Mobile Security

M
  1. Challenges Policy Makers face to Counter Cybercrime
  2. Cybercrime vs Traditional Crime
  3. Risks, Threats and Vulnerabilities
  4. Security Policies
  5. Cost and Challenges with E-Government
  6. Cultural Values and Moral Legitimacy
  7. One audit standard fits all?
  8. Mobile Security
  9. Will the Mandiant Report Raise Public Awareness?
  10. Ethical vs Non-Ethical Hackers
  11. Motivation and Intent of Hackers
  12. Hacking as an Addiction
  13. Online Anonymity: Good or Bad?
  14. Identity Theft and Inexperienced Internet Users
  15. Regulation vs Innovation
  16. 3D Printing, Copyright and Legal Matters
  17. Software Piracy on an International Scale
  18. Workplace Monitoring and Blocking Software

Underlying vulnerabilities in mobile device software has also opened up the door to potential security breaches.  In an article describing mobile application security flaws, (Westervelt, 2010) wrote that it was discovered that many mobile application security vulnerabilities were similar to those found in early web applications.  The Homeland Security Newswire published an article on the ‘new’ cybersecurity threat of smartphone apps that do more than they say they do.  The article discussed the mobile security firm Lookout, that started the “App Genome Project”, which has scanned hundreds of thousands of apps for malicious code.  They did this to gain an insight into what apps are doing and to understand if “bad things are happening in the wild.” (HSNW, 2010).  Many apps contained hidden code mainly used for analytics and advertising, however it demonstrated how easily code, malicious or otherwise, could be hidden or embedded in a mobile application.

Both vulnerability assessments and penetration testing will need to be adjusted to accommodate mobile devices, both company issued as well as personal devices, authorized or otherwise.  Stricter security policies will be required and the connection of non-company issued devices to an organizations infrastructure will need to be examined more closely.  This will cause network scanning activities, typically carried out during vulnerability testing to be refined to include mobile connected devices.  The scope of penetration testing can include physical and communications exploits as well as system exploits.  Bosworth (2009).  Mobile device technology forces the scope to change dramatically as the nature of possible exploits and the method they are introduced can be very different to traditional technology devices.  In addition to changes in vulnerability assessments and penetration testing, other changes within the organization can be made to reduce the risk of exploits including employee education, more strict security policies with regards to the usage of mobile devices and separate rules governing both company issued and personal hardware, and technical restrictions enabling only certain individuals or groups to connect such devices to the network.

References:

  1. Bosworth, S., Kabay, M.E., & Whyne, E. (2009).  Computer Security Handbook.  Volume 2.  Hoboken, NJ: John Wiley & Sons, Inc.
  2. Homeland Security Newswire.  July 29, 2010.   New cybersecurity threat: smartphone apps that do more than what they say they do.  Retreived from http://www.homelandsecuritynewswire.com/new-cybersecurity-threat-smartphone-apps-do-more-what-they-say-they-do
  3. Westervelt, R, (2010).  Mobile application security flaws a repeat of past mistakes. SecTor 2010.  Retrieved from http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1522769,00.html

About the author

Ian Carnaghan

I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment.

About Author

Ian Carnaghan

I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment.

Follow Me