StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Information Security Risks of Using Mobile Apps for Individuals and Organizations - Term Paper Example

Cite this document
Summary
"The Information Security Risks of Using Mobile Apps for Individuals and Organizations" paper examines the information security risks associated with the use of mobile apps for individuals and organizations. It also provides some recommendations on how to limit these risks…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.4% of users find it useful

Extract of sample "The Information Security Risks of Using Mobile Apps for Individuals and Organizations"

Information Security risks: mobile apps Name Subject & Code Instructor Institution Table of Contents Table of Contents 2 1.0 Introduction 3 2.0 Information security risk 4 2.1 Physical risks 4 2.2 Malware attacks and other nonphysical risks 5 2.3 Communication Interception 6 3.0 Conclusion 7 4.0 Recommendations 7 1.0 Introduction As established in this report, the three key information security risks found to be associated with mobile apps security include physical risks, malware attacks and other nonphysical risks, and communication interception. The executive management is therefore informed that mobile apps are at great risk of unauthorized physical access because of their miniature physical attribute, which make them vulnerable to theft. An increased usage of mobile ads also significantly exposes mobile app users to significant attacks from malwares. Additionally, mobile devices are highly exposed to security breaches as they still lack sophistication in the areas of secure anti-viruses, reliable configuration settings, as well as firmware updates. Bluetooth and Wi-Fi connections also make mobile devices to be particularly vulnerable to attacks from malicious mobile apps. This report recommends greater emphasis toward using traditional controls like tamper proof passwords and secure screen locks to prevent access to private mobile apps. Mobile users should only access mobile apps that have been stamped with an author or vendor’s identity. Use of permissions-based access control and encryptions is also recommended. There is also a need for greater emphasis on policymaking on information security of mobile apps. The purpose of this report is to examine the information security risks associated with the use of mobile apps for individuals and organizations. It also provides some recommendations on how to limit these risks. 2.0 Information security risk The three key information security risks that can be identified in current mobile apps security literature include physical risks, malware attacks and other nonphysical risks, and communication interception. 2.1 Physical risks Mobile apps are at great risk of unauthorized physical access because of their miniature physical attribute, which makes them vulnerable to them. By design, mobile devices are characteristically undersized, portable and particularly lightweight (O'Leary et al. 2016). Although their miniature sizes make them suitable for users who are always on the move, they also present significant risks of physical theft, as they can easily be stolen and hacked into to access data. According to Gajar et al. (2013), the portable nature of mobile devices poses significant risks the device’s overall security alongside the information contained in the mobile apps, as the devices can easily be stolen to access the data. What this also implies is that even a clever anti-virus software and intrusion-detection system are incapable of overcoming security risks posed by malicious individuals with unauthorized physical access to the mobile device. As regards the mobile apps, some commentators like O'Leary et al (2016) have also suggested that circumvention of a password or security lock may not be difficult for an experienced hacker. This also implies that mobile devices present cyber attackers with easy-to-breach encrypted data (Zineddine 2012). An example may consist of corporate data stored in a mobile device, as well as passwords that reside in apps like the iPhone Keychain (O'Leary et al 2016. In reality, this effortlessly grants unauthorized users access to corporate virtual private network (VPN) and emails. Additionally, total deletion of data is not likely when the mobile device’s built-in factory reset or when the mobile device’s operating system is re-flashed. This implies that secret or confidential corporate data stored in storage apps can still be accessed years later through forensic data retrieval software (O'Leary et al. 2016). This is the case with mobile health apps, also known as mHealth apps. According to Adhikari et al. (2014), use of mHealth apps among patients and healthcare providers presents significant security and privacy breach risks. When patient data cannot be completely deleted from a mobile app, then it implies that someone else may still have access to the data through the use of forensic data retrieval software. This implies that healthcare providers cannot completely guarantee sufficient protection of patient privacy (Adhikari et al., 2014). 2.2 Malware attacks and other nonphysical risks Mobile malware are, by nature, socially engineered and designed to trick mobile phone users into presenting a hacker with private information that can facilitate further attack. Mobile apps downloaded from the internet, particularly rogue applications, have been found to contain malicious codes. According to Gajar et al. (2013), what makes mobile devices particularly exposed to security breaches is because they still lack sophistication as regards secure anti-viruses, reliable configuration settings, as well as firmware updates. In other words, non-business oriented mobile apps or unauthorized apps can easily affect the device’s integrity as well as the private data it contains (Sarrab & Bourdoucen 2015). Although researchers still acknowledge that mobile users are still not subject to a similar degree of drive-by downloads that that desktop PC users are exposed to, the increased use of mobile ads area exposing mobile app users to significant attacks, a situation dubbed “malvertising." There are indications that mobile users who use Android operating systems are the prime targets or “malvertising,” because of their prevalent use and easy to develop mobile apps (Ramachandran et al. 2012; O'Leary et al. 2016). For instance, mobile malwares like Trojans that have been specifically developed to steal data are capable of operating over a Wi-Fi or mobile phone network. Hackers often end the Trojans via SMS requesting a mobile user to click on a link provided in the message to access an app online. Afterwards, the malware is delivered through an application, before spreading freely to mobile devices. Gajar et al. (2013) also acknowledges that while mobile devices utilized a range of operating systems, the frequent changes in addition to technological advancements imply that they become outdated relatively fast. Hence, controls lack as regards security or data. Wright et al. (2012) acknowledges that that malware attacks on smartphone operating systems, such as Android, are increasingly evolving. They provided an example of “Zeus-in-the-Mobile” (ZitMo), which refers to a kind of malware that typically attacks Android OS. According to Wright et al. (2012), ZitMo tended to targeted Android mobile device users’ banking apps by bypassing the banking two-factor authentication, prior to stealing passwords, credentials as well as gaining access to the bank accounts of the users to transfer funds. Wright et al. (2012), explains that smartphones provide an exceptional means to spreading malware as phones provide immense storage devices, which makes it easy to implant a malware in a smartphone via a mobile app. 2.3 Communication Interception Gajar et al. (2013) explains that Bluetooth and Wi-Fi make mobile devices to be particularly vulnerable to attacks from malicious mobile apps, which can be used by attacked to infect a device. He acknowledged that mobile user may be tempted to accept a Wi-Fi or Bluetooth connection, which may actually be malicious as well as capable of intercepting all the data to the connected mobile devices. O'Leary et al. (2016) also argues that smartphones that are Wi-Fi-enabled are particularly vulnerable to similar attacks affecting other Wi-Fi-enabled devices. He added that mobile apps that can be used to hack into wireless networks are easily accessible on the internet, which makes man-in-the-middle (MITM) and Wi-Fi attacks easy. This also makes t easy to intercept and decrypt cellular data transmission once hackers exploit a weakness in a Wi-Fi protocol. 3.0 Conclusion In conclusion, mobile apps are at great risk of unauthorized physical access because of their miniature physical attribute, which make them vulnerable to theft. There also seems to be a consensus among researchers who acknowledge that increased use of mobile ads area exposing mobile app users to significant attacks due to “malvertising." However, what makes mobile devices particularly exposed to security breaches is because they still lack sophistication as regards secure anti-viruses, reliable configuration settings, as well as firmware updates. In other words, non-business oriented mobile apps or unauthorized apps can easily affect the device’s integrity as well as the private data it contains. Bluetooth and Wi-Fi connections also make mobile devices to be particularly vulnerable to attacks from malicious mobile apps, which can be used by attacked to infect a device. In many case, mobile apps can be used to hack into the wireless networks. 4.0 Recommendations Use of traditional controls like tamper proof passwords and secure screen locks is suggested to prevent access to private mobile apps. For mobile operating systems like iOS and Android, Hayikader et al. (2016) suggests that they can use the traditional access control to augment their security. This includes using more authentic and secure passwords that cannot be deduced by intruders. It also requires using screen locks whenever a mobile device is idle. Mobile users should only access mobile apps that have been stamped with an author or vendor’s identity, such as digital signatures that are resistant to tampering. This allows a mobile user to select an app with a verifiable author. Use of permissions-based access control and encryptions is also recommended. According to Hayikader et al. (2016), the Permissions-Based Access Control only allows specific apps within the span of the permission to be accessed by the device. It also blocks mobile apps that are incapable of performing actions that go beyond these permissions. There is a need for greater emphasis on policymaking on information security of mobile apps. There is also a need for collaboration among various stakeholders, such as information systems security experts, computer specialists, lawyers, management experts and even economists with the view of establishing a policy of cyber security. Wright et al. (2012) explains that collaboration among various stakeholders is significant as each stakeholder plays a crucial role in the creation of intra-and international cyber security standard. This will ensure that cyber security policies are upheld by the general society. Reference List Adhikari, R, Richards, D & Scott, K 2014, “Security and privacy issues related to the use of mobile health apps,” 25th Australasian Conference on Information Systems Gajar, P, Ghosh, A & Rai, S 2013, "Bring your own device (BYOD): security risks and mitigating strategies," Journal of Global Research in Computer Science, vol 4 no 4, pp.62-70 Hayikader, S, Hadi, F & Ibrahim, J 2016, "Issues and security measures of mobile banking apps," International Journal of Scientific and Research Publications, vo 6 no 1, pp.36-41 O'Leary, D, Zimmermann, R & Grahn, A 2016, "Mobile Device Security in the Workplace: 5 Key Risks and a Surprising Challenge," Forsythe Focus, viewed 18 Mar 2017, Ramachandran, R, Oh, T & Stackpole, W 2012, "Android Anti-Virus Analysis," Annual Symposium On Information Assurance & Secure Knowledge Management, June 5-6, 2012, Albany, NY Sarrab, M & Bourdoucen, H 2015, "Mobile Cloud Computing: Security Issues and Considerations," Journal of Advances in Information Technology, vol 6 no 4, pp.248-251 Wright, J, Dawson, M, Omar, M 2012, "Cyber security and mobile threats: the need for antivirus applications for smart phones," Journal Of Information Systems Technology & Planning, vol 5 no 14, pp.1-9 Zineddine, M 2012, "Smart Phones: another IT Security scuffle," International Conference on Internet Computing , Informatics in E-Business and applied Computing, pp.1-10 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(The Information Security Risks of Using Mobile Apps for Individuals an Term Paper, n.d.)
The Information Security Risks of Using Mobile Apps for Individuals an Term Paper. https://studentshare.org/information-technology/2067932-the-information-security-risks-of-using-mobile-apps-for-individuals-and-organizations-and
(The Information Security Risks of Using Mobile Apps for Individuals an Term Paper)
The Information Security Risks of Using Mobile Apps for Individuals an Term Paper. https://studentshare.org/information-technology/2067932-the-information-security-risks-of-using-mobile-apps-for-individuals-and-organizations-and.
“The Information Security Risks of Using Mobile Apps for Individuals an Term Paper”. https://studentshare.org/information-technology/2067932-the-information-security-risks-of-using-mobile-apps-for-individuals-and-organizations-and.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Information Security Risks of Using Mobile Apps for Individuals and Organizations

The Risks And Ramifications Of An Information Security

The writer of a paper "The Risks And Ramifications Of An information security" informs that the organization deals with processing numerous credit card information.... With such critical information as financial records and details entrusted to the organization, high-level information security is therefore imperative and mandatory.... hellip; the information gathered is then used to identify and attempt to exploit the know or possible vulnerabilities within the system....
5 Pages (1250 words) Case Study

Security in Bluetooth and Other Mobile Devices

The only problem with a mobile device or blue tooth is that it is not as secure as other devices like laptops as it is not provided with hardware based roots of trust therefore the information or the data stored in these mobile phones can be easily accessed by the process of jailbreaking or rooting.... "New research reveals 68 percent of mobile device owners who have not adopted financial apps are holding back due to security fear.... Many users these days get their mobile phones jailbreaked or rooted so that they can have access to millions of apps available unaware of the fact that these apps can damage the security of the phone making it prone to malfunctioning....
3 Pages (750 words) Assignment

Security in an Organization

This usually happens when the business owners do not have a proper appreciation of the security risks in their business policy besides the lack of a systematic approach to secure the whole enterprise.... Even though the data is sent in a secure manner by using data security methods like encryption, and hackers do manage to access it faster than the time experts take time to lock down the information.... organizations should also be capable of evaluating the security methods adopted by their partners....
2 Pages (500 words) Essay

Mobile Health Application

Identifying Mobile Health security risks in Your Practice | Providers & Professionals | HealthIT.... the information might pose a risk of breach by a third party on the network.... the information/ patient's data may be secured by encryption.... Many apps have been created and incorporated into the field of medicine to enable medics regularly get… h with their patients despite the location and time (Brookings, 2013) due to these many reasons many apps have been created including Medscape, Epocrates, My Heart Care and much more apps. Medscape is a medical app most used by physicians, nurses and medical students due to its Mobile Health Application Insert Insert Security and Privacy Threats on Mobile Health Technologies Introduction Mobile health technologies are software application programs formulated to offer health services via mobile phones (smartphones) and tablets (Remedy Health Media, 2014)....
2 Pages (500 words) Research Paper

Implementing an Information Classification Scheme

In that respect, the common sense data classification scheme and the identified solutions will improve the information security of 3D Media.... Fortunately, the information security field provides enough experts and protection approaches to fill in this gap.... The field of information security is a sensitive area considering the growing importance of organizational data throughout the years (Bishop, 2016).... The field of information security is a sensitive area considering the growing importance of organizational data throughout the years (Bishop, 2016)....
11 Pages (2750 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us