Mobile devices nowadays are facing array of threats taking advantage of several vulnerabilities found commonly in these devices. The main thing is that these vulnerabilities could be the result of technical controls that are not adequate. They can also be a result of consumers’ poor security practices. There are several relevant federal and private agencies that have taken vital steps towards enhancing mobile device security inclusive of making specific controls mandatory for the customers to use if they want as well as promulgating details about suggested mobile security practices. Give below is a list of problems due to which Mobile Security should be a concern now.
Often mobile devices don’t have password enabled protection. There are several mobile devices lacking passwords for authenticating users as well as control access to information stored on devices. On the other hand, there are devices having technical ability of supporting passwords, pattern screen locks, and PIN (Personal Identification Numbers) for authentication. Some latest mobile devices come with biometric reader that can scan fingerprint for authentication. Anecdotal details suggest that mobile users are seldom employing these security checks. Moreover, if users are making use of PIN or password, they are using PINs or passwords that can easily be bypassed or determined, for instance passwords like 0000 or 1234. If devices are not locked with passwords or PINS, there is a risk for them to be lost or stolen and information on such phones can be accessed easily by users who aren’t authorized thereby leading to misuse of mobile devices or viewing of sensitive information.
Always, 2-factor authentication isn’t used while carrying out sensitive transactions on these mobile devices. As per studies, users usually make use of static passwords rather than 2-factor authentication when it comes to carrying out sensitive online transactions with their mobile devices. Making use of static passwords primarily for authentication comes with security issues: unauthorized individuals or organizations can guess passwords, users can forget them, and passwords can get stolen, or can be eavesdropped. In general, 2-factor authentication offers high level of security when compared to conventional PINs and passwords. Further, this high level of security is exceptionally important for carrying out sensitive transactions. Here, 2-factor is authentication system wherein users have to authenticate by making use of 2 different “factors” at least of something they know, something they are, or something they possess prior to being granted access. As a second factor, one can use mobile devices in few of the 2-factor authentication systems. Mobile devices can easily generate codes or pass codes via sending text messages to phone. If 2-factor authentication isn’t there, risks are there that unauthorized users can misuse your mobile device or gain access to critical information.
Always, wireless transmissions aren’t encrypted. Details like emails sent via mobile devices are not encrypted while they are being transmitted. Moreover, several applications don’t encrypt information that they receive or transmit over network thereby making it simpler for information to be intercepted. Let us consider an example. If some app transmits information over unencrypted WiFi network by making use of http instead of secure http, data can easily be intercepted. Similar is the case with wireless transmission when data isn’t encrypted.
Mobile devices often contain malware. Mobile users download applications containing malware. Unknowingly this malware enters their device and it will be disguised in the form for utility, security patch, game, or some other important application. For users it is tough to explain difference between applications that are legitimate and those that contain malware. For instance, applications can be repackaged with malware as well as users can download them inadvertently onto their mobile device. Data can be intercepted easily. When wireless transmission isn’t encrypted, data can be intercepted easily by eavesdroppers who in turn can gain unauthorized access to critical information.
Often mobile devices don’t make use of security tools. There are several devices that don’t have preinstalled security tools for protecting themselves against spyware, malware, and malicious applications attacks. Moreover, users always don’t install security applications because some devices come with preloaded security softwares. These security tools can slow down operations as well as affect battery life; there are some mobile devices that can be at risk without these as attackers can distribute malware successfully, malwares like spam, spyware, and Trojans for luring users into revealing their confidential information like passwords.
Mobile devices may have out-of-date Operating System. Security fixes or patches for OS of mobile devices aren’t installed always on mobile devices in timely manner. This can take nearly months prior to security updates being offered to devices of consumers. Based on the nature of vulnerability, patching process can be complex as well as involve several parties. For instance, Google keeps developing updates for fixing security vulnerabilities for Android OS but it depends on mobile manufacturers as to when to produce device-specific updates incorporating vulnerability fix that will take time if proprietary modifications are there to software of the device. As soon as updates are produced by manufacturers, it is up to every carrier to test those as well as transmit them to devices of consumers. In many cases, carriers can take time in offering updates as they require time in testing whether they are interfering with other device aspects or tools already installed on the device.
Apps or softwares installed on your mobile device can be outdated. For 3rd party apps, security patches aren’t always developed as well as released in timely manner. Additionally, 3rd party mobile apps including web browsers don’t notify consumers always for updates whenever they are available. Unlike conventional web browsers, even mobile browsers get updated rarely. Making use of tools that are outdated increase risk that is exploited by attackers.
Often, mobile devices don’t limit internet connections. There are several devices that don’t have firewalls for limiting connections. When devices are connected to WAN, they make use of communications ports for connecting with internet and other devices. Hackers can easily access mobile device via port that isn’t secured. Firewall helps in securing these ports as well as allows users to select what connections they wish allowing to their device.