It has been said that a smartphone is “a microcomputer in your hand. ” Discuss the security implications of this statement.? —>Just a couple of years ago the biggest software concern we had about our cellphone was whether or not it could play Snakes. Today, smartphones have become a popular target among hackers and malware producers. It is a high-reward business because most people are unaware that their cellphone is just as vulnerable to cyber attacks as their desktop computer. Think about all of the things that you do on your cellphone, and then imagine a worst case scenario we can keep our cellphones, and our data, safe. —>The most obvious threat to the security of our smartphones is simply for the device to falls into the wrong hands.
As silly as this sound, most cases of smartphone data theft begins with a lost or stolen phone. The first line of defense is common sense. Don’t put your phone down in a public place, and don’t leave it where it is easily grabbed. In short, treat your phone as you would your wallet. In case your phone does get snatched by a passing evildoer, the next step is to make sure that you have a secure screen lock. For Blackberry, iOS and Windows phones use a secure password.
Something that’s easily remembered, but not easily guessed. If it includes personal information such as your name, birthday or address it is not safe. For Android users, make sure that your unlock pattern is relatively complex and crosses over itself. If not, somebody can deduce your pattern from the repeated smudge marks on your screen. —>As with every computer, a good password alone is not enough to protect us. If our phone does get lost or stolen there is a line of software that will help you recover it, or wipe the data if you are unable to do so.
The first step is a piece of software that will lock your phone down. This software will turn off the phone’s screen and disable it, preventing an attacker from being able to easily access your information through the phone’s operating system. Most of these programs will also be able to lock down the phone’s communication ports stopping people from simply plugging your phone into a computer and downloading the information that way. The next piece of software will turn on the GPS on your phone and lock it on. This way, as long as your phone has a battery with some life in it your hone will continuously broadcast its location. This can be a huge help in a situation where you have simply lost your phone. Activate this feature and your phone will pop up on a map making it a simple matter to locate it. In the case of a theft, you can provide the location to the police department, —> Vastly increasing the odds of recovering your phone. The last ditch effort in the case of a lost or stolen phone is software that will completely wipe the memory. This is useful when other means of recovery have failed, and you have given up on hopes of recovering your phone.
This software will remove all traces of personal information. In addition to the threat of losing physical control of your phone, there is the threat of malware. Smartphone malware is similar to the viruses and Trojans found on your home computers. Recently, Google had to remove 50 apps from their app store that they found to be malicious. These apps had already been downloaded to thousands of phones apiece. Apple and Amazon have also experienced malicious apps infiltrating their app stores. People get a false sense of security downloading programs from these large companies. –>They assume that these corporations have already weeded out all of the bad apples, and only post the good. While this is certainly the goal, it is impossible to be 100% certain 100% of the time. Oftentimes, a software programmer’s account will get hacked. The culprit will take down their legitimate app and replace it with a copy that contains malicious code. This is usually discovered within hours, but by then the app has already been distributed to enough people to make the attack worthwhile.
Another attack that has become popular is one in which a developer submits a legitimate program in order to get it approved for the app store. —>Once the app has been approved and downloaded by a sufficient number of people, the developer releases an update which contains malicious code. These attacks are much harder to control, as the updates will go out immediately to every person that has downloaded the app. For these attacks you need a good anti-malware program running on your phone. Most of the major players in the PC malware game have mobile security suites as well.
Familiar names such as AVG, A vast, Avira, Kaspersky, Norton, and McAfee all have mobile suites. Most of these suites include all of the protections that were mentioned earlier. However, the interface can vary greatly from provider to provider. Some will allow you to engage and interact with the anti-theft features via text messages to your phone, while others will use an internet browser. Some suites will be free and others will have to be paid for. You will still have to do your homework to determine which security suite will best fulfill your needs.
Hopefully I’ve armed you today with the information you’ll need to make an informed decision. As always, if you are still unsure whether or not you’re phone is safe consult a professional for their opinion. 2. What people, organization, and technology factors must be addressed by smartphone security? Most organizations will find that they do indeed have a need for mobile security, and could use guidance on the most effective best practices. These include: • Force encryption of data at rest on mobile devices Force secure connectivity on unsecured public networks • Confirm unauthorized mobile devices do not have access to corporate LAN • Confirm mobile user spending is in line with the mobile policy and additional costs can be recovered • Over-the-air decommissioning (remote bricking) of lost or stolen devices to help prevent access to the data • Authentication: set the device to auto-lock; set limit for unauthorized login attempts.
Keep device out of sight when not worn • Handheld devices should be enterprise property Before an employee departs, obtain device and remove corporate data • Have a clear policy on remote data deletion and do not hesitate to execute it • Classify data according to the sensitivity of the data carried • Only permit digitally signed applications • Be agile—quickly and flexibly adapt to changing mobile landscape Most organizations will find that they could use help in addressing the complexities of mobile device and application security. As mobile device processing power is increasing, more sophisticated security controls can lso be applied, and it’s important to work with a provider who has a comprehensive understanding of all of the issues. A qualified provider should have expertise across three key dimensions—business, operations, and technology—because they combine to control the costs, and strengthen the security of the device, information and your overall organization. The provider should offer solutions that leverage existing assets, personnel, and technologies, and should provide coverage across the entire project lifecycle, including consulting services and managed security services.
In order to help organizations secure their mobile applications and the underlying supporting infrastructure, a provider should have wide and deep experience with all aspects of security. For example, they need to understand that applications function more like native apps rather than utilizing a standard browser and that mobile apps are not restricted to using standard HTTP/HTTPS. They must also have access to many security testing resources, as fragmentation in hardware, operating systems, applications, and operators can present challenges.
For example, there are multiple versions of the same applications for disparate mobile operating systems. In addition, there are countless mobile devices, and the supported technologies (communication, access control, storage, etc. ) vary by manufacturer and OS (Symbian, Oracle J2ME, Qualcomm BREW, iPhone, Windows Mobile, Window Phone 7, webOS, and Android). TECHNOLGY ON SMART PHONE SECURITY: Findings of two recent examinations of mobile devices highlight how designers of smartphones and tablet PCs failed to fully account for security and privacy implications. Today’s smartphones and tablet devices perform the same functions as a PC,” says Dan Hoffman, chief of mobile security at Juniper Networks. “However, the vast majority of devices lack security software and mistakenly relies upon the operating system to keep people safe. ” In one study, security firm Cryptography Research showed how it’s possible to eavesdrop on any smartphone or tablet PC as it is being used to make a purchase, conduct online banking or access a company’s virtual private network.
The process used to encrypt data can be deciphered, enabling a criminal to use them to access a financial account or a company etwork, says Benjamin Jun, Cryptography Research’s chief technology officer. “These type of attacks do not require the device to be modified, and there is usually no observable sign that an attack is in progress,” Jun says. Cryptography Research is “working with one of the major smartphone. And tablet companies right now to put countermeasures in,” Jun says. No known actual attacks have occurred, he says. In another demonstration, researchers at security firm McAfee, a division of chipmaker Intel, highlighted several ways to remotely hack into Apple iOS, the operating system for iPads and iPhones. . What problems do smartphone security weaknesses cause for businesses? We are all so mobile these days. And its so cool that we can take our business with us in our back pocket. But there’s a problem with that too. It’s easy to forget how much sensitive data our phones have access to. Losing it could put your business at a huge risk. In a news release from Deluxe Corporation, they said nearly 40 million Americans currently access bank accounts and financial records through mobile devices, such as smartphones and tablets, according to Consumer Reports.
But, unlike most computers and laptops, mobile devices rarely feature security software. Recognizing this weakness, hackers are increasingly preying on small business owners, accessing mobile devices to steal sensitive data and commit acts of fraud. —->With smart phones users can search the internet, make phone calls, listen to music, have navigation, and download applications from their Smartphone’s application market. When a user downloads an application onto his or her phone they are at risk from adware privacy.
Most users to include myself did not believe that Smartphone’s were not at risk from privacy risks and viruses. —->Android marketplace applications for malware, a weakness in the program allows for potential hackers to covertly update apps that have passed Bouncer security, so they can then load malicious websites or view files on the targeted smartphone. Through this method hackers could ostensibly take full control of the user’s phone–an end result that could be potentially devastating for a business if the phone contains sensitive information.
While identity theft through mobile devices is becoming more common, these devices are equipped with security features to help users to protect themselves – but it’s up to you to activate them. Here 1) Turn on password protection and auto-lock feature on all smart phone, tablet and laptop devices. If your phone is lost or stolen, this is an extra measure to protect your information. By password protecting your device and activating an auto-lock feature, users can control the number of password attempts before the device locks itself. 2) Enable remote tracking and wiping capabilities.
Remote tracking allows users to physically track the location of the phone, while remote wiping allows you to clear all data if your phone goes missing. 3 )Expect the best, plan for the worst. While there are extra precautions that can reduce the likelihood that you or your business might become a victim of fraud, there is no failsafe. Dealing with the effects of fraud and identity theft can cause massive disruptions to your business. Put plans in place so that if you become a victim, you can resume business as quickly as possible. . What steps can individuals and businesses take to make their smartphones more secure? Setting Up A PIN and/or A Password Protection: The easiest way that you can instantly instill an “Iron Clad” smartphone security protection protocol is by creating an uncrackable PIN or a secure password that anyone who uses the smartphone needs to unlock. This is usually located and accessible on the mobile devices “Settings” tab, this depending on the smartphone model and OS platform. The only option that you may have is creating a secure PIN number.
Setting a password is generally considered to be a lot more secure however. If your smartphone is equipped with Google’s Android OS version 2. 2 or later, then you’re also able to set a swipe pattern as well on these devices, this to unlock the smart phone. What you do is configure Remote Find and then Data Wipe. If you unfortunately happen to lose your smartphone, or if it’s stolen, the remote find and data wipe app will allow you to remotely locate the devices location and then erase all of the information that’s stored on it. It’s also advised that you back up this data on a regular basis as well.
So this way, whoever happens to get access to your mobile won’t be able to access it. What this involves is initially installing the app on the device and then creating an online account from where you’re able to track the smartphones exact location once you’ve is placed it. Then you can completely wipe its contents as a last resort if you need to. Warning On Attachments As Well As QR Codes: This is similar to the approach that you most likely are taking when opening any unfamiliar email attachments that you receive from unknown senders on your desktop computer.
You should be taking extra precaution while on your smartphone when clicking on or opening any links and files from someone you don’t know . Otherwise, you could potentially and unknowingly be installing a virus that some unsavory individual has embedded into an attachment designed to steal your data, track your movements, access all of your contacts, and everything else in between. This also applies to scanning any QR Codes (Quick Response) as well, where hackers are now able to easily infect your device with malware by you clicking on one of these square codes.
Make sure that you always practice extreme due diligence, especially as these devices are a lot more portable and vulnerable. Always Update Your Smartphone Software: Installing security as well as OS updates as they become available are always recommended, as they will often contain updated “fixes” for any security flaws and vulnerabilities. Also make sure that you backup the device regularly, this includes all of your contacts and stored data. So in the event that you ever lose it, you can replace or reinstall that information on the new phone. Make sure that you download applications directly from the official App stores and no where else.
Always look for reviews as well as ratings and complaints before you download an app. Always make sure that you keep them updated after they’re installed as well. Wi-Fi Security: Always disable any automatic wireless connections on your device, especially if you routinely use free Wi-Fi networks, or if you have a habit of leaving your Wi-Fi connection on. Turning off the devices automatic Wi-Fi connection settings will reduce the risk of hackers who may have created a public Wi-Fi network, designed just to steal personal data that’s traveling over it.
For the same reasons, always turn off your Bluetooth as well when it’s not in use. Always make sure that you keep your smartphone on your person or visible where you can always see it. The best and easiest practice when it comes to smartphone security is to know exactly where it is at all times. When you consider all of the valuable personal as well as the sensitive business data that’s on it, it’s a good idea to know where your smartphone is at all times.