Mobile Security Risks In Different Sectors Information Technology Essay
Smartphone play a vital role in our day to day life that begins from various fitness apps to track the distance travelled, speed and calories burned using GPS and extends up to managing corporate resources on a single click at your personal device in leisure time. This can boost the society’s productivity while providing a path to competitors for harnessing company data. To maintain the integrity of data, devices can be secured by adopting some apps such as Bullguard Mobile Security, McAfee Mobile Security. Mobile security software provides encryption and authentication of data by installing various prevention system or firewall while on the other hand, potential of these softwares is limited by various factors. According to CTIA, in 2011the number of mobile devices had exceeded the number of people in US. It’s no wonder to say that Apple’s iPhone, Blackberry and other devices are preferred. All IP based network requires the top service level in order to prevent attacks to protect revenue streams.
This paper includes glimpses of certain measures involved in these apps and emphasizing on various burdensome limitations along with security issues including threats for different target areas where cyber criminal activities can lead to information disclosure, unsafe browsing environment etc. Security Risks in Academics, Corporate, Government and all IP environment sector are discussed in detail. Finally, some measures to overcome these problems are proposed.
Index Terms: BYOD, Cloud Computing, Mobile Malware, NFC, Trusted Mobile.
I. INTRODUCTION
With the advent of technology from GSM, GPRS, EDGE, UMTS to LTE, LTE-Advance and with these technologies, the evolution of Smartphone began with Blackberry in early 2000 to Iphone5 in 2012, the threats to mobile devices has been increased drastically. It has been found that malware [1] in Google android had grown 400% from 2010 to 2011 therefore the mobile security has become a necessity. The latest technique to use Smartphone as car keys has been proposed by engineers at South Korean automobile major Hyundai. The idea is to use Smartphone as car keys to lock/unlock the car by just waving your phone near the car window over a small tag. With the enrichment of this system, security risks will be increased to a greater extent. As if your Smartphone has been lost, this becomes threat to your embellishments so the mobile devices need to be protected in highly secured manner.
The evolution of 4G begins with its imperative vision as IMT advanced by ITU in 2002 to provide ubiquitous computing and faultless handoffs while connecting to numerous data networks. The prerequisite aspects involved in processing of IP packets for end to end flows are QOS offered, Security and Mobility.
The concept of [2] 5G mobile communication based on beam division multiple access and relays was given by Korean IT R&D program in 2008. 5G is expected to make life really, a mobile life. The remarkable features are, providing broadband internet by simply connecting the device to PC and easy data sharing. The mobile phones need not to be put face to face and data can be shared if they are in range of 50m. These advanced features exhibit the obligation of mobile security features to avoid the risk of being tracked by foreign body within this range. With the advancements in these handheld devices, Mobile Security Software needs to be advanced and updated regularly.
This paper is organized as follows: section II introduces the mobile security and its need with evolving technologies and expected threats to devices. Section III emphasizes on relevant target areas of attack namely academics, corporate, government sector and all IP based environment. Section IV discusses the mobile security solution along with certain control measures and some user centric approach to prevent attacks. Finally section V presents conclusion.
II. MOBILE SECURITY
Security of the intimate data stored in your personal device is becoming the most important concern from last five years due the increasing demand for mobile accessibility, as reflected from the growth in the Smartphone sales. The increasing trend for accessing the corporate resources from your personal device is increasing the vulnerability of data being misused by strangers. Mobile security concerns with effectively protecting your device from all exposures, safeguard against loss or theft and ensures integrity of your personal information. With the increase in trend known as BYOD, risk of confidential information was a major break-through if devices were not configured or managed properly. With BYOD, it becomes possible to manage your office resources from your personal device while at home. This could potentially result in insecure data storage [3] due to the risk of leaking the confidential information to an outsider or competitor. For this reason, corporate staff needs to apply adequate mobile security measures to minimize the risk of stolen or lost corporate resources. Recently an app called as “do not disturb” has stopped working in Apple’s iPhone due to extension of malware since Jan 1, 2013. Thus malware protected devices have become a prerequisite in today’s environment.
Threat Issues
Smartphone are at venture due to underneath reasons: 1. Physical Risk-due to device being compact risk of theft/loss. 2. Network Risk-device accessed by the network or the connection without detection. 3. Unauthorized Risk-login or access by unauthorized person. 4. Operating System or Application Risk. 5. Mobile Data Storage Device Risk.
Fig.1 illustrates some hazards associated with insecure system. Smartphone are available as portable and compact device which makes it easier for attackers to track the device and obtain any relevant data. The need to protect these devices from malware and virus arises with increasing connectivity via Bluetooth and Wi-Fi. Virus is spread by another device through files sent to you via Bluetooth connectivity. [5] Malware is any software or program code designed to access the device secretly. Malware denies application services or the network services and collects confidential data cunningly. Device drivers such as Bluetooth and video driver could be an attack vector for underlying OS if not secured properly.
Figure 1: Mobile Security Threats
Drivers such as sound driver, USB driver i.e. Those that can have direct memory access could eventually exploit the system and are more likely to crash the system. According to TIMES OF INDIA it have been 1 year and a half, that engineers are working to implement secure operating system but it will need another three years. DRDO in collaboration with other institutions is also working on same to remove security holes from current operating system.
4G is successor of 3G standards with major improvements in bandwidth and services offered such as high quality audio/video streaming. Challenges in 4G system are routing in ad hoc network, trust and mobility management and platform security for end user device.
III. TARGET AREAS
From figure 2 one can understand how important mobile security is, not only in high level environment but in academics also since the use of mobile devices are increasing vigorously the security risk are also increasing
Figure 2: Areas of Attack
day by day. The threat areas can be any anywhere where a person is using its mobile but considering the four main threat areas named academics, corporate, government sector and all IP environment.
In academics, the large amount of information like student record, results, management information, teacher’s record and lot of information are stored in smart devices and that can be stolen and misused. The student nowadays have their personal tabs for smart classes and also for study purposes .The students are not having any detailed information about the websites or the link they are using and they get attracted towards the advertisement that may lead to leak of personal information . The most common type of problem that is faced by people from last few years is malware. Malware can be in many forms in some virus form, software or in Trojans. It can cause certain loss like losing sensitive data, history or downloading other application that are also malware affected [7]. Once it runs in your device it replicates itself which may lead to location tracking or personal information leakage. Another type of threat in academics or day to day life is Data interception which occurs while login to the unsecured Wi-Fi or data is sent over unsecured network or device. When a device connects to an unsecured Wi-Fi network the attacker can intercepts and alters the communication and when data is sent to or from a device over an unsecured network connection, allowing recording the information. The one of the other threat that come under cyber criminal activity is location tracking that can easily track our location by using some software and can monitor us or can theft data from device and it is also used for legal purposes. The threat like network exploits arises due to software problem. The attackers can easily catch you on Wi-Fi network and can access somebody credentials and can use them. E-mail spoofing occurs when the email header is altered or appear to be altered thus it hides the origin of the message.
In corporate sector the large amount of sensitive data like company financial history, staff record, client information, the plan for future development, current software, projects and architecture, are stored in smart devices. Nowadays the staff is provided with the devices that they have to use for office work like E-mail that will connect only to the office network but most of the staff has their personal device with the office one and they can access the information on their personal device which may leak the sensitive data of office work. Browser exploits occur when visiting to web pages or hyperlink that can damage the software of device as it has the potential to install malware or other activity which may lead to loss of personal or confidential information. The cyber criminals can hack someone account called unauthorized logging or there is lot of sensitive data that cyber criminal can capture like debit card number, password etc while online-shopping, banking or login some websites. While going through lot of websites the common thing that usually appear are the pop messages i.e. phishing [9] occur when the pop messages arrive very frequently in this case the internet scammers can get the personalize and financial details. When commercial email add for some websites, offers, product arrive and these are the unsolicited advertisement which are difficult to delete and one have to pay for unwanted messaging this is called spamming. The most genuine problem is theft/loss. Mobile devices are very compatible in terms of size and weight so they can be easily stolen or may be lost and one can easily get all the information that are stored in these devices.
Government sector stores information related to defence, economic plan, research work, development plan and country specific information in smart devices. This data need to be much secured but lots of threats are there by which the attackers can harm the national security. The confidentiality of the data is at risk due to various reasons. Some of them are mentioned here. The main problem which arises due to Botnet operators [10] is that it distributes the malware to mobile devices that are connected to the network. The Cyber criminals do it for monetary gain. International criminals can access the information stored on device. Foreign governments can capture the information that can affect the activities that are related to defence or homeland security. The hacker attacks to show there skills or computer knowledge. They can easily attack devices by launching an attack script against the device. Terrorist attacks for destroying national security by exploiting the mobile networks and to weaken the economy.
In all IP environment, data can be hosted from anywhere by any name i.e. data can travel beyond the geographical boundaries and therefore the security in all IP environment is a major concern. While transmitting, data, voice and video are encapsulated into series of packets via secure code.
If this secure code is known at the receiver end, data can be decrypted by unauthorized means or hacker can track/stop any particular frame through which malware can spread. In cloud computing, all data is transparent to the users and applications that can be hacked for national interest in order to increase the economy. Cloud computing [13] provides a platform for users to place their data which enhances the risk of data manipulation by the servers within the cloud. As per the USA Patriot Act, any server anywhere must provide information to FBI that can be used to control terrorist attacks while ensuring obedience to the law. This will reveal all personal data or any kind of research work, which can be used for national or personal interest.
IV. MOBILE SECURITY SOLUTION
Unconsciousness about the usage of device, unidentified threats and user negligence provide path for security attacks. Thus the users need to be educated to utilize the device in a better way. On the other hand network operator must enhance the network infrastructure to avoid invasion. Mobile security software and apps such as Look out Premium and McAfee Mobile Security have the potential to protect your device from cyber criminals, virus and malware. Some basic control measures [14] are 1.Authentication-verifies that the system or the user are who they claims to be based on username and password 2.Data encryption-avoids unauthorized access by transforming the plain text to the form not readable by others. 3. Firewall-program or hardware device that filters the information coming through the internet connection into your device. 4. Intrusion prevention system- monitors network and/or system activities for malicious activity.
Figure 3: Mobile data security lifecycle
Figure 3 illustrates the mobile data security lifecycle consisting of four interlinked stages. Some user specific practices to protect against potential threats are:
Smartphone can be protected against any damage by installing a sound mobile security application which will alert the user on occurrence of any sceptical event.
Avoid downloading any app from unofficial stores and the reliability of the app provider must be taken into consideration.
Take a look on the reviews and ratings before installing any mobile app.
Always read all the conditions and consequences of the application and don’t download if anything seems to be sceptical and it’s better to leave your reviews on that site to help others.
When you aren’t using Wi-Fi, Bluetooth or infrared connectivity, turn them off. Be careful while connecting to unsafe public Wi-Fi networks by enabling the firewall, disable sharing and use SSL or a virtual private network.
Always update the applications and ensure that firmware is updated just when it is available for the mobile phone.
Encode all secret information stored in mobile phone and keep a copy of it regularly. Ensure that secret information isn’t cached locally.
Try to set a password for all files and apps containing sensitive information.
Don’t go through the internet links which seem to be sceptical. And if necessary, go through the website by using its URL- don’t copy and paste links into the browser. It helps in protecting the mobile phones from drive-by download attack.
Always keep a check on battery life, SMS and call charges. Any uncommon thing should provoke a complete check on recently downloaded applications. There’s a high probability of mobile phone being under a security attack.
Hardware modules (i.e. GPS or Bluetooth) that can result in malware propagation should be switched off if not in use.
Lastly, use the unique device ID to block the stolen mobile phone.
V CONCLUSION
In this IP era, mobile devices are more momentous than PC thus the need to secure your device is as important as protecting your phone from scratches. Security is all about minimizing the risk. Security can be implemented by educating the user how to run the apps under secure mode. Mobile security software has the potential to protect a smart phone from cyber criminals. Thus sustainability of these measures is limited due to certaindevice features. Many devices consume much of the energy resources for security mechanisms. Some operating systems are single tasking thus executing foreground task only. If a malware is spread in your device you can’t install any application to remove them as device is busy in replicating the malware file. Thus it becomes uphill task to secure your device using these measures.
Researchers have developed new software “Share Key Software” which employs NFC transmission standard and work on electronic keys which are protected form malware and unauthorized access. Developing such softwares will be helpful for overcoming some threats to greater extent. Aimed at growing trend of BYOD, it becomes an obligation to call for processors that can support features to keep their corporate life apart from personal life or personal life from very personal life.
Order Now