With the increasing usage of mobile devices for critical functions at work, and in banking and ecommerce transactions, coupled with explosive growth in mobile attacks, pressure is building on mobile security.
The mobile environment has certain built-in elements assisting the security of mobile computing. Mobile operating system architecture automatically sandboxes applications, making the conventional PC attack method of malicious code intercepting data from legitimate applications, far more difficult. Mobile app stores vet applications before making them available for download by users. Although not infallible, application vetting does offer a degree of security.
Counteracting these inherent built-in measures, are factors exacerbating the security of mobile computing. On a smartphone, it is difficult for users to view the complete webpage url in the browser, resulting in mobile users being more susceptible to phishing attacks. Smartphones also provide additional opportunities of monetising an attack, such as premium number fraud. New mobile attack vectors are only now emerging, at a time when mobile security solutions have not yet reached the maturity levels of their PC-based counterparts.
Mobile malware attacks are operating system and version specific. It is very difficult for criminals to carry out widespread malware attacks across different versions and different platforms. Phishing attacks on the other hand, are generally widespread across the various operating systems.
There has been an explosion of attacks on Android devices. The cost of purchasing Android malware is coming down – latest prices quoted around $400 for a key logger, $500-$5,000 for mobile intrusion, and $10-30,000 for mobile banking theft. Android attacks are still only at the medium level of sophistication. iPhones and iPad are also not immune. There are also many published vulnerabilities about bypassing the iOS Passcode lock.
Consumers and enterprises are now making mobile security a priority as mobile devices are increasingly used for work activities, banking and ecommerce.
Security vendors are facing increasing pressure to bring effective, easy-to-use mobile security solutions to market. However, as the threats on mobile are different to those on PC, a fresh approach is needed.
It is very feasible to secure mobile devices for the work, banking and ecommerce transactions they are increasingly used for. A multi-layered approach to mobile security is required, focussing on counteracting specific attacks. For example:
– Browser based security to counteract phishing attacks, and protection from malicious/undesirable sites.
– Specific mobile anti-key logging measures.
– Lock and wipe solutions to secure against device loss and theft.
– Data back-up to secure against data loss.
– Geo-location features harnessed to mitigate against fraud and theft.
– Data encryption and cloud-based storage solutions for sensitive data such as login credentials.
– Specific hardened-browser solutions to safeguard high-risk areas such as mobile banking and ecommerce transactions.
As in the PC environment, mobile users should not be lulled into a false sense of security once they have installed a signature-based antivirus solution.