Cell phones have gone from a luxury item the size of a brick, and with only a bit more functionality, to a staple of modern life. Nowadays, the ability to place calls on the go is somewhat secondary to texting, web browsing and having access to a hundred different features like mobile banking. Their larger cousins, tablets, serve a similar purpose with greater power. Smart phones and tablets are the means by which people stay connected in an increasingly digital society, and are becoming more and more tied into the very identities of their owners. They are following the same trend as personal computers years before them, but that isn’t always a good thing. Wherever there’s personal information to be had, there are disreputable individuals willing to steal it. As smart phones and tablets become more complex, so must the security measures in place to protect their contents.

Security Flaws in Mobile Devices
While mobile devices are rapidly approaching full-sized computers in their capabilities, security features have lagged badly behind other developments. Both smart phones and tablets are used to make purchases and share private data, but it is relatively easy to snatch that information, decrypt it and then use it for illegal purposes. In the right hands, a stream of gibberish from a cell phone can give a criminal the vital details of a bank account or credit card. In one demonstration, researchers successfully used remote hacking to turn on the recording devices on iPhones and iPads and monitor conversations around the gadget. The implications of these weaknesses should be both obvious and worrisome. Making things even more difficult are the number of applications designed by unverified parties, which can infiltrate a device after a voluntary download. The sheer amount of incoming and outgoing information makes a mobile device its own worst enemy.

Working Toward a More Secure Mobile Device
These flaws are becoming well-known among the hacking community, and attacks are on the rise. Apps that have been seeded with malware or websites laden with mobile-targeting viruses are the primary threats. Some apps are not even intentionally dangerous, but use sloppy methodology that fails to protect critical information. Even the most popular apps in the world, like Facebook and Dropbox, have been guilty of the latter. To combat attacks and viruses, mobile companies have to be proactive in releasing updates as soon as a new threat is discovered.

The two main mobile platforms, Android and iOS, also have some basic features in place to protect users from harmful applications. Apps are typically required to declare which permissions they need, and are then only allowed access to that information. Android users are able to review the permissions needed beforehand, and can then decide whether or not the app is worth installing. iOS apps must go through a manual review process to be approved for sale to the public. By continuing to update frequently and improving app security measures, both platforms are working diligently to stay ahead of malevolent software.

How to Protect a Mobile Device
Users should not rely on their mobile provider for everything, of course. By following a few common-sense rules and not taking security for granted, users can avoid most attacks and keep their information safe. Some websites use fake offers to sink their hooks into a mobile device, but a basic knowledge of how to avoid scams should be enough to outsmart most. Individuals should also scrutinize every app they install, and not simply trust that a popular game or other program is safe to use. It may be hard to adjust to viewing phones as a risk, but members of the general public must make the transition or suffer for it. The good news is that mobile security is now at the forefront of many companies’ minds, and they’re making rapid improvements to the devices most people now rely upon. The arms race between hackers and defenders is a never-ending one, but a little education can drastically reduce the number of casualties. You can get information on mobile security training here.

This has been a guest post by Steve Halligan from n2grate Government Data and Cloud Solutions. n2grate is a SDVOSB.

Advertisements