Currently more and more people are using their mobile devices; there’s a tremendous shift from personal computers to mobile devices. 4 out of 10 users use their mobile as their primary work device. This presents a major security risk since we don’t really think about mobile devices and security.
According to a study performed by McAfee, 74% of users do not think or consider their mobile devices as having any security risks, 84% of users are unaware that their devices can transmit confidential data, 20% of users store credit card details, passwords, and pin codes on their devices, and 51% of users do not employ any type of basic keypad or password locks. These statistics are alarming and favor hackers successfully infiltrating our mobile devices. The threat landscape has changed and it is time to shed the light on the (in)security of mobile devices.
Hackers are using your mobile devices as pivot stations to leap into juicier information assets because let’s face it, you are using your mobile devices to access company data. What’s easier than just circumventing a company’s network defenses than attacking low hanging fruit such as these mobile devices. Look at the statistics above, 84% of users are unaware that mobile devices can transmit confidential data.
There are various methods being used by hackers for intrusion into mobile devices; these can be infected or poorly written applications that you would download onto your mobile devices. The lack of encryption on legitimate applications also make it easy for hackers to exfiltrate information in clear-text. If you are connecting to open-wifi networks you are at risk of leaking out confidential data because there’s no way to be able to tell if the open-wifi you are on is safe or not.
There are several products available to anyone really in order to be able to get information out of mobile devices. Here are some of the tools that are readily available: Anti, Faceniff, Mobile Spy, and iLocalis. These tools will help a malicious user to be able to successfully attack your mobile devices.
Even though mobile devices are vulnerable to all of these attack methods, you can still mitigate these security risks by taking precautions. How can you do that?
1. Do Not Use Open-Wifi 2. Enable Passwords and Pin Codes on your mobile devices 3. Be Aware! Learn Where and What the Risks Are! 4. Install Security Applications on your Mobile Devices.
These are just some of the basic things you can do to mitigate the security risks associated with mobile devices.
Regards,
Michael Kaishar, MSIA | CISSP