Common mobile security problems. How to fight them.

Most mobile devices are vulnerable when speaking about security. They are easy to be attacked. Taking into consideration the fact that mobile devices lack the security and are often targeted by the cybercriminals, the situation is bad. The number of malicious software variants aimed at mobile devices has risen for about 185% during one year.

A great variety of threats are to be faced with mobile devices. Numerous vulnerabilities found in the devices can be used to attack the device. Pure security practice of the consumer and inadequate technical controls can cause these vulnerabilities. Security controls are rarely implemented on mobile devices. The consumers often are not aware about recommended mobile security practices and the adaptation of them. There are common mobile vulnerabilities that can be observed and prevented.

Passwords are rarely enabled on mobile devices. They often lack passwords to control access to all data stored on the devices. Many of them include the capability to pattern screen locks for authentication, to support personal identification numbers and passwords. A biometric reader to scan a fingerprint for authentication is also included into many of mobile devices. These mechanisms are seldom employed by the consumers. Even being used, the PINs and passwords are easily to bypass or determine.  It is extremely easy to view or access any sensitive information in an unauthorized manner when the device is stolen or lost and is not locked with PIN or password.

Users often conduct sensitive transactions on mobile devices without two-factor authentication. They use static passwords mostly. These passwords are easily to guess, steal, forget or write down. If you want to have higher level of security on you device, use two-factor authentication that is important for sensitive transactions. Two-factor authentication reduces the risk of unauthorized access to sensitive data on mobile devices.

Mobile devices may contain malware that come in through the downloadable applications. The malware can be disguised as an utility, security patch or game. The consumer can unknowingly download it. The difference between an application containing malware and a legitimate one can slightly be found. The malware can be inadvertently downloaded be the user onto his/her mobile device. Eavesdroppers can easily intercept the data when a wireless transmission is not encrypted. They then will have the access to your sensitive information.

Most of mobile devices come without preinstalled security software. Most of the users do not install it to protect their devices against malware, spyware and malicious applications. They often think that security applications affect battery life and slow the device working. That’s why do not install the security software providing cybercriminals with more possibilities to successfully infect your mobile device with various types of malware and make users to reveal their confidential data.

 Being not encrypted, wireless transmissions also are not safe. The data sent by a mobile device is often not encrypted as well as the data transmitted by many applications. That’s why the data can be easily intercepted.

Operating systems preinstalled on mobile devices may work in a timely manner. Security updates may be provided to your device later than it should be provided. That’s why the device can be infected even if there is security software.  Old mobile devices may even not receive the security updates at all. Many manufactures stop to support their devices when several years pass. If the device is old, it faces the risk to be attacked be vulnerabilities of new types.

The Internet connections on mobile devices are not limited. There are no firewalls to limit the connections. The mobile device can be accessed by the hacker when the port is not secured. These ports can be secured by the firewalls that provide users with the ability to choose the connections allowed. Sensitive information on the devices can easily be opened by an intruder when the device works without a firewall. Your sensitive data can be misused.

Most of mobile devices come without preinstalled security software. So users should look for the reliable security software for their mobile devices by themselves. Such type of software search can also cause the risk to be infected.  Many users look for more attractive offers with modest price. This way, they face high security risk, because security updates notifications may not be received on the devices. Users will be obliged to update the security software by themselves. Often “security offers” are fake and can infect your device.

Communication channels as Bluetooth and others may be poorly secured. Open communication channel allows other devices with enabled Bluetooth see it. The attacker can easily install the malware through the open connection. Camera or microphone can be also enabled to eavesdrop on the user. Unsecured WiFi spots and public wireless Internet allow connecting to the device to view sensitive information of the user. Personal information can be accessed and cause identity theft. The attacker can easy insert himself in the process of communication and steal the data.

In order to avoid identity and sensitive information theft and unauthorized access to the mobile device, users should take some preventive measures. User authentication can be enabled. It is preferable to configure mobile device to require PIN or password to access. For better protection, the password field can be hidden. Idle-time screen locking can also be activated to prevent unauthorized access to device.

Two-factor authentication can be enabled for sensitive transactions on mobile devices. Traditional passwords provide less security than two-factor authentication where users are required to answer two questions. One question the user know the answer to, the other is code that is generated by the mobile device. Two-factor authentication is effective while sensitive financial and banking transactions take place.

The authenticity of downloadable applications may be verified. The antimalware capability also can be installed to protect against spyware, viruses, malware-based attacks, malicious applications and infected secure digital cards. Such capabilities are able to stop unwanted e-mail attachments and text and voice messages.

A firewall should also be installed to protect against unauthorized connections. Both incoming and outgoing connection attempts will be checked and permitted or blocked according to the prescribed list.

Do not forget to install security software updates that are to be automatically transferred from the carrier or manufacturer directly to a mobile device. In order to ensure the updates are transmitted regularly and promptly, some procedures can be implemented.

Stolen and lost mobile devices should be immediately remotely disabled. The feature allows remote deleting of the device content or locking of the device. Data stored on memory card or on the device can be encrypted with the help of commercially available encryption tools or built-in encryption capabilities.

A mobile device security policy may also be established to define practices, principles and rules that set out how mobile devices are treated by an organization that has issued the devices or they are owned by individuals. Such areas as responsibilities and roles, security assessments, device security and infrastructure security should be covered by such policies. Configuration management and control is better to be performed.

GetAV.org