0

DEREK SMITH: Don’t ignore cyber threat to mobiles

As should be evident by now, cyber security must always be a top business priority and, in most cases, it should be the priority. Unfortunately, other cyber security efforts have often overshadowed security initiatives related to mobile devices. The understated reality is that with smart phones becoming more popular every year, they allow users to store sensitive information and perform more critical tasks, thus making them a perfect target for attackers.

Overconfidence and reliance on mobile device management (MDM), plus enterprise mobility management (EMM), are also exacerbating these problems. Many cyber security experts believe these technologies do not provide the complete security protection needed to meet today’s mobile threats. This article, the first of a two-part series, gives an overview of the significant threats to smart phones and other mobile devices.

The threat to user privacy

There are several threats to user privacy, including mobile malware; the use of third-party applications; phishing/SMiShing; the use of third-party applications; and man-in-the-middle attack. Two are detailed below.

• Mobile malware - A mobile malware attack is a malicious software program designed to exploit mobile operating systems and mobile phone technology. This is used to attack smart phones, tablets and smart watches. It is unknown to most mobile users how MMs (attackers and invaders) enter their phones without their permission and knowledge.

This attack aims to steal login credentials or personal information using legitimate personation. This is accomplished by sending targeted e-mails, such as job interviews and lottery e-mails, to targeted victims. SMS phishing is also known as SMiShing. To convince a victim user to download and install a virus, Trojan Horse or another type of malware, an interesting SMS is sent.

The threat on mobile devices

These security threats can make mobile devices vulnerable to hackers, and therefore they become easy prey. The list detailing these threats here is not exhaustive.

• Android Rooting - By gaining root access, you can manipulate the Android OS source code and install software that the manufacturer usually prohibits. On iOS, this is called “jailbreaking”.

• Fake Access Point

• Unsecured WiFi - The term ‘unsecured Wi-Fi’ refers to a free network available at libraries, coffee shops and malls because no unique passcode is required during the login process. Due to their vulnerability to hackers, these networks are also known as unencrypted Wi-Fi networks.

The threat to data integrity

On mobile devices, the following security threats are most common:

· SSL Certificate - Secure communication between a client and a bank is crucial. SSL (Secure Sockets Layer) is used to facilitate this process. These cyberattacks are primarily caused by invalid, pirated and cracked applications. Attackers bypass SSL so they can make unauthorised communications with clients.

· Packet Sniffing - Packet sniffing is used to monitor and detect packet data in a network. Hackers may use similar tools for fraudulent activities, while network administrators use them to monitor and validate network traffic.

Conclusion

In short, with mobile devices becoming the primary target of many cyber attackers, it is essential to protect the data stored on them. Even though managing and protecting devices is critical, recent attacks demonstrate it is not enough. Data integrity and safety must be ensured by an extra layer of security, regardless of whether a mobile device’s OS or other software has been compromised. These extra layers of security will be discussed in the second part of this series.

• NB: About Derek Smith Jr

Derek Smith Jr. has been a governance, risk and compliance professional for more than 20 years. He has held positions at a TerraLex member law firm, a Wolfsburg Group member bank and a ‘big four’ accounting firm. Mr Smith is a certified anti-money laundering specialist (CAMS), and the compliance officer and money laundering reporting officer (MLRO) for CG Atlantic’s family of companies (member of Coralisle Group) for The Bahamas and Turks & Caicos.

Comments

Use the comment form below to begin a discussion about this content.

Sign in to comment