Mobile Devices Security - Literature review Example

?During the contemporary period, it can be observed that the use of mobile devices is prevalent and growing rapidly as users heavily depend on them to communicate and perform other different business activities. Unfortunately, these devices are susceptible to attacks where it can be seen that the attackers follow the money and user population. In addition to that, mobile devices do not receive patches for their vulnerabilities. The Zeus-in-the-Mobile (ZitMo) attack against Android users is an example defeating the emerging technology to steal user’s credentials and ultimately money. It can also be seen that mobile devices can also spread malware. As such, this paper seeks to critically evaluate the impact of attacks on mobile devices on different individuals. The paper seeks to discuss the challenges that may be involved in trying to control information online. The "McAfee Threats Report: Fourth Quarter 2010," reveals that “there is a steady growth of threats to mobile platforms and the number of pieces of new mobile malware in 2010 increased by 46 percent compared with 2009,” Treasury & Risk (2011). The report has also shown that there were 20 million new pieces of malware in 2010 which translates into about 55 000 new malware threats every day. On the other hand, the “Emerging Cyber Threats 2012 Report” posits to the effect that there has been an unprecedented increase in cases of cyber attacks which require concerted effort in order to address the problem. The report states that: “we have witnessed cyber attacks of unprecedented sophistication and reach. These attacks demonstrate that malicious actors have the ability to com­promise and control millions of computers that belong to governments, private enterprises and ordinary citizens.” These attacks also affect mobile devices such as cell phones as well as Ipads to access the internet. The advancement in technological development has made it possible to access the internet over mobile devices but the issue of security from cyber attacks is of greater importance in this case. For instance, individuals can lose information as a result spyware or viruses that can be accessed from the internet. “A virus is a program which someone develops with the malicious intent to harm an IT system,” (Haag, Cummings & Dawkins, 2000). This virus can cause damage to the device if it finds its way into the system. Thousands of viruses exist and the number is increasing on a daily basis. Viruses typically destroy the operating system, destroy information and they also slow the processing of a device. These viruses are often access from the internet when one downloads a program that is infected. With mobile devices, people can now download programs they like such as games and these may contain viruses. This virus is harmful to a device and it can lead to loss of information as stated. There are some unscrupulous people who program viruses for the love of it while others seeks to generate revenue from people on the pretext that they will sell them programs that can be used to fix the virus. The problem of virus poses a serious threat to people who use different gadgets to access the internet. It seems that mobile phones are more prone to attacks since they are increasingly using web browsers. The main problem highlighted in the report is that the security system of mobile devices is not that effective since this is an emerging phenomenon. The main problem is that the web address bar on mobile devices is not visible for a long time hence it becomes easy to activate a malicious website that can result in loss of data or malfunctioning of the device. The other issue of concern is that the security system of mobile devices is different from that found on desktop. For instance, Dan Kuykendall, co-CEO and Chief Technology Officer for NT Objectives states that: “One of the biggest problems with mobile browsers is that they never get updated.” He also said: “For most users, their operating system (OS) and mobile browser is the same as it was on the phone’s manufacture date and this gives the attackers to spy on unsuspecting mobile users,” (Emerging Cyber Threats 2012 Report). According to the report, data theft is the major threat to mobile users where attackers can use SMS or mobile web browser to steal data belonging to different individual persons. Thus, it can be seen that users of mobile browsers are not able to detect malicious content given that the source of information is not always visible to them. The practice of stealing data that belong to other people is criminal since it constitutes what is termed data breach. According to Rouse (2012), “A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so.” Cyber attackers often steal data from different people who use the internet to perform various activities. After stealing data belong to other people, the cyber attackers can commit various cyber crimes ranging from identity theft, fraud as well as human trafficking. When data has been stolen, the thief can use it to withdraw money from the victim’s bank account. In some cases, this information can be used to commit offences related to fraud where information belonging to another person is used to open accounts in different places. These hackers usually attract people to their sites where they try to entice them to divulge their personal details in return for great deals which apparently are nonexistent. As noted in the report, attacks on mobile technology are on the rise. Gunter Ollmann, vice president of research for Damballa has noted that “The Zeus-in-the-Mobile (ZitMo) and several other examples of Android malware are acting more like traditional bots by communicating with a command-and-control (C2) architecture.” This makes mobile devices more suscep­tible to criminal breach activity just like desktops. Security breaches of this magnitude can lead to high profile crimes such as fraud where the fraudsters can steal personal data belonging to individuals thereby stealing from their bank accounts. This can lead to loss of money by unsuspecting mobile users. Indeed, this threat is real and there is need for concerted efforts to curb this security threat among all mobile users since this security threat is an emerging phenomenon among the users of mobile devices in performing different tasks. Apart from the risk of losing money, users of mobile devices can also lose confidential information that can threaten their privacy. However, there are certain measures that can be implemented in order to protect the mobile users against cyber attacks. Tony Spinelli, senior vice president and Chief Security Officer of Equifax says: “When it comes to mobile security, our approach is based on encapsulation. It enables us to establish well-defined boundar­ies and balance user productivity with security needs.” Through defining the boundaries of mobile technology users, these people are in a position to conduct any transaction using their mobile devices with little risk. Security is guaranteed since it is quite difficult for the other third parties to access mobile identities without authenticity. However, the problem is that this system is not yet widespread and it can be limited to a specific geographical boundary such as the United States. It can be noted that cyber crimes can be committed across borders which leaves other users who have not be encapsulated vulnerable to these cyber threats. To a certain extent, this strategy is effective in dealing with this problem but it is not yet widespread. The other method that can be utilised is related to cryptography. According to Hofman et al (1999, p.64), “cryptography is the science of rendering communications indecipherable by all unauthorised parties. This strategy significantly helps to protect individual who use mobile technology since it becomes impossible for unauthorised people to hack into their systems and steal information. Basically, cryptography protects information that is in transit and it also involves encryption of data so that it cannot be accessed by other people without authority. Encryption is a private key-based system also known as symmetric cryptography (Hofman et al (1999). When encrypting data, a mathematical algorithm, a series of number steps is used in conjunction with a secret key that is only known to people performing the process as well as those who will decrypt it. When data has been encrypted, it becomes useless to third parties such that it may be transmitted or even stored without fear of other people seeing or intercepting it. When one needs to decrypt the data, he or she simply has to apply the algorithm in reverse using the secret key. This is a viable strategy that can be implemented in order to mitigate the chance of data being stolen by hackers or any other attackers. The other simple but effective method that can be implemented by mobile device users to protect their data is to ignore all SMSs that are sent by unknown people to them. In most cases, hackers often send enticing messages to unsuspecting people informing them that they have won lots of money therefore they should provide their personal details in order to claim the prices. In some instances, these messages come as spam messages via email. In order to avoid the risk of divulging this information to potential hackers, it is important for anyone to simply ignore such messages. Whenever one is tempted to respond to the messages, he or she risks supplying vital information to the hackers which can be used to commit other crimes such as fraud. It is also important for people not to try to open websites they are not sure about since these can expose them to viruses and spyware. People who use mobile devices in particular should only open web pages they trust otherwise they may risk losing confidential information to hackers who in turn can use it to perform various cyber crimes. The strategies discussed above can be effective in dealing with the problem related to data theft by hackers. However, the major challenge that exists is related to controlling information online. Basically, the internet is a network of networked computers all over the world (Haag, Cummings & Dawkins, 2000). In other words, this means that it is not controlled by anyone since people from all walks of life can post whatever they want on this sophisticated medium of communication. It is quite difficult to control the flow of information on the internet or to control the content posted by various people from different parts of the globe. As such, it can be seen that hackers can also operate freely on the internet since there is no one who can rein in their activities. This poses a serious threat to different internet users since they are susceptible to malware and other malicious content from people who are bent of committing different types of cyber crime online. It can be seen that the hackers also use the same platform such as search engines to access or post any information that is suitable to them. In most cases, this information can be malicious. The hackers can manipulate the information before it reaches the targeted audiences and they can also create their search engine optimisation articles that will drive a lot of traffic to their sites. This is illustrated here: “The online world obfuscates where information comes from and provides ample opportunity to manipulate information before a user receives it,” (Wenke Lee, professor in the College of Computing at Georgia Tech, Cited in Emerging Cyber Threats 2012 Report). He notes that search poisoning can be used by the attackers to launch malware which impacts on the unsuspecting users. The other problem with controlling the flow of information on the internet is that it is boundary less and it can be accessed by people from different parts of the globe. Even the internet service providers (ISPs) also face difficulties in controlling the content of information that is posted on the internet since they are also not aware of the sites that are good as well as those that may contain malicious content. As noted, people bent on distributing malicious content can do it through authentic search engines such as Google. They can also do it through authentic programs such as adobe that are used to decrypt PDF files. Over and above, it can be observed that cybercrime is real and it is growing rapidly in different sectors of the society across the whole world. Crimes such as identity theft, fake antivirus, phishing as well as fraud are very common and they are committed through the use of the internet. Whilst strategies such as encryption and encapsulation are effective in dealing with this problem, it can be seen that the major challenge that still exist is that they are not widespread. The other problem is that it is difficult to control the flow of information on the internet as well as content since this medium of communication is not owned by anyone. Therefore, a viable strategy that can be implemented is to promote national awareness campaigns in different countries that are meant to enlighten people about the risks and threats posed by cyber criminals. The other alternative that can be implemented is related to censorship. However, this is quite difficult to effectively implement since the internet does not belong to anyone. References “Emerging Cyber Threats 2012” report.” Viewed from: . Haag, S., Cummings, M. & Dawkins, J. (2000). Management of Information Systems. 2nd Edition. New York: McGraw Hill. Hofman, J. Et al (1999). Cyberlaw. Cape Town: Ampersand. Rouse, M. (08 October, 2013). ‘Data Breach.’ Viewed from. . Treasury & Risk (8 February, 2011). PR: Mobile device attacks surge. Viewed from: Read More