Mitigating Mobile Device Security Threats: Strategies And Countermeasures (essay).

Smartphones, tablets and laptops among many other mobile devices are quickly becoming the main source of information. This outcome is seen because of their practicality which has facilitated their role as the primary computing platform for users today (Mobile Iron, 2014). Other than practicality, services providers have rapidly shifted their services to cover mobile infrastructure as demanded by customers who require intuitive experiences that are coupled with robust and extensive operations. As a result of these demands, the industry has shifted enterprise systems to mobile applications which in itself outline the need to mitigate mobile security threats.

To meet the security requirements, new strategies are needed to secure data more so enterprise content that fundamentally outlines the sensitivity of the information used. These strategies must also adopt new management processes and tools based on the variation seen in mobile devices and technologies (Zhang, 2012). However, current events outline the vulnerabilities faced by mobile devices as the industry still uses old security measures which are severely exploited by attackers. Therefore, the affiliated threats of mobile devices are set to increase with its popularity.

Since the early 1990s, many mobile devices have been developed from personal digital assistants (PDA) to the now famous smartphones. These devices may have varying capabilities however their operational principles and guidelines are the same. In essence, they aim to improve the mobility and flexibility of using information technology where users can access a wide range of information through the palm of their hands (Nosrati, Karimi & Hasanvand, 2012). This convenience has over time increased their application as seen today where they are more of a pre-requisite requirement rather than an optional need. Furthermore, different manufacturers and producers have come up to meet the demands of the consumers.

All mobile devices share several vulnerabilities that expose them to the security threats outlined in this report and perhaps the most obvious being their physical security where owners can easily lose them. When lost or stolen, these devices can expose confidential data if not well secured. Secondly, consider the availability of mobile applications where different developers (legitimate or not) can use mobile infrastructure such as the internet to attack devices based on the said applications (Ruggiero & Foote, 2011). Moreover, notwithstanding illegitimate applications and software, legitimate applications can also be exploited to reveal the information contained in the devices. Finally, some attacks are predominant on mobile devices as they trick user based on mobile resource requirements, for instance, phishing attacks that can be conducted using e-mails or malicious access points (Wi-Fi).

1.    What are the security threats associated with mobile devices?
2.    How can these threats be minimised?

Overview of the security threats

Security threats

Malware – These are malicious Softwares that aim to disturb the user either by acquiring their information or by affecting their access to the said information. These applications are never installed by users instead they integrated into the systems by intruders who prey on the vulnerabilities of the systems (Zhang, 2015). For instance, an attacker will prompt users to install free applications on their phones such as wallpaper or even games. These applications then take command of the device and transmit data to the intruder without the user’s awareness. In other instances, a malware will have explicit outcomes such as the Cabir virus that affected mobile devices using the Symbian operating system. This virus wrote the name Cabir on the screen of the device terminating all operations. It was at the time transmitted using Bluetooth connections, a vulnerability of mobile devices (Mobile Iron, 2014). Now, creating awareness among users serves as a simple way of mitigating malware attacks as they prey on the naivety of the users.

Eavesdropping threats – Malware are the major security threats faced by mobile devices however, certain threats are predisposed to the operational principles of mobile devices. For instance, most devices will come with wireless connections such as Bluetooth and Wi-Fi which when activated can serve as an entry point for intruders. The BlueSnarfing attack is an example of these threats where an attacker can access a victim’s phone using the Bluetooth connection if it’s not secured. In the attack, the aim is to access information stored in the devices such as contacts and picture among many others (Zhang, 2012). As a solution, the developers should instigate better encryption methods where mandatory authentication could be used before establishing connections.

Network threats (denial of service attack) - A far worst attack as compared to Bluetooth attacks. Again preying on the connection vulnerabilities, intruders can access a mobile device and congests its services as well as applications. For instance, an attacker can send endless demands to a mobile device consuming the available bandwidth. This overload will cause the device to stop all operations as the new services demand overloads in the functioning processors. In the end the mobile device either freezes or shutdowns and restarts again (Mobile Iron, 2014).

In all the security threats identified above have a common trend, that of connection vulnerabilities where the devices are always predisposed to illegitimate connections that can lead to serious attacks. Furthermore, their consistent application makes them a convenient target for attackers as they are assured of victims who in most cases are not aware of the background events that limit the functionalities of their devices.

Critical questions

First, a layered approach is needed to mitigate the threats faced by mobile devices, this approach can include different security protocols such as those used for authentication and authorization. However, for these protocols to work the developers must advance the existing technologies to meet the demands of the market. Furthermore, the users must ensure their devices are properly configured where among other measures they should use strong passwords to protect their devices. In addition to this, basic security measures such as anti-virus software should be incorporated in all devices regardless of the cost. Moreover, the users should be made aware of the threats they face while using these devices to improve their vigilance. When made aware, users will verify applications, e-mails and connections before using them, this outcome will mitigate many of the threats seen today e.g. malware attacks, phishing and DOS (Selvarani & Ravi, 2015).

There is little concern for mobile security as compared to other forms of technologies or platforms. In an event where a user has both a mobile device and a desktop computer, they will prioritise the security of the PC as compared to the mobile devices. However, the reverse should be true, this because the portable device faces many threats as compared to stationary devices. Recently, this outcome has been continuously observed more so, because of the data contained in smart devices. Moreover, other avenues that expose mobile technology are continuously being advanced to have strict and strong security measures. Consider the access control seen in access point where today extended verification procedures are needed to access a hotspot (Yesilyurt & Yalman, 2016).

Unlike other technologies, the adversities seen in mobile devices have not limited its application, instead, they have made people aware of the concerns of data security. Mobile devices now use some of the best security protocols some of which are still limited by the functionalities and capabilities of the devices themselves. However, with the advancement in technology, these measures will continuously evolve to fit the needs of the end user as well as the prevailing security requirements (Delac, 2012).

Conclusion

Manufacturers today are always in a hurry to produce the latest innovation with mobile devices, this outcome robs the technology of the much-needed research for improving their security. However, for the most part of the threats identified above, the users are usually at fault particularly those dealing with malware infestation and access. In most cases, users will leave their devices unprotected which create the outline some of the vulnerabilities highlighted above. Furthermore, unlike popularly perceived most hackers will have limited capabilities with the existing security protocols and will only succeed if certain operational loopholes exist. Therefore, the security threats facing mobile devices are easily controlled if the users remain vigilant and aware of the existing threats and incorporate the necessary security measures. These measures start with basic procedures such as protecting the devices from physical damage among other sophisticated processes. 

References

Delac. G. (2012). Security Threats for Mobile Platforms. Faculty of Electrical Engineering and Computing, University of Zagreb. Retrieved 16 May, 2017, from: https://www.fer.unizg.hr/_download/repository/Goran_Delac%2C_rad_KDI.pdf

Nosrati. M, Karimi. R & Hasanvand. (2012). Mobile Computing: Principles, Devices and Operating Systems. World Applied Programming. Retrieved 16 May, 2017, from: https://www.waprogramming.com/download.php?download=50af86017bbd71.70174069.pdf

Mobile Iron. (2014). Mobile Security: Threats and Countermeasures. Retrieved 16 May, 2017, from: https://www.mobileiron.com/sites/default/files/security/Mobile-Security-Threats-and-Countermeasures-WP-MKT-6361-V1.pdf

NCB. (2011). Mauritian Computer Emergency Response Team: Enhancing Cyber Security in Mauritius. Mobile device security guideline. Retrieved 16 May, 2017, from: https://www.ncb.mu/English/Documents/Downloads/Reports%20and%20Guidelines/Mobile%20Devices%20Security%20Guideline.pdf

Ruggiero. P & Foote. P. (2011). Cyber Threats to Mobile Phones. United States computer emergency readiness team. Retrieved 16 May, 2017, from: https://www.us-cert.gov/sites/default/files/publications/cyber_threats-to_mobile_phones.pdf

Selvarani. R & Ravi. T. (2015). Issues, Solutions and Recommendations for Mobile

Device Security. International Journal of Innovative Research in Technology & Science(IJIRTS). Retrieved 16 May, 2017, from: https://ijirts.org/volume1issue5/IJIRTSV1I5027.pdf

Yesilyurt. M & Yalman. (2016). Security threats on mobile devices and their effects: Estimations for the future. International journal of security and its applications, 10(2). Retrieved 16 May, 2017, from: https://www.sersc.org/journals/IJSIA/vol10_no2_2016/2.pdf

Zhang. L. (2012). Mobile Security Threats and Issues -- A Broad Overview of Mobile Device Security. Tian Jin University. Retrieved 16 May, 2017, from: https://pdfs.semanticscholar.org/73cd/127c6a692e4a19e8c0272c0200905940d4ee.pdf