Mobile device security: A new frontier for hackers

Stateless Computing

By G C Network | August 15, 2008

A few days ago I read a review of Merrill Lynch’s Jeffrey Birnbaum LinuxWorld keynote on stateless computing. “With stateless computing, users’ settings and data are automatically saved to the…

Cloud Services

By G C Network | August 14, 2008

38% of 456 business technology professionals in a Information Week survey indicated that they currently use or will consider using services from a cloud provider. This seems much betterthan the…

Amazon, Elastra and the New Enterprise Data Center

By G C Network | August 13, 2008

Last week Amazon made an investment into Elastra. Some see this as Amazon’s enterprise play. Others see it as move towards the viability of private clouds. I see it as…

Microsoft Midori

By G C Network | August 12, 2008

Last week word got out that Microsoft’s new research project codenamed Midori. According to Information Week “the Midori system is being called Microsoft’s first cloud-based OS, and it could one…

Dell Trademarking Cloud Computing

By G C Network | August 11, 2008

There has been quite a bit of chatter lately over Dell’s attempt to patent “cloud computing”. Last week, the US Patent and Trade Office put an end to those aspirations…

Rob Enderle Cautions on Cloud Computing

By G C Network | August 8, 2008

Words of caution from Rob Enderle in “The Real Truth and Technology and IT”: “The key to success in the cloud will be keeping solutions simple, plus understanding and mitigating…

3 Important Point for Federal Government Cloud Computing

By G C Network | August 7, 2008

Point 1: In May, Verizon and AT&T were awarded a DHS task order for just under $1B to provide telecommunications services to the department. Verizon won the lead provider’s spot…

A Cloud Methodology

By G C Network | August 7, 2008

Although this was published in June, I just saw it and felt it was to good not to repeat: A Methodology for Cloud Computing Architecture Peel off the applications individually,…

IBM Invests Nearly $400M on Cloud Computing Centers

By G C Network | August 6, 2008

In a press release last week, IBM says that it will spend $360 million to build its most sophisticated, state-of-the-art data center at its facility in Research Triangle Park (RTP),…

Cloud Computing and the NCOIC

By G C Network | August 5, 2008

According to their website, The Network Centric Operations Industry Consortium (NCOIC) has scheduled a session on cloud computing at their upcoming plenary session in September. In case you haven’t heard…

Recent security breaches have heightened our awareness of cybersecurity issues. The hack and other security breaches have resulted in unprecedented damages. However, the majority of mobile device users have yet to be sensitized to their personal and corporate security risks.
Staples
For example, a security study found that 69 percent of users store sensitive personal information on their mobile devices.  Examples include banking information, confidential work-related items and provocative videos and photos. In addition, 51 percent of mobile device consumers share usernames and passwords with family, friends and colleagues. This in spite of the fact that 80 percent of such devices are unprotected by security software. 
While mobile device security attacks are relatively small, they are the new frontier for hackers.  Listed below are highlights from several mobile device surveys:

  • The four top threats to mobile devices include: 1) lost and stolen phones; 2) insecure communications; 3) leveraging less-secure, third-party app stores; and 4) vulnerable development frameworks.
  • One in 10 U.S. smartphone owners are victims of phone theft.
  • Mobile malware attacks are increasing, with 2014 exhibiting a 75 percent increase in Android malware attacks on devices.
  • The use of mobile devices to access enterprise resources introduces significant security risks.

Cyberattackers are typically attempting to obtain access to sensitive or personal data, and then use it to access financial accounts. Some methodologies used include social engineering, distributing and executing malware, and accessing data through public Wi-Fi networks.
A recent survey found that phishing and scams for winning free stuff were the most popular SMS attacks. Unsolicited SMS messages attempted to trick users into providing detailed, sensitive information about their financial accounts at major banks. The mobile malware StealthGenie secretly monitors calls, texts and videos on mobile phones. Bitdefender has been able to break the secure communications between a Samsung watch and an Android device with ease, using brute force sniffing tools. (See “5 New Threats to Your Mobile Device Security” for more information.)
These are a sampling of the numerous cybercriminal methodologies for accessing user finances and data. Listed below are some user actions for reducing or minimizing a successful attack:

  • Always enable password or PIN protection on your device.
  • Run scans using a respected security and malware program on a regular basis (see the best antivirus software for Android devices).
  • Subscribe to managed mobile device services such as anti-malware and mobile device locator services; also lock the device and wipe all data in the event of device theft.
  • Encrypt mobile device data.
  • Install/run the latest versions of your device OS and all mobile apps.
  • Upgrade to the most recent firmware for your mobile device.
  • Do not access secure or highly sensitive information while using public Wi-Fi networks.
  • Avoid clicking on ads on your mobile devices.
  • Do not configure phones to allow the installation of apps from unknown sources, e.g., only download  from well-known and trusted app stores (although they are not foolproof).
  • Observe all corporate bring-your-own-device (BYOD) and related policies.

In addition, ISO lists some common sense advice regarding mobile devices, as included below:

  • Do not openly display a device — keep it in a pocket or handbag.
  • If possible, avoid using it in crowded areas.
  • Properly mark your phone with your ZIP code.
  • If the phone is lost or stolen, report it immediately to the police and to your service provider.
  • Be aware of your surroundings and the people near to you.
  • Do not leave it unattended – keep it with you at all times.
  • Make a note of your phone’s IMEI number.
  • Do not leave a device in view in an unattended vehicle.

( This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. To learn more about tech news and analysis visit Tech Page One. Dell sponsored this article, but the opinions are our own and don’t necessarily represent Dell’s positions or strategies.)

Bookmark and Share

Cloud Musings

( Thank you. If you enjoyed this article, get free updates by email or RSS – © Copyright Kevin L. Jackson 2012)

Follow me at https://Twitter.com/Kevin_Jackson
Posted in

G C Network