hacker now has the ability to access private information.
Phishing is another way cyber thieves attempt to gain your information. “Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication,” (Igor, Dmitry, Andrey, Dmitry, Anastasia, Alexander, 2013). This security risk is often attempted by either email or instant message. User’s receives an email or text message of fake urgency that attempts to persuade the user to click a link and direct them to a spoofed website very similar to a trustworthy business.
Once that page is viewed the user’s phone can become immediately infected, and other links on the page are often embedded with malware. Additionally, once the user insert their username and password, it is sent directly to the hacker providing them the information needed to gain access to personal accounts, i.e. bank accounts, email accounts, social networks accounts, household accounts, etc. For devices such as iPhones and iPads, a major threat to those devices would be Malicious Mobile Applications. This type of hacking can be rather difficult; it requires the user to download an application one that could possibly contain a malicious code embedded within it. Once that application is downloaded the device has been infected. This would give the hacker the ability to control you device without your knowledge, and the device becomes part of a botnet (network of computers controlled by a hacker).
They hacker is now able to make phone calls, send and receive text messages, access pictures, control your microphone or even turn on your camera. Further any attempts you make to regain control of your computer can be watched and diverted by the hacker. Another type of attack is data interception or spoofing. This type of attack occurs when a hacker makes his or her computer appear as a free access point. It shows fake number to make it appear as if it is coming from a legitimate source. Most users who travel with mobile devices usually connect free when they are at places like the airport, Starbucks or hotels. A common form of spoofing is called SSL Man-in-the-Middle attack (MITM). “An SSL Man-in-the-Middle works by sitting between that user and the banking or other secure website. In this attack, the hacker, not the trusted website, provides the end-user with the SSL (Secure Sockets Layer) certiﬁcate to encrypt the data.
Having provided the certiﬁcate, the attacker can then utilize it to encrypt and decrypt the data (Friedman, Hoffman, 2008)”. In conclusion, the growing use of mobile devices has become popular in the world. Their use has become more and more meaningful to the busy individual. While some users are aware of the risk associated with their use, others are totally oblivious that the use of their device attracts hackers and cyber thieves. Statistics have shown that careless and unknowledgeable users are most dangerous than hackers. While most users would like to believe their mobile device is no riskier than a traditional telephone, radio, and a few amusing games it is far from the truth.
With there being several different ways that cyber-thieves attempt to steal information, it is everyone’s responsibility to ensure that their device is secure and is only used for its intended purpose. As technology continues to evolve, cyber thieves will continue to develop new ways to steal information and security will remain a risk associated with mobile devices.
Certic, S. (2013, February 18). The Future of Mobile Security. Computer Science – Cryptography and Security. Drew, J. (2012, August). Managing cyber Security Risk. Journal of Accountncy, 44-48. Friedman, J., & Hoffman, D. V. (2008). Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses. Information Knowledge Systems Management, 159-180. Orman, H. (2013). Did You Want Privacy With That. Personal Data Protection in Mobile Devices, 83-86. doi:10.1109/MIC.2013.48 Phneah, E. (2013, February 4). Five security risk of moving data in BYOD era. Retrieved from BYOD and the Comsumerization of IT: http://www.zdnet.com/five-security-risks-of-moving-data-in-byod-era-7000010665/ Shead, S. (2013, July 17). Most BYOD Businesses Exposing Data to Cyber Criminals. Retrieved from http://www.cio.com/article/736575/Most_BYOD_Businesses_Exposing_Data_to_Cyber_Criminals Sowmya, M. (2011, September 22).
Building Cstles in the Sky: Mobile Hacking and it’s Impact on CyberSecurity. Retrieved from Unisys: http://blogs.unisys.com/disruptiveittrends/2011/09/22/building-castles-in-the-sky-mobile-hacking-and-its-impact-on-cybersecurity/ Zhukov, I., Mikhaylov, D., Starikovskiy, A., Kuznetsov, D., Tolstaya, A., & Zuykov, A. (2013). Security Software Green Head for Mobile Devices Providing Comprehensive Protection from Malware and Illegal Activities of Cyber Criminals. International Journal of Computer Network and Information Securty, 5(5), 1-8.