Today, mobile devices are coming under increasing attack. The number of mobile malware is rapidly on the rise with malicious activities, such as stealing users data, sending premium messages and making phone call to premium numbers that users have no knowledge. Ransomware, banking malware, and other threats aimed at smartphones increased sharply in volume last year and will pose a growing threat to organizations and individuals in 2018 and beyond, Trend Micro said in a report released in Feb 2018.
Mobile malware attacks rose to 42.7 million incidents in 2017, up from 40 million in 2016. The risks are especially high for the public sector. The security website DarkReading reports that government ranks second for the highest number of mobile malware attacks, behind only the financial services industry. “Five or six years ago, everything was targeting the laptop, but smartphones have more data, more features, and more capabilities,” says Yeongjin Jang, a Ph.D. candidate in Georgia Tech’s College of Computing. “So the attackers are trying to get access to these devices through various means.”
Almost half of information workers today are using bring-your-own laptops, 68 percent are using their own smart phones, and 69 percent are bringing their own tablets at work, according to Forrester’s annual security survey. “Obviously, the risks are high, especially when you look at all the corporate data that’s held on these devices, such as customer information, intellectual property, contracts, competitive data and invoices,” not to mention the potential access to corporate networks themselves, says Chris Sherman, Forrester senior analyst.
In keeping with past trends, a vast majority of the threats affected Android devices and those downloading mobile applications from unofficial third-party stores. . However, the problem is not only vulnerabilities in the software, but specifically holes in the hardware. Meltdown and Spectre, the serious security holes in processors, which are also present in mobile devices, have again demonstrated how important a speedy security process is so that users receive new updates quickly. This is because the majority of cyber attacks exploit security holes that are already known.
The geolocation features on smartphones, fitness trackers and other devices could create security risks by revealing their location the Pentagon said in August 2018 therefore US military is prohibiting its deployed personnel from using them. These geolocation capabilities can expose personal information, locations, routines, and numbers of department personnel, and potentially create unintended security consequences and increased risk to the joint force and mission,” it said.
The decision follows concerns raised in January when an Australian researcher’s analysis of data posted by Strava, a fitness tracking app, on activities of its users revealed locations of American forces in Syria and Iraq. Strava posted heat maps showing movements of people exercising while wearing fitness tracker devices and publicly sharing the time and location of their workouts via the app. Outlines of US outposts in Syria and Iraq could be seen in the maps because many US military personnel used fitness tracking devices, while few local people own them, according to media reports.
Multimedia security particularly Smartphone camera has also come under threat. Attackers can implement spy cameras in malicious apps such that the phone camera is launched automatically without the device owner’s notice, and the captured photos and videos are sent out to these remote attackers. Researchers have also utilized computer vision techniques to analyze recorded videos and infer passcodes from users’ eye move-ments. Several video-based attacks targeted at keystrokes have been proposed. Even worse, according to a survey on Android malware analysis, camera permission ranks 12th of the most commonly requested permissions among benign apps, while it is out of the top 20 in malware. The popularity of camera usage in benign apps and relatively less usage in malware lower users’ alertness to camera-based multimedia application attacks.
These vulnerabilities could be exploited by adversary countries therefore the U.S. government and its agencies are warning against using devices made by Huawei and ZTE, claiming they may represent a security threat. US service members will no longer be able to purchase ZTE and Huawei phones on military bases, according to a new Defence Department directive that cites security risks posed by the devices. “Huawei and ZTE devices may pose an unacceptable risk to Department’s personnel, information and mission,” Pentagon spokesman Major Dave Eastburn said in a statement. “In light of this information, it was not prudent for the Department’s exchanges to continue selling them to DoD personnel.” Mobile Internet modems and other wireless products are also included in the ban.
IDST Monthly Access Membership Required
You must be a IDST Monthly Access member to access this content.