Mobile Cybersecurity - Literature review Example

? Mobile Cyber Security October, This paper analyses the potential pitfalls that are currently prevailing in the mobile cyber security and how malicious persons exploiting it. It further builds upon the potential risks associated with the increasing usage of digital mobile devices and the solutions that are being constantly developed by cyber industry. With the advancements in the field of information and technology and wireless protocols, a whole new world has been opened for researchers and techno lovers. With the advent of third generation and now even fourth generation a whole new realm of opportunities has opened. To top that cloud-computing has served as an icing to the cake. There is now a whole new and refined market place for the mobile devices and their data-sharing. There are different kinds of threats that a user of these devices face. Threat of device being actually stolen (physical threat), threats of virus attacks or hijacking of the devices (McGhee).The most basic reason that writers put forward for such mobile security risks is the lack of awareness and ignorance by the general public at large to such great threats or risks. They say that either users are not aware of such risks or either if they do they believe that their devices have enough security features to protect them as evident from… Keywords: cyber security, digital devices, wireless networks Introduction While living through the Network Era, we are witnessing the drastic changes that the industry of information and technology is going through. It has become a norm that within short intervals of time period we witness something much more innovative and creative. On daily basis human race comes up with a brand new idea which makes the previous ones obsolete. Especially in the techno sector, this change is so fast paced that the slow movers are thrown out within moments. From industrial manufacturing processes to daily lives to computer world, everything is changing. All of this happened just in a couple of decades. We are witnessing things that were previously never thought of or if anyone used to talk about it he or she was considered lunatic. But now with such technological advancements nothing seems to be impossible. From mainframe to mini and mini to personal computers, now even from personal computers to handheld digital devices, we mark the beginning of a new era; the era of mobile and smartphones. It would not be wrong if I say here that the time is not far when even laptops will be replaced by these portable handheld devices. Today, everyone can be seen to own one of those devices. Be it a business professional, house wives or kids at school or college. These devices have become a part of our daily life and routine. Without them the world does not seem complete or it seems that something is missing. Be it a trend to own them or a necessity or some peer/social pressure or influence, everyone wants to grab one. With the advancements in the field of information and technology and wireless protocols, a whole new world has been opened for researchers and techno lovers. With the advent of third generation and now even fourth generation a whole new realm of opportunities has opened. To top that cloud-computing has served as an icing to the cake. There is now a whole new and refined market place for the mobile devices and their data-sharing. With the mobile market increasing exponentially, we can see the new ways and work practices that individuals and even organizations are adopting. There is an increased use and reliance has been observed by both individuals and the organizations. This is due to the basic factor that these digital mobile devices or smartphones provide; that is the ease of connectivity and their mobility. It just becomes easier for everyone to collaborate even from the remotest of the places. But with the introduction of such devices for example net books, tablets, smartphones and even now personal music players; there comes another risk, the risk of their security. Today these devices hold information such as personal contacts, e-mails, text messages, GPS locations, working paper files and even personal banking details in some cases as well. Therefore, there comes another additional responsibility of the security and confidentiality of such sensitive and critical information. There needs to be some standard set of principles, rules or protocols that needs to be implemented to avoid such threats. The threat of physical theft, attacks of malicious softwares or Trojan horses, data loss through hacking or through some other means. There should be security measures in place that provide the basic requirements of confidentiality, integrity and availability. Literature review The more rapidly the mobile industry is advancing, the greater it becomes prone to new risks that need to be addressed and managed by the professionals. In the current scenario, the increased connectivity of these devices has led to a greater threat of data being misused or hampered. In an experiment to test the security of these devices in 2006, with the help of laptop and Bluetooth connectivity they decided to check the mobile devices that can be infected with a virus or Trojan horse. In just a short span of 23 hours it was being observed that almost 1400 devices proved vulnerable and surprisingly most of them were mobile phones and who’s owners believed that they had enough of the security features on their devices (Loo, 2009). From this example it is clear that how much vulnerable these devices are and how much work needs to be done in this particular risk area. Some authors have also written that there are some malware programs that are constantly evolving and emerging and which can act in the same way as a virus or Trojan and can take the control of your device exactly the same way that they do with a laptop or a desktop (Friedman & Hoffman, 2008) There are different kinds of threats that a user of these devices face. Threat of device being actually stolen (physical threat), threats of virus attacks or hijacking of the devices (McGhee). Physical theft of such devices is also a risk that has been mentioned by numerous writers. This is the easiest way for a malicious person to gain access to such device and consequently to the contents of its. This can be attributed to its compact size and portability. Its light weight, length and width. People tend to easily place it anywhere and forget to pick it up later on. As these devices share the same connectivity features as that of a laptop or a desktop. Therefore, they are also prone to the same virus attacks such as service break downs (spams or worms), malware (spyware or Trojans) or phishing attacks (loaded with emails or webpages). Spoofing is another common technique to gain access of unauthorized information on these devices. In a spoofing activity, the malicious person sets-up a network access point that could either be easily connected with or free to entice the user to connect to it. The user connects to it and starts sending its information over that network. The user unknown to the fact enters his or her personal information and a web page appears that service is currently unavailable normally the way it does. But at the back end the malicious person gains access to the username and password which can later be used for unnecessary means. To modify, delete, hamper or access personal information of that user (Carter & Shumway, 2002). Hijacking works somewhat similarly in the way as described in the previous example. As the malicious person can now gain access to all the information being shared between the two access points. Moreover, what they do is they randomly search open and unsecured networks to gain access to them. Then, using sniffing tools they attack that particular network through viruses or Trojans. “War Driving” is the term that is being used for such kind of hijacking (Carter & Shumway, 2002). The most basic reason that writers put forward for such mobile security risks is the lack of awareness and ignorance by the general public at large to such great threats or risks. They say that either user are not aware of such risks or either if they do they believe that their devices have enough security feature to protect them as evident from the aforementioned example. Some basic level solutions to such risks being suggested by researcher are: Not to keep your unnecessary mobile apps constantly turned on like those which share your GPS locations. Keep your Bluetooth connections turned off when not needed and not using the feature of auto discovery. Always keep changing your access points to avoid guessing of regular patterns and connecting to only known secured networks. Regularly updating your softwares and anti-virus programs. Last but certainly not the least to avoid keeping your personal and confidential information on these devices, if you do then not for very long and stay updated and aware is the best possible solution (Friedman & Hoffman, 2008). However, there are certain basic level security features that are being provided by these devices. But passwords, pin codes or locked screens are not the complete and fully secured solutions that are enough to keep your devices and data safe. With the advancements in technology, there comes advancement in the risk or malware techniques and they are as complex and refined as these devices. Therefore, something more than these is required. While these devices can provide a lot of ease in your daily work routines, large amounts of data can easily be accessed, processed and saved for future references. They can perform tasks within seconds or minutes for which there was some time back large computers to handle such activities. While they are increasingly on the rising trend and enhances the productivity at both personal and business level, it is being reported that in 2014 the levels of mobile internet usage will cross the usage in relation to the desktop internet usage (Digital buzz). Another figure provided by digital buzz which is an alarming one is that it says out of 4 billion mobile phones in the total entire world population 1.08 are the smartphones. This tells us that there are over a billion of users of such devices and how much imperative it is now to safeguard what is contained within them such as personal call logs, text messages and in some cases even financial information or transactions. It is being said that the most attractive feature of these devices is their weakest link; connectivity. Connectivity, in terms of a connection to the internet through Wi-Fi, means directly connecting to some other device. It is also being said that without connectivity features they can be considered to be a vegetable. They would be useless without it. In 2009, Furnell suggested that in order for these devices to be properly secured, there are three basic requirements that need to be fulfilled. These are confidentiality, integrity and availability (CIA). Any security measure built around these three basic set of requirements can be regarded as somewhat secure and reliable. Confidentiality could be in terms of that data could not be accessed by or any malicious person would not be able to get their hands on such information that is regarded as confidential. Information could be confidential to user depending on their personal level of perception and could vary person to person. But broadly speaking any information that could result in loss to that person, be it in terms of monetary or non-monetary value (3542 Definitions). Integrity is another feature of a good mobile security system and serves as a foundation for it. Keeping integrity intact could be defined as any information that cannot be hampered by any unauthorized user or means. The information should be kept safe and could only be modified by the person authorized or responsible for that otherwise the hampering of information could be severe to the affected user or even any business organization (3542 Definitions). Another great feature of these devices is that they provide vast amount of storage spaces. In this way users can easily save and retain their data for as long as they want and as much as they want subject to certain limits. This makes it easier for them to refer to it at any instance they want. But then comes the factor of availability. The information stored on such devices should be readily available to its user without any delay. The principle of availability says that information could easily be accessed, modified and saved securely (3542 Definitions). A research by Pointsec News Release in 2006 points the same problems as mentioned above; the lack of awareness by the users of such technology. But one highlighting factor here is that it says this lack of awareness includes the IT professionals themselves as well which is an alarming situation on its own. It says that almost 56% of the IT professionals use these digital mobile devices and only a handful of 22% of them uses only security features such as locked-screens or pass codes. This is a point to ponder here that keeping general public aside, IT professionals are themselves not paying attention to the vulnerability of such protocols rather than they themselves keep on enjoying the added benefits. This research shows the amount of work that needs to be done with regards to the mobile secured systems. There are numerous examples and researches that have been conducted regarding the assessment of the mobile security systems and the data being held on them. For example in London some of the taxi drivers were inquired and it was found out that 62000 digital devices were being left in the back of their car seats by the passengers (Cradent, 2008). The word for mobile cyber security is also around and more in the news is also due to the fact that its increasing use in the business sector. It is being reported that increasingly employees are bringing in their own personal devices at the work places and connect the company network. They also keep corporate information on that and constantly use them on different occasions as per requirement. The companies are also allowing such practices due to the ease of work and it is becoming a necessity now because of the apps and different features it allow them to better manage their work. Therefore, it is becoming imperative that their security is kept intact. In a recent survey conducted by Kensington, it revealed that the cost for the companies of losing their data due to such mobile security issues were at $3.3 million dollars in 2005 and increasing to the levels of almost $7.2 million dollars in 2010. This shows the increasing usage and reliance of mobile systems at the organizational levels. Moreover, it shows the amount of data they are handling with such features and in turn they have to bear humungous costs of losing such data. It is imperative now than ever that systems and rules should be devised to provide better security to the consumers. CTIA – The wireless association in recent white papers stated that they are observing rapid changes in the ecosystem of the wireless industry due to the ever increasing usage of it by the consumers and other industries. This presents them greater challenges than ever before to make sure cyber security does not become an issue. It says that they are going hand in hand with the US government and are being proactive in their approach. The result of their efforts can be seen in the recent figures of malware incidents which are less than 2% in US as compared to the 40% of China and Russia (CTIA, 2013). In another one of its white paper, the CTIA suggests that cyber security is a common goal for everyone rather than the responsibility at the individual or organizational level. It says that from the basic app developer to the wireless industries, it is a collective goal of everyone to develop some sustainable system. But the ever evolving and rapidly changing wireless industry also needs to build and update upon its existing solutions. It says wireless companies are the most likely targets for the fast paced and complex threat ecosystems. It is imperative now that these companies must be given flexibility in terms of work experiments to test and develop better security systems. They must be given support, worked together, establish communication channels and with the help of governments must be able assess the potential threat well before time (CTIA, 2013). Cyber Security Working Group (CSWG) also provided a blue print to better deal with the current situation. It suggested five major areas on which work could be done to provide more advanced solutions. It included the development of security policies, developing secured devices, introducing control procedures and educating the consumers and end-users (CTIA, 2013). Some writers suggest that maintaining the security of such systems is a balancing act. Balancing between the extent of liberty that you allow your users and your restriction policies. With businesses also realizing the potential benefits they can have from these digital devices and their ever increasing usage at work places. They need to define the right balance and devise some security protocols and mobile risk management security. They suggest four core areas that can be worked upon to provide a basis for the development of future frameworks. They are Bring your Own Device (BYOD), security intelligence, protected access points and safe working mobile solutions. The organizations need to evaluate their own levels of risk appetite and develop controls accordingly. They can assess the levels of usage of such devices by their employees as well (The Guardian, 2013). One solution could be providing your Mobile Security Management team with the access rights to gain information of their users and could bring it to their own network protocols. By doing so, in case any employee having valuable data on its mobile and losing it would allow the security team to use the apps installed by them previously to either wipe out the data or locate it and using other complex recovery systems to recover data. There are several other basic levels of security measures that can be adopted. Using the device identification feature to locate the device in case of losing it. Using the pass codes and lock-screen features and changing them frequently. There is also a unique IMEI (International Mobile Equipment Identity) number for each of these devices that can be used in order to locate the device in case of losing it or you can also de-activate it with the help of it. There are some insurance policies also being offered that can be purchased by the companies to mitigate the costs of their data loses. There are two types of insurance being currently available one is being provided by the network carrier that in case you lose your device they provide you with a new one or insurance companies ensuring the equipment and data cost attached to it. In either case, however you will not be retrieving back your data (Fulller, 2009). Conclusion Although the mobile cyber security is much of an issue now-a-days, the rapidly changing wireless industry and technological advancements add fuel to the fire. The wireless ecosystems are changing on a fast paced scale and the risks associated with such developments are also greater. It is getting imperative than ever that a set of standards, rules or policies must be developed with regard to such industry. There must be regulatory bodies to oversight such transitions and standardize the whole notion. The more serious fact is that the users of such technology are not aware of the risks that they are exposed to. Such technologies are used for personal and business calls, personal and business email and web browsing, text messages and even in some cases they use it for banking and financial transactions. Therefore, it exposes them to the risks of information being stolen, accessed and misused or modified which would result in great loses. Trends are also on the rising with regard to their business usage where companies are exploring their full potential and allowing the employees to bring them to work places and use them accordingly. But there needs to be some security professionals who set up protocols with regard to their usage at work place to avoid the malicious activities. However, it is imperative that a standard set of security measures cannot be applied to every situation or organization. These principles cannot incorporate every situation. Therefore, it is up to the organizations that how they implement it by considering their own circumstance and all the situational factors. Whether they are simple pass codes and encryption protocols or data wiping processes, they need to consider the context. Lastly, the most innovative complex security measure would be to introduce biometric security measures. It has not been launched officially in mobile devices but however being tested at the laptops’ levels. It is being in use at some hi-tech facilities but has not been made public. With the introduction of such technology it would be a great achievement and success for the human race (Clarke, 2008). Annotated Bibliography § 3542 Definitions. (n.d.) Legal Information Institute. Law.cornell.edu available: http://www.law.cornell.edu/uscode/44/3542.html Retrieved, December 08, 2011 Carter, B., & Shumway, R. (2002). Wireless Security end to end. Indianapolis: Wiley Publishing. In this article Carter & Shumway provide the detailed explanation of wireless security networks. Clarke, N.L., Furnell, S.M. & Karatzouni, S. (August, 2008). ‘Authentication Framework Evaluation’, Deliverable 4, Flexible and Non-Intrusive User Authentication for Mobile Devices, Eduserv Foundation, August 2008. This research work is about the possible secured frameworks. ‘Companies see risk of removable media but still turn a blind eye’, Pointsec News Release, 8 June 2006, Available: www.checkpoint.com/press/pointsec/2006/06-08.html Consumer Choice, Apps and Virtualization Impact Mobile Cybersecurity Publication info: Targeted News Service [Washington, D.C] 21 May 2013. http://search.proquest.com/docview/1353441929?accountid=458 Cost of Lost Laptop (Source: Kensington) Credant Technologies (September, 2008). ‘Credant Technologies: Almost 60,000 mobile phones have been left in London taxis in the last six months’, Global Security Mag, Available: www.globalsecuritymag.com/Credant-Technologies-Almost-60- 000,20080916,5003. Dheap, Vijay. “Four ways to better secure your mobile security system.” The guardian. 18 March 2013. Friedman, J., & Hoffman, D.V. (2008). Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses. Information Knowledge Systems Management 7 (pp. 159-180). IOS Press. This article is probably cited by numerous researchers and is all about the pros and cons of mobile data security. Furnell, S. (2009). Mobile Security: A pocket guide. Retrieved from http://www.books24x7.com.libproxy.library.wmich.edu/marc.asp?bookid=34445 This books serves to be a great guide for a initial level mobile security. Loo, A. (2009, March). Security threats of smart phones and Bluetooth. Communications of the Association of Computing Machinery, 52, 3, 150-152. Lu Q & Clark G (2013). Mobile security IEEE volume I I, issue I, cheap, v (2013,March 18) Martinez, Hugo J., "Mobile Device Security: Current Challenges and Existing Solutions" (2012). Honors Theses. Paper 2176 McGhee, Mark A., “Smart Phone Connectivity and Security.” Mobile Device Usage. Source (Digital Buzz) Smartphones and the Mobile Market (Source: Digital Buzz) U.S. Wireless Industry Maps its Blueprint for Tomorrow's Mobile Cybersecurity Publication info: PR Newswire [New York] 12 Feb 2013. http://search.proquest.com/docview/1286174219?accountid=458 Read More