With the increasing usage of mobile devices for critical functions at work, and in banking and ecommerce transactions, coupled with explosive growth in mobile attacks, pressure is building on mobile security.
The mobile environment has certain built-in elements assisting the security of mobile computing. Mobile operating system architecture automatically sandboxes applications, making the conventional PC attack method of malicious code intercepting data from legitimate applications, far more difficult. Mobile app stores vet applications before making them available for download by users. Although not infallible, application vetting does offer a degree of security.
Counteracting these inherent built-in measures, are factors exacerbating the security of mobile computing. On a smartphone, it is difficult for users to view the complete webpage url in the browser, resulting in mobile users being more susceptible to phishing attacks. Smartphones also provide additional opportunities of monetising an attack, such as premium number fraud. New mobile attack vectors are only now emerging, at a time when mobile security solutions have not yet reached the maturity levels of their PC-based counterparts.
Mobile malware attacks are operating system and version specific. It is very difficult for criminals to carry out widespread malware attacks across different versions and different platforms. Phishing attacks on the other hand, are generally widespread across the various operating systems.
There has been an explosion of attacks on Android devices. The cost of purchasing Android malware is coming down – latest prices quoted around $400 for a key logger, $500-$5,000 for mobile intrusion, and $10-30,000 for mobile banking theft. Android attacks are still only at the medium level of sophistication. iPhones and iPad are also not immune. There are also many published vulnerabilities about bypassing the iOS Passcode lock.
Consumers and enterprises are now making mobile security a priority as mobile devices are increasingly used for work activities, banking and ecommerce.
Security vendors are facing increasing pressure to bring effective, easy-to-use mobile security solutions to market. However, as the threats on mobile are different to those on PC, a fresh approach is needed.
It is very feasible to secure mobile devices for the work, banking and ecommerce transactions they are increasingly used for. A multi-layered approach to mobile security is required, focussing on counteracting specific attacks. For example:
– Browser based security to counteract phishing attacks, and protection from malicious/undesirable sites.
– Specific mobile anti-key logging measures.
– Lock and wipe solutions to secure against device loss and theft.
– Data back-up to secure against data loss.
– Geo-location features harnessed to mitigate against fraud and theft.
– Data encryption and cloud-based storage solutions for sensitive data such as login credentials.
– Specific hardened-browser solutions to safeguard high-risk areas such as mobile banking and ecommerce transactions.
As in the PC environment, mobile users should not be lulled into a false sense of security once they have installed a signature-based antivirus solution.
Interesting that a lot of people don’t care about eavesdropping. They think that they don’t have secrets to protect, they are not criminals so they don’t need any call encryption. The truth is that you can never know who is hungry for your business ot private information. People or even companies can loose millions of Dollars because of their naivety.
Today I read about a secphone solution which provides open backdoors to the government. So they decide which info is confidential and which not… The other suspicious thing was the extremely low price… I think it’s impossible to find a reliable encrypted call provider because of the legislation…
hmm… I don’t think so. I’ve been using a voice and text encryption solution for months. The secret is that you have to find a reliable service provider from an independent country… e.g. from Switzerland or Canada.
Switzerland can be a solution. Which app do you use? This Reliaty55 or kryng.me? Or these two apps are the same? I don’t really understand….
I think these two are the same. Maybe there was a name change or something like that. I’ve been using it for months and I’m satisfied. I hope that the app really works 🙂 I beleive in swiss guarantee.
Thank you very much for this amazing article. It is very informative. I come from a computer security background and i did not know that mobile malwares are so version specific. Do you use any mobile penetration testing framework, and what do you recommend us to use?