Assessing & Mitigating Vulnerabilities of Mobile SystemsTech20202020-07-15T13:03:26+00:00
Assessing & Mitigating Vulnerabilities of Mobile Systems
These days, one of the most important aspects of cyber security is the ability to secure mobile systems. Smartphones available in the market are running on different popular Operating systems such as iOS, Blackberry OS, Android, Symbian, and Windows, etc.
All of these have an online store for distributing applications tailored to the smartphone’s operating system, which is embedded in the smartphone. (Like App store for IOS mobiles or Google play store for Android mobiles)
So, there is a golden rule of security: everyone to download and install the applications they need only from their smartphone manufacturer’s online store, And not from any other source (no matter how safe and secure it may seem).
As mobile phones are helpful to perform personal and business work, they are also vulnerable. Similarity, mobile phones are popularly used for online transactions, banking application, and other financial applications, so these devices must have strong security to keep the transactions secure and confidential. Similarly, cell phones have important data such as contacts, messages, emails, login credentials, and files, which can be stolen easily once a phone is compromised.
Mobile System’s Vulnerabilities
Social engineering attacks, data loss, data theft, data exfiltration are the common attacks on mobile technology.
OWASP for the last time (to date), has released the final list of the top 10 mobile phone threats in 2016:
Improper Platform Usage
Insecure Data Storage
Client Code Quality
You can read the full and useful description of each of these vulnerabilities on the website above.
Malware: It is that describes any malicious program or code that is harmful. Malware seeks to damage, or disable computers, networks, tablets, and mobile devices, usually by taking partial control over a device’s operations. Malware can steal, encrypt, or delete your data, alter or spy on computer activity without your knowledge or permission. Today, some well-known companies active in offering antivirus products, prefer to call their product anti-malware, (instead anti- virus) which Of course, the name seems to be more complete and accurate.
Data Loss: Intentional or unintentional destruction of information
Data Tampering: Data tampering is the act of deliberately modifying (destroying, manipulating, or editing) data through unauthorized channels.
Data Exfiltration: It is any unauthorized movement of data. These attacks can be conducted by an authorized employee with access to company systems or through external malicious persons who have gained access.
Vulnerabilities and Risk on Mobile Systems
There are also several vulnerabilities and risk in a mobile platform. Including:
Malicious third-party applications
Malicious application on Store
Operating system updates issues
Malware and rootkits
Application update issues
Jailbreaking and Rooting
Mobile Security Guidelines
A number of techniques and methods that can be followed in order to avoid any trouble:
Avoid auto-upload of files and photos Perform security assessment of applications Turn Bluetooth off
Allow only necessary GPS-enabled applications
Do not connect to open networks or public networks unless it is necessary
Use Remote Wipe Services
Configure mobile device policies
Install applications from trusted or official stores
Do not allow rooting / jail-breaking
Configure string passwords
Use Mobile Device Management MDM software
Update Operating Systems
Encrypt your phone
Configure application certification rules
Sandboxing is one of the most important key components of security. Sandboxing technology offers enhanced protection by analysis of emerging threats, malware, malicious applications, etc.
Of course, the advanced malicious application may be designed to bypass the sandboxing technology.