Factors and Implementation of Mobile Device Security
Mobile devices have become ubiquitous and its usage is only going up from here. With such an extensive usage of mobile devices for personal and business use, its security becomes an important question. Most devices ado not have the security mechanism in place in the case of a theft, loss or intentional breach of the network and this makes the data present it in extremely vulnerable. This paper examines the importance of mobile security and how it can be implemented for greater protection.
Wireless technology has undergone tremendous improvements in the last few years. The capacity and performance have increased multifold and today, the amount of applications and services that can be accessed through the mobile device is staggering. Many different media can be stored and retrieved easily and more importantly, these can be uploaded and downloaded from the internet within minutes. All these functionality have led to an increased need for security because there is a high chance for the data and network to be compromised. Security has to be implemented at different levels to ensure that users have access to all the functionality and information without ever having to worry about rogue hackers and network vulnerabilities.
The Modern Mobile Devices -- Tablets and Cellphones
There has been an explosion in the usage of tablets and cellphones as users are increasingly turning to them for personal and business use. The number of users accessing these devices have been increasing worldwide, thanks to the presence of multiple wireless providers and improved networks.
There are four main kinds of wireless connectivity and they are Wireless Wide Area Network (WWAN) used by GSM and 3G phones, Wireless Metropolitan Area Network (WMAN) used by suburban households and businesses, Wireless local area network (WLAN) used within a floor to connect all workstations and computers and Wireless Personal Area Network (WPAN) used by bluetooth and infrared devices (Urbas & Krone, 2006). Each of these connectivity pose challenges in terms of security identification and implementation and service providers are constantly working on ways to enhance the security of these devices.
BYOD and security risks
Bring Your Own Device (BYOD) is a trend followed by many employees. They bring their own personal mobile phones and tablets to workplace and access company email and confidential information through it. One of the primary drawback of BYOD is the increased vulnerability and data breaches that can occur when confidential information is accessed through public networks. Most 3G and mobile phone networks are unsecured and can be hacked into easily and this is one of the biggest problems facing corporate security specialists today.
The number of wireless access spots also known as hotspots are increasing around the world to give people more connectivity. They are available in airports, hotels, coffee shops, libraries and other public places to appeal to people to come to their businesses. Unfortunately, these public networks have also increased the security vulnerabilities leading to more viruses and hackers.
This is partly due to the lack of security measures implemented in these networks. A survey shows that 60% of the public networks had little to no security and they did not use any form of encryption (Chenoweth, Minch and Tabor, 2010). So, the responsibility is on the user to protect their information and safeguard it from malicious intruders.
Security Threats against mobile devices
Wireless networks offer a high degree of convenience and flexibility to access information on the move. However, they also make the user vulnerable to malicious programs such as viruses and intrusion by other users. The primary difference between a wired and wireless device is its level of security. While a wired device such as computers can be accessed only by the intended users, wireless networks are open and can be accessed by anyone who knows the system. This makes mobile phones more vulnerable to security attacks. Some of the security threats of mobile devices include:
Since these networks are openly available to the public, there is a higher chance for someone to hack into the device and obtain confidential information. One way to avoid this kind of intrusion is to use encryption and passwords, but this means there will be greater efforts from outsiders to steal the passwords.
The bandwidth of any user can be used by others easily and this will not only result in decreased speeds for the user, but will also increase the cost due to higher bandwidth usage. This kind of threat is called leeching and is fairly common among unsecured networks.
Networks can be misused to attack companies by sending unwanted files such as pornography, viruses, trojans or other illegal content. They can also be used to generate a denial of service (DoS) attack.
Impersonating or spoofing is the process of using the authentic person's ID to obtain data and financial gain and this is one of the biggest risks on mobile security today.
Eavesdropping and monitoring the usage details is a passive attack that does not pose an immediate threat to the user. Nevertheless, it is a breach of privacy that the information collected can be used in a detrimental manner.
Most users who access the network illegally are well-versed in technology. They begin by discovering a network and its vulnerability and then use a wide range of methods to connect to it. This process is called LAN-jacking and they use the necessary tools such as jail-break codes and encryption codes to break the security and encryption of these networks (Urbas & Krone, 2006).
Due to the high-level of vulnerability of mobile device, numerous measures should be used in tandem to avoid security-related problems. One option is to enforce laws to prosecute those who access the wireless networks. Though it can be effective to some extent, its enforcement becomes difficult. Wireless networks give hackers a good measure of anonymity and it makes it tough to identify the individual, prove the charges and prosecute him or her. So, these laws can deter the novice hackers to some extent, but can be ineffective against experienced and professional hackers.
Other approaches include tackling this problem with appropriate software and avoiding threats by the use of common sense and some simple usage practices.
Many different kinds of software can be used to prevent or limit attacks on mobile devices and some of them are:
Intrusion Prevention Software - This software will examine all the data that comes through mobile phones and will warn the users if any unauthorized app is looking to access information.
Anti-virus software -- Though most people are skeptical about anti-virus software for mobile devices, it can nevertheless provide a fair measure of protection. Advanced anti-virus software is being developed and this can prove beneficial in the future.
Bluetooth - This technology uses short-range radio signals to transmit information. The advantage with this technology is that it is fast and robust. It is more secure than long-distance wireless networks because they are allotted a unique 48-bit device address and the users can communicate only in one hop range (Choi, Kim, Park, Kang & Eom, 2004). So, the chances for hackers to get into the network is slim.
Avoiding security threats
The first step towards avoiding security threat is to educate users on the security issues and the possible sources through which outsiders can access the users' information. For example, there are some ports in Windows operating system that are open and allow file and printer sharing. Outsiders can send malicious files to the computer through these ports when the device is connected to a public wireless network (Chenoweth, Minch and Tabor, 2010). Also, users should understand the threats to confidential corporate information when they use BYOD option or access work-related devices through a wireless network.
There are some simple techniques that users can implement for better protection and they are:
Identify the right device -- Some devices have better security options than others and so, its important users take some time to research these security options. This is especially important if they plan to use it for business too.
Encryption and password -- The first line of defense against a security threat is the use of passwords and encryption. This can keep the casual outsiders from accessing the information on your device. These passwords also help in the case of a lost phone because it is not easy for an outsider to break the code and get information.
Involve the IT security staff -- If a mobile device is used for work, then its important to involve the IT security staff and give them remote access to wipe off confidential data in the event of an attack or loss of the phone.
Limiting the use of unauthorized apps -- There are thousands of apps for smartphones today and some of these apps come from companies whose main intent is to hack into the device. So, its a good idea to limit the use of apps, especially those…