Protecting your Mobile Device

Written by Kevin South

Everyday it seems that mobile devices (smart phones, tablets) are becoming more and more like the laptops and desktops we use for the bulk of our work, play, storage, etc. As well, according to an article on CNN.com’s Fortune page, smartphones surpassed PC sales in the last quarter of 20101. Unfortunately, the rate at which users secure these devices isn’t keeping up with either trend. And as mobile devices become integrated into the workplace, the confidential and sensitive information we store on these devices will be at risk.

It has been argued for a while now that mobile devices threats were on the rise; though many IT journalists say the “rise” has been minimal at best. They say the biggest threats to mobile devices are still theft or loss of the device. However, with the rapid growth and sales of iOS devices (Apple’s mobile device operating system) and Android OS devices, along with software development kits (SDKs) being available for both platforms, the market is becoming flooded with mobile device apps, both good and bad. And it’s these bad, or malicious, apps that get loaded and infect the device.

Although apps are at the forefront of mobile device insecurity, other attack vectors exist. Here are some of the more common ones:

  • Bluetooth continues to be a popular attack vector. While the protocol security has been improved, it’s rare to find users implementing the more-secure protection. Most people just use the default PIN settings and it becomes trivial for attackers with the proper Bluetooth tool to access the device and take your data.
  • Messaging (SMS, email). Similar to email scams in the PC world, users will receive text messages from so-called trusted people and they are lead to a website that either loads malware on to their device or they have their login credentials collected from what they thought was a legitimate website.
  • Wi-Fi.  Most smart mobile devices now include wireless access (some combination of A/B/G or N). The security issues are similar to PC wireless; however, users are now connecting to more random access points outside of the home. That just opens up the potential for connecting to a rogue access point.
  • Mobile Apps. Similar to the applications for your PC, you can find an app to meet virtually any need. And often you can load them onto your device for free from countless locations. Some locations are considered trusted, like the Apple Store (iPhone) or The Market (Android). Many not-so safe repositories also exist. The tough part is trying to figure out what is safe and what is not.

 

Protecting your mobile device and yourself.

(Note: Due to the fact that many different mobile device brands and services exist, you’ll want to check the web for the highlighted items below as they relate to your specific device.)

  • Store little or no confidential data on your device. Easier said than done. If you are going to store sensitive data on your device, run a backup regularly. Many services exist. Explore the web for them.
  • Turn off Geotagging. With Geotagging on, when you take pictures with your camera, information is stored in the image that reveals your location. If you’re concerned about that, you’ll want to turn that off.
  • Turn off Bluetooth, Wifi when you’re not using it. And when you are using these services, be sure the device you are connecting to is legitimate.
  • Verify the app you are downloading. Well-known places like the Apple Store and The Market are considered safe. However, bad apps do show up there. As well, when installing an app, take notice of the request to access certain services on your device. You’ll have to permit the app to access those services before it can be installed. Before you hit OK, research it on the web.
  • Scan your device with Anti-Virus software. Although some say viruses are not a huge issue right now (Apple), but you know it’s only a matter of time for this rapidly growing sector. I hear good things about NetQin and it is free.
  • Delete history of web browsing, text messages, and email. If none of your data is confidential or sensitive, then there is probably no need to worry about it. But if you’re doing online transactions or banking, you’ll want to delete your browsing history and cache. As well, if you view your work email from your device, you’ll want to delete sensitive email. TIP: Make sure you are deleting from your device only, not from your corporate email server.


With that said, you should have a few ideas about how to protect and secure your mobile device. As the mobile device sector continues to grow, the power and functionality of these devices is sure to do the same. The more we know about them and how to secure them, the better off we will be as they become more and more a part of our daily lives.

Check back in future articles for growing concerns surrounding mobile devices.

Industry first: Smartphones pass PCs in sales, http://tech.fortune.cnn.com/2011/02/07/idc-smartphone-shipment-numbers-passed-pc-in-q4-2010/  posted by Seth Wientraub

Back