Mobile Security

Introduction

As the rate of mobile device adoption continues to spike and the sophistication of these devices advance, users are becoming more efficient at workplace but it also makes them more attractive to hackers, data thieves, malware distributors and other criminals. Unfortunately, many smartphone users do not recognize these security shortcomings. Consequences of an attack can be severe, to ensure that your digital life is well protected , it is very critical to secure your handheld devices. You might not realize but it holds data that are more important to you than your PC holds, including passwords, credit card data, and a large collection of personal details . The amount of valuable information that can be stolen from smartphones makes them a prime target for identity thieves and cyber criminals of all stripes.

  • Threats, Vulnerabilities and Risk

Most of the security vendors see  mobile malware continuing its growth in 2017, with Premium-rate SMS fraud, ransomware, banking Trojans, and remote access tools among the leading threats.  

Threat

  • Recommendations:

Following best practices are recommended  to protect handheld devices:

  • Set Authentication mechanisms: password, PIN, fingerprint
  • Set the phone to automatically lock after certain period of inactivity.
  • Run an antivirus from reputable vendor, keep it up to date(enable auto-update)  and  perform scan periodically.
  • Keep the OS, browser  and all other applications up to date. If you are not using applications anymore, uninstall them.
  • Think before you click on attachment or link sent via sms/messaging services. Proper verification can safe your life.
  • Install applications from known(official sites) sources and verify the permissions before installing.
  • While on public WiFi  avoid  critical activities like banking transactions.
  • Disable wireless access, such as Bluetooth or Wi-Fi, etc., when not in use to prevent unauthorized wireless access to the device or set to non-discoverable..
  • It is not recommended to “Jailbreak” your device.
  • Delete data that are no more required to be accessed using them.
  • Wipe the data  on your mobile device completely  before disposing it off. Also enable a remote wipe feature in case you have to do so if it is lost.
  • It is not recommended to post your phone number in public websites.
  • Enable device or location tracking and remote locking features.

 

  • Reference:
  1. https://www.mycert.org.my/en/services/advisories/mycert/2016/main/detail/1227/index.html
  2. https://www.us-cert.gov/ncas/tips/ST04-020
  3. https://www.us-cert.gov/sites/default/files/publications/cyber_threats_to_mobile_phones.pdf
  4. https://its.uiowa.edu/support/article/281
  5. https://media.kaspersky.com/pdf/b2b/A_Best_Practice_Guide_to_Mobile_Security_MDM_and_MAM_2015.pdf
  6. https://www.sophos.com/en-us/medialibrary/PDFs/other/sophos-mobile-security-threat-report.pdf?la=en
  7. https://dlupdate.quickheal.com/documents/others/Quick_Heal_Annual_Threat_Report_2017.pdf
  8. https://www.sophos.com/en-us/security-news-trends/security-trends/malware-goes-mobile.aspx
  9. https://www.mcafee.com/us/resources/reports/rp-threats-predictions-2017.pdf