SlideShare une entreprise Scribd logo

Article on Mobile Security

T
Tharaka Mahadewa
1  sur  7
Télécharger pour lire hors ligne
2015 THEAETURNIST30 ISSUE #2 JANUARYMobile Security Mobile Security Security for IT and IT for security are commonly used terms in the IT industry.While IT provides diverse techno- logical solutions to ensure the security of day to day life, IT solutions become vulnerable to threats, so security for IT came to the subject. Since early 19s people were interested about this subject and came up with different solutions to protect data and systems. In fact the cryptographic algorithms were initially used as an encryption technique during civil wars. Earlier, IT security was refered only to the protection of desktops, laptops and serv- ers. Now it has been quiet for a long time, and today’s trending topic is mobile security. With the emergence of the mobile industry, individuals and businesses find themselves enjoying the divergence of mobile solutions, but at the same time the number of threats targeting mobile solutions increases. Mobile security has become more of a concern, since data exchange through mobile applications can directly affect businesses, as today people use their personal smart phones for business purposes as well as for personal use, known as BYOD (Bring Your Own Device). In addressing this issue, what is suggested is having knowledge transfer sessions to educate the employees or people about possible threats, while implementing a proper mobile security system. The challenging part is to keep updating the security systems to the speed of the arrival of new mobile products or applications, with the cost of transformation. Vulnerability Analysis Here I will be discussing the current security issues relating to mobiles, based on some recent research papers and threat reports of anti-virus companies on mobile security. Some of the identified mobile insecurities based on the white paper by Acronis International are un-secure file transferring, stolen or lost mobile devices, open Wi-Fi networks and public hotspots, malware and viruses and unclear corporate policies. Among the possible mobile security vulnerabilities, malware has taken special attention and researches are finding new approaches to mitigate them spreading, specifically Android malware. The worldwide smartphone market is invaded by Android and iOS over the other mobile OSs like Windows and Blackberry. Figure 7 shows the worldwide smartphone market share growth over the past few years based on different OSs, analyzed by International Data Corporation (IDC), USA. Since Android owns the largest market share, malware authors are more interested about Android. According to the recent analysis, it is identified that the Android malware mostly exist and grows faster, yet the iOS has more vulnerabilities. The reason is due to the number of Malware families being higher in Android than iOS. The F-Secure Labs 2014 Threat Report says that their analysis found 275 new malware families on Android while only one new family identified on iPhone and Symbian.Their analysis had been carried on appli- cation samples from the Google Play Store, third-party app stores, developer forums and other sources. The Symantec 2014 Security Threat Report says that the average number of Android malware families discovered per month in 2013 is five. by Tharaka Mahadewa
THEAETURNIST31 2015ISSUE #2 JANUARYMobile Security Figure 7 - International Data Corporation (IDC) USA, 2014 Why Malware Attacks? Why on Android? The advantages gained by malware authors from infected devices are that they are able to monetize the devices, collecting personal information by spying on users and stealing the ad-revenue of application devel- opers through embedded advertising libraries. Some facts which make the malware authors motivated on attacking mobile devices are the availability of cameras, near field communication (NFC), Bluetooth, wireless and GPS and other location services in most smartphones plus usage of mobiles for payments. In addition to having a large market share,Android’s open design which lets the users install apps from various sources is a fact for the malware authors to attack on Android. Even Android Google Play Store is vulnerable to malware attacks. In fact some researches who had done a study on Android malware detection techniques, in their paper “Android Sandbox Comparison” at Mobile Security Technologies (MOST) 2014, states that Bouncer, introduced in Feb 2012 to analyze Play Store apps has a low rate in detecting malware and can be easily bypassed “The risk of losing a device is still higher than the risk of malware infection.” Sophos Mobile Security Threat Report, 2014
2015 THEAETURNIST32 ISSUE #2 JANUARYMobile Security Figure 8 - Symantec’s Internet Security Threat Report, 2014 How to Protect Your Device 1. When the device is lost or stolen The basic approach is to have user authentication through a strong password, passcode or by locking the device. From business perspective a more strategic approach is required, such as the ability to remotely lock the device, wipe data remotely from the device or encrypt the data and having more control over data on the device. 2. From Malware and Viruses Downloading applications from untrusted sources can make your device prone to be infected with malware. Android Google Play Store is considered a trusted source, yet the Play Store is also vulnerable to malware attacks. “A good rule of thumb: if an app is asking for more information than what it needs to do its job, you shouldn’t install it” Sophos Mobile Security Threat Report, 2014 However, Android users can prevent installing non-Market apps by changing the settings, “Application > Unknown Sources”, to unchecked. If you want to download an app from a third party or other source, using a reputable security software to scan can lessen the risk of been infected.When choosing a security software you
THEAETURNIST33 2015ISSUE #2 JANUARYMobile Security may consider the following features. Application scanner to verify downloaded apps are not malware infected, backup utility supporting remote storage to store your personal information, remote lock and remote wiping, parental control, etc. Be aware when you give certain permissions to the application while installing it, since letting it dig into your personal information or giving more access is more or less similar to helping them achieve their target easily. If you have “rooted” your device or “jailbroke” your iPhone, that means you have given full access to your device’s OS and features. So a rooted device can be a great resource to malware authors. Since they can access data of other applications, devices used for business purposes should avoid being rooted or jail-broken and keep updating the OS to protect it from potential exploits. In addition to the above, following are some best practices extracted from “Mobile Security Labware” which a smartphone user can adopt to prevent malware. • Monitor Battery and Network usage, SMS or Call charges: infected device may have unusual usage of resources or charges. • Check for suspicious behavior of device Settings: malicious apps can automatically turn on your GPS, Bluetooth, WI-FI or 3G. • If your device overall performance is reduced or reboots frequently then most probably the device is infected with a virus unless it is a hardware problem. • Make sure to turn off Bluetooth, WI-FI or Infrared when they are not been used. • Do not install APK files directly from SD cards or any USB device unless you are an application developer. APK files should be digitally signed by developers that they are safe. • Comprehensively read the reviews of the application before installing it. Importance of Mobile Data Security Personal User’s Data Privacy Recent studies have shown that personal smartphone users are more concerned about the privacy of their personal information while sharing them with applications and services. According to the findings by GSM Association based on the global research they carried out on more than 11,500 mobile users (including Brazil, Colombia, Indonesia, Malaysia, Singapore, Spain and the UK), in their report “MOBILE PRIVACY: Consumer research insights and considerations for policymakers” February, 2014 state that; • 83% users concern about sharing their personal information when accessing the internet or apps from a mobile
2015 THEAETURNIST34 ISSUE #2 JANUARYMobile Security • 65% users check what info an app wants to access and why before installing it • 81% users think it is important to have the option of giving permission before 3rd parties use their personal information • 41% users with privacy concerns would limit their use of apps unless they felt sure their personal informa- tion was better safeguarded. So, as personal smartphone users, you should also consider the above factors before installing applications and prevent randomly installing apps just because you are interested. Usually we consider the following as sensitive information, a user must think twice before sharing or giving permissions to access. - Sensor data: microphone, camera, GPS - Personal data: password, email, SMS, contacts, calendars, photos, medical records - Financial data: accounts and credit card numbers - Authorizations to business data Enterprise Level Data Privacy The impact of BYOD to the data security of the organization is more significant than one would imagine.A single malware-infected device can lead the entire enterprise’s network to be attacked. The cost of such an attack to the company is high and thus securing the sensitive information including proprietary and customer info has become a challenge to IT management. The white paper on “The Business Case for Mobile Security and Management Solutions” by UBM Tech dated March, 2014 has extensively discussed the cost of mobile security breaches for an organization. Briefly, in addition to the various tangible costs the organization will have to address the problem of recovering intangible costs such as, lost employee-productivity, brand and reputation damage and lost customer-confidence. “A well planned mobile security strategy will bring a quick return on investment if it helps organizations avoid even one major security breach.” UBM Tech’s Mobile Computing White Paper, 2014 The responsibility of securing company data is equally owned by the management and the employees of the organization.While organization implementing the security system plus access policies, employees will have to adhere to them. According to the survey report “Mobile Content Security and Productivity” by – “© AIIM 2013 www.aiim.org / © Accellion, Inc. 2013 www.accellion.com” only 18% of the sample participants believe that they are fully compliant with company policies, industry regulations or statutory government mandates.
THEAETURNIST35 2015ISSUE #2 JANUARYMobile Security Working From Home by Yasassri Rathnayake Further they describe how a MDM (Mobile Device Management) platform can address the issue, since MDM supports managing the mobile devices use for business purpose, whether it belongs to the company or the employee. MDM can restrict the access-to-connect to the corporate data, monitor their usage, configure set- tings, deploy approved applications, wipe data remotely and even app store, can be used to store applications that use corporate data, free from malware. Author of the survey report Nick Geddes recommend to combine the MDM platform with an ECM access and content management application to provide true mobile content management, since MDM has limited content capabilities.
THEAETURNIST43 2015ISSUE #2 JANUARY Topic Reference Page Source Becoming an IT professional Figure 2 7 National ICT Workforce Survey - January 2010 Figure 3 7 National ICT Workforce Survey - January 2010 Content http://www.bcs.org/category/17705 When to go Grails Content 12 http://www.techempower.com/benchmarks Who was Orson Welles and why he still matters? Content McBride, Joseph (2006) What Ever Happened to Orson Welles? A Portrait of an Independent Career Walsh, David (2013) The Sky Between the Leaves: Film reviews essays and interviews 1992-2012 Spring 4.0 – Evolution or Revolution Figure 4 19 https://raw.githubusercontent.com/raffaelschmid/presentation-spring-4.0/ master/docs/techevent-spring-4.0.pdf Digital Games Content A.Garza & C.J.Ferguson, (2011). Call of (civic) duty: Action games and civic behavior in a large sample of youth. M.Schmierbach, (2010). “Killing spree”: Exploring the connection between competitive game play and aggressive cognition. Effect of playing violent video games cooperatively or competitively on subse- quent cooperative behavior D.A Gentile (2009). Pathological video-game use among youth D.A Gentile & J.R Gentile (2008). In-group versus outgroup conflict in the context of violent video game play N. Gill (2012). http://media.moddb.com/images/articles/1/94/93253/need_for_speed_ world-wide.jpg http://assets.vg247.com/current//2014/05/call_of_duty.jpg Mobile Security Figure 7 32 Smartphone OS Market Share, Q1 2014: http://www.idc.com/prodserv/ smartphone-ms-img/chart-ww-smartphone-os-market-share.png Figure 8 33 Symantec Corporation’s INTERNET SECURITY THREAT REPORT 2014: http:// www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_ report_v19_21291018.en-us.pdf Content Acronis’s White Paper: Top Five Security Threats for the Mobile Enterprise and How to Address Them : http://promo.acronis.com/rs/acronis/images/ WP_Top5_Mobile_Security_US_EN_130306.pdf Acronis’s White Paper: Top Five Security Threats for the Mobile Enterprise and How to Address Them : http://promo.acronis.com/rs/acronis/images/WP_Top5_Mobile_Security_ US_EN_130306.pdf International Data Corporation: Market research company, USA: http://www. idc.com/prodserv/smartphone-os-market-share.jsp F-Secure ’s MOBILE THREAT REPORT Q1 2014: http://www.f-secure.com/ static/doc/labs_global/Research/Mobile_Threat_Report_Q1_2014_print.pdf Mobile Security Technologies (Most) 2014 – Workshop: http://mostconf. org/2014/ Enter Sandbox - Android Sandbox Comparison: http://mostconf.org/2014/ papers/s3p1.pdf Sophos Mobile Security Threat Report: http://www.sophos.com/en-us/medi- alibrary/PDFs/other/sophos-mobile-security-threat-report.pdf Mobile Security Labware: https://sites.google.com/site/ mobilesecuritylabware/4-mobile-malware/malware_prelab_activities Mobile Privacy: http://www.gsma.com/publicpolicy/wp-content/ uploads/2014/02/MOBILE_PRIVACY_Consumer_research_insights_and_ considerations_for_policymakers-Final.pdf UBM Tech Mobile Computing: http://www.informationweek.com/whitepaper/ download/showPDF?articleID=191741382 Mobile Content Security and Productivity: http://www.informationweek.com/ whitepaper/download/showPDF?articleID=191740910 Source Index

Recommandé

Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
Kavita Rastogi
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
Anjoum .
 
Cscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesCscu module 13 securing mobile devices
Cscu module 13 securing mobile devices
Sejahtera Affif
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & Mobile
SISA Information Security Pvt.Ltd
 
Pocket virus threat
Pocket virus threatPocket virus threat
Pocket virus threat
Ali J
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0
Javier Gonzalez
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoS
Purna Bhat
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
IRJET Journal
 

Recommandé

Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
Kavita Rastogi
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
Anjoum .
 
Cscu module 13 securing mobile devices
Cscu module 13 securing mobile devicesCscu module 13 securing mobile devices
Cscu module 13 securing mobile devices
Sejahtera Affif
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & Mobile
SISA Information Security Pvt.Ltd
 
Pocket virus threat
Pocket virus threatPocket virus threat
Pocket virus threat
Ali J
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0
Javier Gonzalez
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoS
Purna Bhat
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
IRJET Journal
 
Mobile security
Mobile securityMobile security
Mobile security
home
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
SHOLOVE INTERNATIONAL LLC
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
Lookout
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
Fabio Pietrosanti
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
Kevin Lee
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec Technology and Consulting
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurity
Gary Sandoval
 
Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014
Spiceworks Ziff Davis
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
Vince Verbeke
 
2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview
Fabio Pietrosanti
 
2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings
Symantec
 
PhD Thesis Writing Assistance - Manuscript
PhD Thesis Writing Assistance - ManuscriptPhD Thesis Writing Assistance - Manuscript
PhD Thesis Writing Assistance - Manuscript
karishmakittu
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
AP DealFlow
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
TestingXperts
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revista
the_ro0t
 
Internet of Things - Desire for Convenience Brings Multiple New Attack Vectors
Internet of Things - Desire for Convenience Brings Multiple New Attack VectorsInternet of Things - Desire for Convenience Brings Multiple New Attack Vectors
Internet of Things - Desire for Convenience Brings Multiple New Attack Vectors
Craig Walker, CISSP
 
Smartphone Security
Smartphone SecuritySmartphone Security
Smartphone Security
Malasta Hill
 
Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBR
ijtsrd
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
IAEME Publication
 
Volante para feria de salud comida plantas y más crupo
Volante para feria de salud comida plantas y más crupoVolante para feria de salud comida plantas y más crupo
Volante para feria de salud comida plantas y más crupo
bertha ayala
 
PrevencióN Bullying
PrevencióN BullyingPrevencióN Bullying
PrevencióN Bullying
guestad5a13
 

Contenu connexe

Tendances

Mobile security
Mobile securityMobile security
Mobile security
home
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
Kevin Lee
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
Santosh Satam
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
AP DealFlow
 
Smartphone Security
Smartphone SecuritySmartphone Security
Smartphone Security
Malasta Hill
 
Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBR
ijtsrd
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
IAEME Publication
 

Tendances (20)

Mobile security
Mobile securityMobile security
Mobile security
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference2010: Mobile Security - WHYMCA Developer Conference
2010: Mobile Security - WHYMCA Developer Conference
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurity
 
Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014
 
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
NETC 2012_Mobile Security for Smartphones and Tablets (pptx)
 
2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview2010: Mobile Security - Intense overview
2010: Mobile Security - Intense overview
 
2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings2012 State of Mobile Survey Global Key Findings
2012 State of Mobile Survey Global Key Findings
 
PhD Thesis Writing Assistance - Manuscript
PhD Thesis Writing Assistance - ManuscriptPhD Thesis Writing Assistance - Manuscript
PhD Thesis Writing Assistance - Manuscript
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
 
Mobile security hakin9_Revista
Mobile security hakin9_RevistaMobile security hakin9_Revista
Mobile security hakin9_Revista
 
Internet of Things - Desire for Convenience Brings Multiple New Attack Vectors
Internet of Things - Desire for Convenience Brings Multiple New Attack VectorsInternet of Things - Desire for Convenience Brings Multiple New Attack Vectors
Internet of Things - Desire for Convenience Brings Multiple New Attack Vectors
 
Smartphone Security
Smartphone SecuritySmartphone Security
Smartphone Security
 
Adaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBRAdaptive Mobile Malware Detection Model Based on CBR
Adaptive Mobile Malware Detection Model Based on CBR
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
 

En vedette

PrevencióN Bullying
PrevencióN BullyingPrevencióN Bullying
PrevencióN Bullying
guestad5a13
 
Sociedad del significado recontextualizar la ciencia social
Sociedad del significado recontextualizar la ciencia socialSociedad del significado recontextualizar la ciencia social
Sociedad del significado recontextualizar la ciencia social
Elizabeth Jang
 
Multilinguismo del perú
Multilinguismo del perúMultilinguismo del perú
Multilinguismo del perú
halionz
 
Actividad de eventos
Actividad de eventosActividad de eventos
Actividad de eventos
rosa_loza
 
Variantes linguisticas
Variantes linguisticasVariantes linguisticas
Variantes linguisticas
Ellie Castillo
 

En vedette (16)

Volante para feria de salud comida plantas y más crupo
Volante para feria de salud comida plantas y más crupoVolante para feria de salud comida plantas y más crupo
Volante para feria de salud comida plantas y más crupo
 
PrevencióN Bullying
PrevencióN BullyingPrevencióN Bullying
PrevencióN Bullying
 
Trabajo en equipo
Trabajo en equipoTrabajo en equipo
Trabajo en equipo
 
Características del país para 1830
Características del país para 1830Características del país para 1830
Características del país para 1830
 
Sociedad del significado recontextualizar la ciencia social
Sociedad del significado recontextualizar la ciencia socialSociedad del significado recontextualizar la ciencia social
Sociedad del significado recontextualizar la ciencia social
 
Identidad nacional
Identidad nacionalIdentidad nacional
Identidad nacional
 
Multiculturalismo
MulticulturalismoMulticulturalismo
Multiculturalismo
 
Los castellanos del perú
Los castellanos del perúLos castellanos del perú
Los castellanos del perú
 
Manual de urbanidad y buenas maneras
Manual de urbanidad y buenas manerasManual de urbanidad y buenas maneras
Manual de urbanidad y buenas maneras
 
Variedades lingüísticas del Castellano
Variedades lingüísticas del CastellanoVariedades lingüísticas del Castellano
Variedades lingüísticas del Castellano
 
Multilinguismo del perú
Multilinguismo del perúMultilinguismo del perú
Multilinguismo del perú
 
Actividad de eventos
Actividad de eventosActividad de eventos
Actividad de eventos
 
Variantes linguisticas
Variantes linguisticasVariantes linguisticas
Variantes linguisticas
 
Gramatica en Esquemas
Gramatica en EsquemasGramatica en Esquemas
Gramatica en Esquemas
 
3 teorías sociológicas clásicas
3 teorías sociológicas clásicas3 teorías sociológicas clásicas
3 teorías sociológicas clásicas
 
Sistema General De Seguridad Social En Salud
Sistema General De Seguridad Social En SaludSistema General De Seguridad Social En Salud
Sistema General De Seguridad Social En Salud
 

Similaire à Article on Mobile Security

CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
kostikjaylonshaewe47
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
Cygnet Infotech
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docx
todd581
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docx
glendar3
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devices
rebelreg
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
IBM Software India
 

Similaire à Article on Mobile Security (20)

Mobile security article
Mobile security articleMobile security article
Mobile security article
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Mobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfMobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdf
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your business
 
Evaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityEvaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise Mobility
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Techvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutionsTechvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutions
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docx
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docx
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdf
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devices
 
Malware Improvements in Android OS
Malware Improvements in Android OSMalware Improvements in Android OS
Malware Improvements in Android OS
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8
 
BYOD - Secure the data, not the device
BYOD - Secure the data, not the deviceBYOD - Secure the data, not the device
BYOD - Secure the data, not the device
 

Article on Mobile Security

  • 1. 2015 THEAETURNIST30 ISSUE #2 JANUARYMobile Security Mobile Security Security for IT and IT for security are commonly used terms in the IT industry.While IT provides diverse techno- logical solutions to ensure the security of day to day life, IT solutions become vulnerable to threats, so security for IT came to the subject. Since early 19s people were interested about this subject and came up with different solutions to protect data and systems. In fact the cryptographic algorithms were initially used as an encryption technique during civil wars. Earlier, IT security was refered only to the protection of desktops, laptops and serv- ers. Now it has been quiet for a long time, and today’s trending topic is mobile security. With the emergence of the mobile industry, individuals and businesses find themselves enjoying the divergence of mobile solutions, but at the same time the number of threats targeting mobile solutions increases. Mobile security has become more of a concern, since data exchange through mobile applications can directly affect businesses, as today people use their personal smart phones for business purposes as well as for personal use, known as BYOD (Bring Your Own Device). In addressing this issue, what is suggested is having knowledge transfer sessions to educate the employees or people about possible threats, while implementing a proper mobile security system. The challenging part is to keep updating the security systems to the speed of the arrival of new mobile products or applications, with the cost of transformation. Vulnerability Analysis Here I will be discussing the current security issues relating to mobiles, based on some recent research papers and threat reports of anti-virus companies on mobile security. Some of the identified mobile insecurities based on the white paper by Acronis International are un-secure file transferring, stolen or lost mobile devices, open Wi-Fi networks and public hotspots, malware and viruses and unclear corporate policies. Among the possible mobile security vulnerabilities, malware has taken special attention and researches are finding new approaches to mitigate them spreading, specifically Android malware. The worldwide smartphone market is invaded by Android and iOS over the other mobile OSs like Windows and Blackberry. Figure 7 shows the worldwide smartphone market share growth over the past few years based on different OSs, analyzed by International Data Corporation (IDC), USA. Since Android owns the largest market share, malware authors are more interested about Android. According to the recent analysis, it is identified that the Android malware mostly exist and grows faster, yet the iOS has more vulnerabilities. The reason is due to the number of Malware families being higher in Android than iOS. The F-Secure Labs 2014 Threat Report says that their analysis found 275 new malware families on Android while only one new family identified on iPhone and Symbian.Their analysis had been carried on appli- cation samples from the Google Play Store, third-party app stores, developer forums and other sources. The Symantec 2014 Security Threat Report says that the average number of Android malware families discovered per month in 2013 is five. by Tharaka Mahadewa
  • 2. THEAETURNIST31 2015ISSUE #2 JANUARYMobile Security Figure 7 - International Data Corporation (IDC) USA, 2014 Why Malware Attacks? Why on Android? The advantages gained by malware authors from infected devices are that they are able to monetize the devices, collecting personal information by spying on users and stealing the ad-revenue of application devel- opers through embedded advertising libraries. Some facts which make the malware authors motivated on attacking mobile devices are the availability of cameras, near field communication (NFC), Bluetooth, wireless and GPS and other location services in most smartphones plus usage of mobiles for payments. In addition to having a large market share,Android’s open design which lets the users install apps from various sources is a fact for the malware authors to attack on Android. Even Android Google Play Store is vulnerable to malware attacks. In fact some researches who had done a study on Android malware detection techniques, in their paper “Android Sandbox Comparison” at Mobile Security Technologies (MOST) 2014, states that Bouncer, introduced in Feb 2012 to analyze Play Store apps has a low rate in detecting malware and can be easily bypassed “The risk of losing a device is still higher than the risk of malware infection.” Sophos Mobile Security Threat Report, 2014
  • 3. 2015 THEAETURNIST32 ISSUE #2 JANUARYMobile Security Figure 8 - Symantec’s Internet Security Threat Report, 2014 How to Protect Your Device 1. When the device is lost or stolen The basic approach is to have user authentication through a strong password, passcode or by locking the device. From business perspective a more strategic approach is required, such as the ability to remotely lock the device, wipe data remotely from the device or encrypt the data and having more control over data on the device. 2. From Malware and Viruses Downloading applications from untrusted sources can make your device prone to be infected with malware. Android Google Play Store is considered a trusted source, yet the Play Store is also vulnerable to malware attacks. “A good rule of thumb: if an app is asking for more information than what it needs to do its job, you shouldn’t install it” Sophos Mobile Security Threat Report, 2014 However, Android users can prevent installing non-Market apps by changing the settings, “Application > Unknown Sources”, to unchecked. If you want to download an app from a third party or other source, using a reputable security software to scan can lessen the risk of been infected.When choosing a security software you
  • 4. THEAETURNIST33 2015ISSUE #2 JANUARYMobile Security may consider the following features. Application scanner to verify downloaded apps are not malware infected, backup utility supporting remote storage to store your personal information, remote lock and remote wiping, parental control, etc. Be aware when you give certain permissions to the application while installing it, since letting it dig into your personal information or giving more access is more or less similar to helping them achieve their target easily. If you have “rooted” your device or “jailbroke” your iPhone, that means you have given full access to your device’s OS and features. So a rooted device can be a great resource to malware authors. Since they can access data of other applications, devices used for business purposes should avoid being rooted or jail-broken and keep updating the OS to protect it from potential exploits. In addition to the above, following are some best practices extracted from “Mobile Security Labware” which a smartphone user can adopt to prevent malware. • Monitor Battery and Network usage, SMS or Call charges: infected device may have unusual usage of resources or charges. • Check for suspicious behavior of device Settings: malicious apps can automatically turn on your GPS, Bluetooth, WI-FI or 3G. • If your device overall performance is reduced or reboots frequently then most probably the device is infected with a virus unless it is a hardware problem. • Make sure to turn off Bluetooth, WI-FI or Infrared when they are not been used. • Do not install APK files directly from SD cards or any USB device unless you are an application developer. APK files should be digitally signed by developers that they are safe. • Comprehensively read the reviews of the application before installing it. Importance of Mobile Data Security Personal User’s Data Privacy Recent studies have shown that personal smartphone users are more concerned about the privacy of their personal information while sharing them with applications and services. According to the findings by GSM Association based on the global research they carried out on more than 11,500 mobile users (including Brazil, Colombia, Indonesia, Malaysia, Singapore, Spain and the UK), in their report “MOBILE PRIVACY: Consumer research insights and considerations for policymakers” February, 2014 state that; • 83% users concern about sharing their personal information when accessing the internet or apps from a mobile
  • 5. 2015 THEAETURNIST34 ISSUE #2 JANUARYMobile Security • 65% users check what info an app wants to access and why before installing it • 81% users think it is important to have the option of giving permission before 3rd parties use their personal information • 41% users with privacy concerns would limit their use of apps unless they felt sure their personal informa- tion was better safeguarded. So, as personal smartphone users, you should also consider the above factors before installing applications and prevent randomly installing apps just because you are interested. Usually we consider the following as sensitive information, a user must think twice before sharing or giving permissions to access. - Sensor data: microphone, camera, GPS - Personal data: password, email, SMS, contacts, calendars, photos, medical records - Financial data: accounts and credit card numbers - Authorizations to business data Enterprise Level Data Privacy The impact of BYOD to the data security of the organization is more significant than one would imagine.A single malware-infected device can lead the entire enterprise’s network to be attacked. The cost of such an attack to the company is high and thus securing the sensitive information including proprietary and customer info has become a challenge to IT management. The white paper on “The Business Case for Mobile Security and Management Solutions” by UBM Tech dated March, 2014 has extensively discussed the cost of mobile security breaches for an organization. Briefly, in addition to the various tangible costs the organization will have to address the problem of recovering intangible costs such as, lost employee-productivity, brand and reputation damage and lost customer-confidence. “A well planned mobile security strategy will bring a quick return on investment if it helps organizations avoid even one major security breach.” UBM Tech’s Mobile Computing White Paper, 2014 The responsibility of securing company data is equally owned by the management and the employees of the organization.While organization implementing the security system plus access policies, employees will have to adhere to them. According to the survey report “Mobile Content Security and Productivity” by – “© AIIM 2013 www.aiim.org / © Accellion, Inc. 2013 www.accellion.com” only 18% of the sample participants believe that they are fully compliant with company policies, industry regulations or statutory government mandates.
  • 6. THEAETURNIST35 2015ISSUE #2 JANUARYMobile Security Working From Home by Yasassri Rathnayake Further they describe how a MDM (Mobile Device Management) platform can address the issue, since MDM supports managing the mobile devices use for business purpose, whether it belongs to the company or the employee. MDM can restrict the access-to-connect to the corporate data, monitor their usage, configure set- tings, deploy approved applications, wipe data remotely and even app store, can be used to store applications that use corporate data, free from malware. Author of the survey report Nick Geddes recommend to combine the MDM platform with an ECM access and content management application to provide true mobile content management, since MDM has limited content capabilities.
  • 7. THEAETURNIST43 2015ISSUE #2 JANUARY Topic Reference Page Source Becoming an IT professional Figure 2 7 National ICT Workforce Survey - January 2010 Figure 3 7 National ICT Workforce Survey - January 2010 Content http://www.bcs.org/category/17705 When to go Grails Content 12 http://www.techempower.com/benchmarks Who was Orson Welles and why he still matters? Content McBride, Joseph (2006) What Ever Happened to Orson Welles? A Portrait of an Independent Career Walsh, David (2013) The Sky Between the Leaves: Film reviews essays and interviews 1992-2012 Spring 4.0 – Evolution or Revolution Figure 4 19 https://raw.githubusercontent.com/raffaelschmid/presentation-spring-4.0/ master/docs/techevent-spring-4.0.pdf Digital Games Content A.Garza & C.J.Ferguson, (2011). Call of (civic) duty: Action games and civic behavior in a large sample of youth. M.Schmierbach, (2010). “Killing spree”: Exploring the connection between competitive game play and aggressive cognition. Effect of playing violent video games cooperatively or competitively on subse- quent cooperative behavior D.A Gentile (2009). Pathological video-game use among youth D.A Gentile & J.R Gentile (2008). In-group versus outgroup conflict in the context of violent video game play N. Gill (2012). http://media.moddb.com/images/articles/1/94/93253/need_for_speed_ world-wide.jpg http://assets.vg247.com/current//2014/05/call_of_duty.jpg Mobile Security Figure 7 32 Smartphone OS Market Share, Q1 2014: http://www.idc.com/prodserv/ smartphone-ms-img/chart-ww-smartphone-os-market-share.png Figure 8 33 Symantec Corporation’s INTERNET SECURITY THREAT REPORT 2014: http:// www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_ report_v19_21291018.en-us.pdf Content Acronis’s White Paper: Top Five Security Threats for the Mobile Enterprise and How to Address Them : http://promo.acronis.com/rs/acronis/images/ WP_Top5_Mobile_Security_US_EN_130306.pdf Acronis’s White Paper: Top Five Security Threats for the Mobile Enterprise and How to Address Them : http://promo.acronis.com/rs/acronis/images/WP_Top5_Mobile_Security_ US_EN_130306.pdf International Data Corporation: Market research company, USA: http://www. idc.com/prodserv/smartphone-os-market-share.jsp F-Secure ’s MOBILE THREAT REPORT Q1 2014: http://www.f-secure.com/ static/doc/labs_global/Research/Mobile_Threat_Report_Q1_2014_print.pdf Mobile Security Technologies (Most) 2014 – Workshop: http://mostconf. org/2014/ Enter Sandbox - Android Sandbox Comparison: http://mostconf.org/2014/ papers/s3p1.pdf Sophos Mobile Security Threat Report: http://www.sophos.com/en-us/medi- alibrary/PDFs/other/sophos-mobile-security-threat-report.pdf Mobile Security Labware: https://sites.google.com/site/ mobilesecuritylabware/4-mobile-malware/malware_prelab_activities Mobile Privacy: http://www.gsma.com/publicpolicy/wp-content/ uploads/2014/02/MOBILE_PRIVACY_Consumer_research_insights_and_ considerations_for_policymakers-Final.pdf UBM Tech Mobile Computing: http://www.informationweek.com/whitepaper/ download/showPDF?articleID=191741382 Mobile Content Security and Productivity: http://www.informationweek.com/ whitepaper/download/showPDF?articleID=191740910 Source Index