SlideShare uma empresa Scribd logo

Mobile security article

Kulani Mahadewa
Kulani Mahadewa

Hi :) Aeturnist#2 Issued. My article on “Mobile Security” is published in this issue :) This article covered brief history of mobile security, Vulnerability Analysis, Why Malware Attacks? Why on Android? How to Protect Your Device and Importance of Mobile Data Security. Hope you guys enjoy reading… :)

Celular
1 de 7
Baixar para ler offline
Agile A Practical Perspective When to Go Grails Power of Music in Life Mobile Security MORE INSIDE Issue #02 January 2015 THE AETURNIST Have you met Mr. Jenkins? 30 25 10 Becoming an IT Professional 12 07 03
2015 THEAETURNIST30 ISSUE #2 JANUARYMobile Security Mobile Security Security for IT and IT for security are commonly used terms in the IT industry.While IT provides diverse techno- logical solutions to ensure the security of day to day life, IT solutions become vulnerable to threats, so security for IT came to the subject. Since early 19s people were interested about this subject and came up with different solutions to protect data and systems. In fact the cryptographic algorithms were initially used as an encryption technique during civil wars. Earlier, IT security was refered only to the protection of desktops, laptops and serv- ers. Now it has been quiet for a long time, and today’s trending topic is mobile security. With the emergence of the mobile industry, individuals and businesses find themselves enjoying the divergence of mobile solutions, but at the same time the number of threats targeting mobile solutions increases. Mobile security has become more of a concern, since data exchange through mobile applications can directly affect businesses, as today people use their personal smart phones for business purposes as well as for personal use, known as BYOD (Bring Your Own Device). In addressing this issue, what is suggested is having knowledge transfer sessions to educate the employees or people about possible threats, while implementing a proper mobile security system. The challenging part is to keep updating the security systems to the speed of the arrival of new mobile products or applications, with the cost of transformation. Vulnerability Analysis Here I will be discussing the current security issues relating to mobiles, based on some recent research papers and threat reports of anti-virus companies on mobile security. Some of the identified mobile insecurities based on the white paper by Acronis International are un-secure file transferring, stolen or lost mobile devices, open Wi-Fi networks and public hotspots, malware and viruses and unclear corporate policies. Among the possible mobile security vulnerabilities, malware has taken special attention and researches are finding new approaches to mitigate them spreading, specifically Android malware. The worldwide smartphone market is invaded by Android and iOS over the other mobile OSs like Windows and Blackberry. Figure 7 shows the worldwide smartphone market share growth over the past few years based on different OSs, analyzed by International Data Corporation (IDC), USA. Since Android owns the largest market share, malware authors are more interested about Android. According to the recent analysis, it is identified that the Android malware mostly exist and grows faster, yet the iOS has more vulnerabilities. The reason is due to the number of Malware families being higher in Android than iOS. The F-Secure Labs 2014 Threat Report says that their analysis found 275 new malware families on Android while only one new family identified on iPhone and Symbian.Their analysis had been carried on appli- cation samples from the Google Play Store, third-party app stores, developer forums and other sources. The Symantec 2014 Security Threat Report says that the average number of Android malware families discovered per month in 2013 is five. by Tharaka Mahadewa
THEAETURNIST31 2015ISSUE #2 JANUARYMobile Security Figure 7 - International Data Corporation (IDC) USA, 2014 Why Malware Attacks? Why on Android? The advantages gained by malware authors from infected devices are that they are able to monetize the devices, collecting personal information by spying on users and stealing the ad-revenue of application devel- opers through embedded advertising libraries. Some facts which make the malware authors motivated on attacking mobile devices are the availability of cameras, near field communication (NFC), Bluetooth, wireless and GPS and other location services in most smartphones plus usage of mobiles for payments. In addition to having a large market share,Android’s open design which lets the users install apps from various sources is a fact for the malware authors to attack on Android. Even Android Google Play Store is vulnerable to malware attacks. In fact some researches who had done a study on Android malware detection techniques, in their paper “Android Sandbox Comparison” at Mobile Security Technologies (MOST) 2014, states that Bouncer, introduced in Feb 2012 to analyze Play Store apps has a low rate in detecting malware and can be easily bypassed “The risk of losing a device is still higher than the risk of malware infection.” Sophos Mobile Security Threat Report, 2014
2015 THEAETURNIST32 ISSUE #2 JANUARYMobile Security Figure 8 - Symantec’s Internet Security Threat Report, 2014 How to Protect Your Device 1. When the device is lost or stolen The basic approach is to have user authentication through a strong password, passcode or by locking the device. From business perspective a more strategic approach is required, such as the ability to remotely lock the device, wipe data remotely from the device or encrypt the data and having more control over data on the device. 2. From Malware and Viruses Downloading applications from untrusted sources can make your device prone to be infected with malware. Android Google Play Store is considered a trusted source, yet the Play Store is also vulnerable to malware attacks. “A good rule of thumb: if an app is asking for more information than what it needs to do its job, you shouldn’t install it” Sophos Mobile Security Threat Report, 2014 However, Android users can prevent installing non-Market apps by changing the settings, “Application > Unknown Sources”, to unchecked. If you want to download an app from a third party or other source, using a reputable security software to scan can lessen the risk of been infected.When choosing a security software you
THEAETURNIST33 2015ISSUE #2 JANUARYMobile Security may consider the following features. Application scanner to verify downloaded apps are not malware infected, backup utility supporting remote storage to store your personal information, remote lock and remote wiping, parental control, etc. Be aware when you give certain permissions to the application while installing it, since letting it dig into your personal information or giving more access is more or less similar to helping them achieve their target easily. If you have “rooted” your device or “jailbroke” your iPhone, that means you have given full access to your device’s OS and features. So a rooted device can be a great resource to malware authors. Since they can access data of other applications, devices used for business purposes should avoid being rooted or jail-broken and keep updating the OS to protect it from potential exploits. In addition to the above, following are some best practices extracted from “Mobile Security Labware” which a smartphone user can adopt to prevent malware. • Monitor Battery and Network usage, SMS or Call charges: infected device may have unusual usage of resources or charges. • Check for suspicious behavior of device Settings: malicious apps can automatically turn on your GPS, Bluetooth, WI-FI or 3G. • If your device overall performance is reduced or reboots frequently then most probably the device is infected with a virus unless it is a hardware problem. • Make sure to turn off Bluetooth, WI-FI or Infrared when they are not been used. • Do not install APK files directly from SD cards or any USB device unless you are an application developer. APK files should be digitally signed by developers that they are safe. • Comprehensively read the reviews of the application before installing it. Importance of Mobile Data Security Personal User’s Data Privacy Recent studies have shown that personal smartphone users are more concerned about the privacy of their personal information while sharing them with applications and services. According to the findings by GSM Association based on the global research they carried out on more than 11,500 mobile users (including Brazil, Colombia, Indonesia, Malaysia, Singapore, Spain and the UK), in their report “MOBILE PRIVACY: Consumer research insights and considerations for policymakers” February, 2014 state that; • 83% users concern about sharing their personal information when accessing the internet or apps from a mobile
2015 THEAETURNIST34 ISSUE #2 JANUARYMobile Security • 65% users check what info an app wants to access and why before installing it • 81% users think it is important to have the option of giving permission before 3rd parties use their personal information • 41% users with privacy concerns would limit their use of apps unless they felt sure their personal informa- tion was better safeguarded. So, as personal smartphone users, you should also consider the above factors before installing applications and prevent randomly installing apps just because you are interested. Usually we consider the following as sensitive information, a user must think twice before sharing or giving permissions to access. - Sensor data: microphone, camera, GPS - Personal data: password, email, SMS, contacts, calendars, photos, medical records - Financial data: accounts and credit card numbers - Authorizations to business data Enterprise Level Data Privacy The impact of BYOD to the data security of the organization is more significant than one would imagine.A single malware-infected device can lead the entire enterprise’s network to be attacked. The cost of such an attack to the company is high and thus securing the sensitive information including proprietary and customer info has become a challenge to IT management. The white paper on “The Business Case for Mobile Security and Management Solutions” by UBM Tech dated March, 2014 has extensively discussed the cost of mobile security breaches for an organization. Briefly, in addition to the various tangible costs the organization will have to address the problem of recovering intangible costs such as, lost employee-productivity, brand and reputation damage and lost customer-confidence. “A well planned mobile security strategy will bring a quick return on investment if it helps organizations avoid even one major security breach.” UBM Tech’s Mobile Computing White Paper, 2014 The responsibility of securing company data is equally owned by the management and the employees of the organization.While organization implementing the security system plus access policies, employees will have to adhere to them. According to the survey report “Mobile Content Security and Productivity” by – “© AIIM 2013 www.aiim.org / © Accellion, Inc. 2013 www.accellion.com” only 18% of the sample participants believe that they are fully compliant with company policies, industry regulations or statutory government mandates.
THEAETURNIST35 2015ISSUE #2 JANUARYMobile Security Working From Home by Yasassri Rathnayake Further they describe how a MDM (Mobile Device Management) platform can address the issue, since MDM supports managing the mobile devices use for business purpose, whether it belongs to the company or the employee. MDM can restrict the access-to-connect to the corporate data, monitor their usage, configure set- tings, deploy approved applications, wipe data remotely and even app store, can be used to store applications that use corporate data, free from malware. Author of the survey report Nick Geddes recommend to combine the MDM platform with an ECM access and content management application to provide true mobile content management, since MDM has limited content capabilities.

Recomendados

Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
Mobile security
Mobile security Mobile security
Mobile security Himmatsingh Rajpurohit
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Mobile security
Mobile securityMobile security
Mobile securitySanjaySharma1059
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityXavier Mertens
 
Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileSISA Information Security Pvt.Ltd
 

Recomendados

Mobile security
Mobile securityMobile security
Mobile securityTapan Khilar
 
Mobile security
Mobile security Mobile security
Mobile security Himmatsingh Rajpurohit
 
Ensuring Mobile Device Security
Ensuring Mobile Device SecurityEnsuring Mobile Device Security
Ensuring Mobile Device SecurityQuick Heal Technologies Ltd.
 
Mobile security in Cyber Security
Mobile security in Cyber SecurityMobile security in Cyber Security
Mobile security in Cyber SecurityGeo Marian
 
Mobile security
Mobile securityMobile security
Mobile securitySanjaySharma1059
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityXavier Mertens
 
Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
New trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileNew trends in Payments Security: NFC & Mobile
New trends in Payments Security: NFC & MobileSISA Information Security Pvt.Ltd
 
Mobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionMobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionNagarro
 
Attacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesAttacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesFaizan Shaikh
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Authentication service security
Authentication service securityAuthentication service security
Authentication service securityG Prachi
 
Hacking ppt
Hacking pptHacking ppt
Hacking pptgiridhar_sadasivuni
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkBlue Coat
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Mobile security
Mobile securityMobile security
Mobile securityCyberoamAcademy
 
Cyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldCyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldSOURAV CHANDRA
 
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Mobile device security
Mobile device securityMobile device security
Mobile device securityLisa Herrera
 
Mobile security
Mobile securityMobile security
Mobile securityhome
 
Cn35499502
Cn35499502Cn35499502
Cn35499502IJERA Editor
 
Cybercrime Research Paper
Cybercrime Research PaperCybercrime Research Paper
Cybercrime Research PaperWhitney Bolton
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
Señor, señor ten piedad de mi
Señor, señor ten piedad de miSeñor, señor ten piedad de mi
Señor, señor ten piedad de miLuis Botero
 
Panel
PanelPanel
PanelKimy García
 

Mais conteúdo relacionado

Mais procurados

Mobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionMobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionNagarro
 
Attacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesAttacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesFaizan Shaikh
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Authentication service security
Authentication service securityAuthentication service security
Authentication service securityG Prachi
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkBlue Coat
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Cyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldCyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldSOURAV CHANDRA
 
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device SecurityJohn Rhoton
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101Lookout
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2Santosh Satam
 
Mobile device security
Mobile device securityMobile device security
Mobile device securityLisa Herrera
 
Mobile security
Mobile securityMobile security
Mobile securityhome
 
Cybercrime Research Paper
Cybercrime Research PaperCybercrime Research Paper
Cybercrime Research PaperWhitney Bolton
 

Mais procurados (20)

Mobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An IntroductionMobile Apps and Security Attacks: An Introduction
Mobile Apps and Security Attacks: An Introduction
 
Attacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell PhonesAttacks on Mobiles\Cell Phones
Attacks on Mobiles\Cell Phones
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Authentication service security
Authentication service securityAuthentication service security
Authentication service security
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Why Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You ThinkWhy Your Mobile Device Isn’t As Secure As You Think
Why Your Mobile Device Isn’t As Secure As You Think
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Mobile security
Mobile securityMobile security
Mobile security
 
Cyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's worldCyber crime-A burning issue of today's world
Cyber crime-A burning issue of today's world
 
Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011Symantec Mobile Security Whitepaper June 2011
Symantec Mobile Security Whitepaper June 2011
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Mobile Security 101
Mobile Security 101Mobile Security 101
Mobile Security 101
 
C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2C0c0n 2011 mobile security presentation v1.2
C0c0n 2011 mobile security presentation v1.2
 
BYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO'sBYOD / Mobile-Device Security Guidelines for CxO's
BYOD / Mobile-Device Security Guidelines for CxO's
 
Mobile device security
Mobile device securityMobile device security
Mobile device security
 
Mobile security
Mobile securityMobile security
Mobile security
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
 
Cybercrime Research Paper
Cybercrime Research PaperCybercrime Research Paper
Cybercrime Research Paper
 
Mobile security
Mobile securityMobile security
Mobile security
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 

Destaque

Señor, señor ten piedad de mi
Señor, señor ten piedad de miSeñor, señor ten piedad de mi
Señor, señor ten piedad de miLuis Botero
 
Infographic: Mobile At Work
Infographic: Mobile At WorkInfographic: Mobile At Work
Infographic: Mobile At WorkBlueboxer2014
 
Dazzle events - Wouter Maenhout
Dazzle events - Wouter MaenhoutDazzle events - Wouter Maenhout
Dazzle events - Wouter MaenhoutBNI Ghent Shake
 
irbem 2015 indicadores-sp ppt
irbem 2015 indicadores-sp pptirbem 2015 indicadores-sp ppt
irbem 2015 indicadores-sp pptFecomercioSP
 
FC barcelona, el club deportivo más popular en medios sociales
FC barcelona, el club deportivo más popular en medios socialesFC barcelona, el club deportivo más popular en medios sociales
FC barcelona, el club deportivo más popular en medios socialesOptimediaSpain
 
Presentación parrilla de programacion
Presentación parrilla de programacionPresentación parrilla de programacion
Presentación parrilla de programacionmile
 
Descubre Todo Lo Que Debes Saber En
Descubre Todo Lo Que Debes Saber En Descubre Todo Lo Que Debes Saber En
Descubre Todo Lo Que Debes Saber En greta44
 
Catalogue oriflame thang 8 2016
Catalogue oriflame thang 8 2016Catalogue oriflame thang 8 2016
Catalogue oriflame thang 8 2016Oriflame VietNam
 

Destaque (11)

Señor, señor ten piedad de mi
Señor, señor ten piedad de miSeñor, señor ten piedad de mi
Señor, señor ten piedad de mi
 
Panel
PanelPanel
Panel
 
Infographic: Mobile At Work
Infographic: Mobile At WorkInfographic: Mobile At Work
Infographic: Mobile At Work
 
Dazzle events - Wouter Maenhout
Dazzle events - Wouter MaenhoutDazzle events - Wouter Maenhout
Dazzle events - Wouter Maenhout
 
irbem 2015 indicadores-sp ppt
irbem 2015 indicadores-sp pptirbem 2015 indicadores-sp ppt
irbem 2015 indicadores-sp ppt
 
Selfiecelha Digital
Selfiecelha DigitalSelfiecelha Digital
Selfiecelha Digital
 
FC barcelona, el club deportivo más popular en medios sociales
FC barcelona, el club deportivo más popular en medios socialesFC barcelona, el club deportivo más popular en medios sociales
FC barcelona, el club deportivo más popular en medios sociales
 
2047dsdsdsd
2047dsdsdsd2047dsdsdsd
2047dsdsdsd
 
Presentación parrilla de programacion
Presentación parrilla de programacionPresentación parrilla de programacion
Presentación parrilla de programacion
 
Descubre Todo Lo Que Debes Saber En
Descubre Todo Lo Que Debes Saber En Descubre Todo Lo Que Debes Saber En
Descubre Todo Lo Que Debes Saber En
 
Catalogue oriflame thang 8 2016
Catalogue oriflame thang 8 2016Catalogue oriflame thang 8 2016
Catalogue oriflame thang 8 2016
 

Semelhante a Mobile security article

Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile SecurityTharaka Mahadewa
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaAnjoum .
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 
Mobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfMobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfGMATechnologies1
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats ReportJuniper Networks
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessSymantec
 
Evaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityEvaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityRapidSSLOnline.com
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Javier Gonzalez
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2SHOLOVE INTERNATIONAL LLC
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxtodd581
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxglendar3
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfvenkatprasadvadla1
 
Techvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutionsTechvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutionsSaad Ahmad
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesrebelreg
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET Journal
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfkostikjaylonshaewe47
 

Semelhante a Mobile security article (20)

Article on Mobile Security
Article on Mobile SecurityArticle on Mobile Security
Article on Mobile Security
 
Evolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wanderaEvolutionand impactofhiddenmobilethreats wandera
Evolutionand impactofhiddenmobilethreats wandera
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
 
Mobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdfMobile App Security Best Practices Protecting User Data.pdf
Mobile App Security Best Practices Protecting User Data.pdf
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Third Annual Mobile Threats Report
Third Annual Mobile Threats ReportThird Annual Mobile Threats Report
Third Annual Mobile Threats Report
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your business
 
Evaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityEvaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise Mobility
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2Sholove cyren web security - technical datasheet2
Sholove cyren web security - technical datasheet2
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docx
 
Running head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docxRunning head mobile application security1mobile application se.docx
Running head mobile application security1mobile application se.docx
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdf
 
Techvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutionsTechvorm com-android-security-issues-solutions
Techvorm com-android-security-issues-solutions
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devices
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
 

Último

CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceanilsa9823
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPsychicRuben LoveSpells
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7Pooja Nehwal
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Pooja Nehwal
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRnishacall1
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceanilsa9823
 

Último (7)

CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
 

Mobile security article

  • 1. Agile A Practical Perspective When to Go Grails Power of Music in Life Mobile Security MORE INSIDE Issue #02 January 2015 THE AETURNIST Have you met Mr. Jenkins? 30 25 10 Becoming an IT Professional 12 07 03
  • 2. 2015 THEAETURNIST30 ISSUE #2 JANUARYMobile Security Mobile Security Security for IT and IT for security are commonly used terms in the IT industry.While IT provides diverse techno- logical solutions to ensure the security of day to day life, IT solutions become vulnerable to threats, so security for IT came to the subject. Since early 19s people were interested about this subject and came up with different solutions to protect data and systems. In fact the cryptographic algorithms were initially used as an encryption technique during civil wars. Earlier, IT security was refered only to the protection of desktops, laptops and serv- ers. Now it has been quiet for a long time, and today’s trending topic is mobile security. With the emergence of the mobile industry, individuals and businesses find themselves enjoying the divergence of mobile solutions, but at the same time the number of threats targeting mobile solutions increases. Mobile security has become more of a concern, since data exchange through mobile applications can directly affect businesses, as today people use their personal smart phones for business purposes as well as for personal use, known as BYOD (Bring Your Own Device). In addressing this issue, what is suggested is having knowledge transfer sessions to educate the employees or people about possible threats, while implementing a proper mobile security system. The challenging part is to keep updating the security systems to the speed of the arrival of new mobile products or applications, with the cost of transformation. Vulnerability Analysis Here I will be discussing the current security issues relating to mobiles, based on some recent research papers and threat reports of anti-virus companies on mobile security. Some of the identified mobile insecurities based on the white paper by Acronis International are un-secure file transferring, stolen or lost mobile devices, open Wi-Fi networks and public hotspots, malware and viruses and unclear corporate policies. Among the possible mobile security vulnerabilities, malware has taken special attention and researches are finding new approaches to mitigate them spreading, specifically Android malware. The worldwide smartphone market is invaded by Android and iOS over the other mobile OSs like Windows and Blackberry. Figure 7 shows the worldwide smartphone market share growth over the past few years based on different OSs, analyzed by International Data Corporation (IDC), USA. Since Android owns the largest market share, malware authors are more interested about Android. According to the recent analysis, it is identified that the Android malware mostly exist and grows faster, yet the iOS has more vulnerabilities. The reason is due to the number of Malware families being higher in Android than iOS. The F-Secure Labs 2014 Threat Report says that their analysis found 275 new malware families on Android while only one new family identified on iPhone and Symbian.Their analysis had been carried on appli- cation samples from the Google Play Store, third-party app stores, developer forums and other sources. The Symantec 2014 Security Threat Report says that the average number of Android malware families discovered per month in 2013 is five. by Tharaka Mahadewa
  • 3. THEAETURNIST31 2015ISSUE #2 JANUARYMobile Security Figure 7 - International Data Corporation (IDC) USA, 2014 Why Malware Attacks? Why on Android? The advantages gained by malware authors from infected devices are that they are able to monetize the devices, collecting personal information by spying on users and stealing the ad-revenue of application devel- opers through embedded advertising libraries. Some facts which make the malware authors motivated on attacking mobile devices are the availability of cameras, near field communication (NFC), Bluetooth, wireless and GPS and other location services in most smartphones plus usage of mobiles for payments. In addition to having a large market share,Android’s open design which lets the users install apps from various sources is a fact for the malware authors to attack on Android. Even Android Google Play Store is vulnerable to malware attacks. In fact some researches who had done a study on Android malware detection techniques, in their paper “Android Sandbox Comparison” at Mobile Security Technologies (MOST) 2014, states that Bouncer, introduced in Feb 2012 to analyze Play Store apps has a low rate in detecting malware and can be easily bypassed “The risk of losing a device is still higher than the risk of malware infection.” Sophos Mobile Security Threat Report, 2014
  • 4. 2015 THEAETURNIST32 ISSUE #2 JANUARYMobile Security Figure 8 - Symantec’s Internet Security Threat Report, 2014 How to Protect Your Device 1. When the device is lost or stolen The basic approach is to have user authentication through a strong password, passcode or by locking the device. From business perspective a more strategic approach is required, such as the ability to remotely lock the device, wipe data remotely from the device or encrypt the data and having more control over data on the device. 2. From Malware and Viruses Downloading applications from untrusted sources can make your device prone to be infected with malware. Android Google Play Store is considered a trusted source, yet the Play Store is also vulnerable to malware attacks. “A good rule of thumb: if an app is asking for more information than what it needs to do its job, you shouldn’t install it” Sophos Mobile Security Threat Report, 2014 However, Android users can prevent installing non-Market apps by changing the settings, “Application > Unknown Sources”, to unchecked. If you want to download an app from a third party or other source, using a reputable security software to scan can lessen the risk of been infected.When choosing a security software you
  • 5. THEAETURNIST33 2015ISSUE #2 JANUARYMobile Security may consider the following features. Application scanner to verify downloaded apps are not malware infected, backup utility supporting remote storage to store your personal information, remote lock and remote wiping, parental control, etc. Be aware when you give certain permissions to the application while installing it, since letting it dig into your personal information or giving more access is more or less similar to helping them achieve their target easily. If you have “rooted” your device or “jailbroke” your iPhone, that means you have given full access to your device’s OS and features. So a rooted device can be a great resource to malware authors. Since they can access data of other applications, devices used for business purposes should avoid being rooted or jail-broken and keep updating the OS to protect it from potential exploits. In addition to the above, following are some best practices extracted from “Mobile Security Labware” which a smartphone user can adopt to prevent malware. • Monitor Battery and Network usage, SMS or Call charges: infected device may have unusual usage of resources or charges. • Check for suspicious behavior of device Settings: malicious apps can automatically turn on your GPS, Bluetooth, WI-FI or 3G. • If your device overall performance is reduced or reboots frequently then most probably the device is infected with a virus unless it is a hardware problem. • Make sure to turn off Bluetooth, WI-FI or Infrared when they are not been used. • Do not install APK files directly from SD cards or any USB device unless you are an application developer. APK files should be digitally signed by developers that they are safe. • Comprehensively read the reviews of the application before installing it. Importance of Mobile Data Security Personal User’s Data Privacy Recent studies have shown that personal smartphone users are more concerned about the privacy of their personal information while sharing them with applications and services. According to the findings by GSM Association based on the global research they carried out on more than 11,500 mobile users (including Brazil, Colombia, Indonesia, Malaysia, Singapore, Spain and the UK), in their report “MOBILE PRIVACY: Consumer research insights and considerations for policymakers” February, 2014 state that; • 83% users concern about sharing their personal information when accessing the internet or apps from a mobile
  • 6. 2015 THEAETURNIST34 ISSUE #2 JANUARYMobile Security • 65% users check what info an app wants to access and why before installing it • 81% users think it is important to have the option of giving permission before 3rd parties use their personal information • 41% users with privacy concerns would limit their use of apps unless they felt sure their personal informa- tion was better safeguarded. So, as personal smartphone users, you should also consider the above factors before installing applications and prevent randomly installing apps just because you are interested. Usually we consider the following as sensitive information, a user must think twice before sharing or giving permissions to access. - Sensor data: microphone, camera, GPS - Personal data: password, email, SMS, contacts, calendars, photos, medical records - Financial data: accounts and credit card numbers - Authorizations to business data Enterprise Level Data Privacy The impact of BYOD to the data security of the organization is more significant than one would imagine.A single malware-infected device can lead the entire enterprise’s network to be attacked. The cost of such an attack to the company is high and thus securing the sensitive information including proprietary and customer info has become a challenge to IT management. The white paper on “The Business Case for Mobile Security and Management Solutions” by UBM Tech dated March, 2014 has extensively discussed the cost of mobile security breaches for an organization. Briefly, in addition to the various tangible costs the organization will have to address the problem of recovering intangible costs such as, lost employee-productivity, brand and reputation damage and lost customer-confidence. “A well planned mobile security strategy will bring a quick return on investment if it helps organizations avoid even one major security breach.” UBM Tech’s Mobile Computing White Paper, 2014 The responsibility of securing company data is equally owned by the management and the employees of the organization.While organization implementing the security system plus access policies, employees will have to adhere to them. According to the survey report “Mobile Content Security and Productivity” by – “© AIIM 2013 www.aiim.org / © Accellion, Inc. 2013 www.accellion.com” only 18% of the sample participants believe that they are fully compliant with company policies, industry regulations or statutory government mandates.
  • 7. THEAETURNIST35 2015ISSUE #2 JANUARYMobile Security Working From Home by Yasassri Rathnayake Further they describe how a MDM (Mobile Device Management) platform can address the issue, since MDM supports managing the mobile devices use for business purpose, whether it belongs to the company or the employee. MDM can restrict the access-to-connect to the corporate data, monitor their usage, configure set- tings, deploy approved applications, wipe data remotely and even app store, can be used to store applications that use corporate data, free from malware. Author of the survey report Nick Geddes recommend to combine the MDM platform with an ECM access and content management application to provide true mobile content management, since MDM has limited content capabilities.