jump to navigation

Mobile Security December 2, 2013

Posted by 7832johnsob in Security.

In the articles 10 Best Practices for Mobile Device Security, 10 Mobile Security Best Practices, Mobile Security Software Review, the vulnerabilities of mobile devices in terms of ways to protect data on a mobile device are discussed. Some of the vulnerbilities of mobile devices were highlighted in the Mobile Security Software Review article as follows: “Not only can a virus disable functions on your phone, but other forms of malware may also send infected files to your contacts, send mass messages without your permission, make expensive calls resulting in unwarranted billing, and turn your mobile device into a recorder or even a camera, taking pictures wherever you go and displaying them online.”[3]. These vulnerabilities can be mitigated by using authentication, encryption and network security, and by being careful of what you click on in an email (to prevent phishing) and what you install on your device (to prevent malware).

From a business IT perspective, there are several measures a company can take in order to better control devices that connect to a company intranet using VPN. Some suggestions include “choosing devices carefully, turning on encryption, requiring authentication, utilizing remote wipe capabilities, setting up a lost phone hotline, controlling third party apps, setting unique firewall policies, using intrusion prevention software, utilizing antivirus software, and turning off Bluetooth when not in use” [1]. By implementing the aforementioned suggestions, IT can ensure that devices with operating system security flaws like ones that can allow buffer overflow attacks  will not be able to transfer malicious information to the company intranet. IT can also minimize the amount of data stolen due to lost or hacked devices by taking an extra step of protection through prevention and contigency plans.

Overall, the security issues faced with mobile devices are similar in nature to classic security problems on the PC. However, due to the sheer amount of devices that can connect and the accessibility to apps, networks, and emails makes the risk more likely if proper precautions are not taken. I personally think that one of the biggest risks of mobile devices is the loss of personal data. This usually happens if there is no authentication mechanism to enter the phone and if the user stays logged in to applications that don’t provide an auto timeout functionality. This makes is extremely easy for an intruder to take the device and perform actions under as the phone owner. Though constantly typing in a 4 digit pin or logging in and out of an application may be annoying when the phone is in constant use, I think it is important to do. One great workaround to manually logging in and out of mobile applications is the auto timeout used by many banking applications.

While it is easy to say “be careful about the applications you install on your mobile devices”, sometimes it is not so easy to detect an application with malicious intent until after it is installed and doing damage. For example, it is possible to install an application that only becomes malicious upon the nth time it is opened. What are some educated ways for users to identify malicious applications prior to installation? If some malicious applications are not identifiable, what is the best way to discover their malicious activities?



[1] E. Chickowski, “10 Best Practices for Mobile Device Security,” Baseline, 2009.
[2] E. Chickowski, “10 Mobile Security Best Practices,” Baseline, 2009.
[3] “Mobile Security Software Review,” TopTenReviews, 2013.






No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: