Introduction
Cyber criminals usually target computer systems, networks, and unsecured connections that relay sensitive information between service providers and users. However, a new trend involving the hacking mobile devices using sophisticated malware applications that intercept information such as passwords, username, and online-banking authentication data has emerged. Certain malicious applications are designed to steal people’s contact details. Common threats to mobile devices include invasion of domain name system (DNS) and Wi-Fi hotspots, Bluetooth hacking, malicious applications, and banking apps (Misra & Dubey, 2013).
Cyber criminals trick individuals into downloading and installing malicious apps into their devices. In many cases, these apps are offered for free on certain websites and online marketplaces. Security measures are aimed at securing mobile applications, wireless connections, and eradicating vulnerabilities that facilitate attacks. Mobile devices are secured through the installation of security programs, use of passwords that are difficult to guess, and data encryption (Collett, 2014).
Attacks
Bluetooth
Bluetooth applications contain vulnerabilities that allow cyber criminals to access mobile devices and steal information. They do not have an authentication feature to identify services that are unregistered and susceptible applications have virtual serial ports that attackers use to launch attacks and take control of devices (Collett, 2014). Many fraudsters connect to devices within their network range and send files that trick users into installing malicious applications (Soto, 2005). One of the most common malware programs common among hackers is referred to as Cabir.
The worm searches and identifies devices that are discoverable through Bluetooth and sends itself to the device in the form of a file that can be installed. In case the user accepts and installs the program, the device becomes infected and the attacker can easily access its network and steal information, drain the battery, crash the device, or block signal transmission (Collett, 2014). Bluesnarfing refers to the act of gaining access to a mobile device in order to steal information such as the IMEI number, text messages, and other sensitive information (Soto, 2005). Bluesnarfing is not very common because the software that facilitates the attack is difficult to find or develop. On the other hand, it is impossible to attack a device that has its Bluetooth application turned off.
Wi-Fi attacks
Cyber criminals usually take advantage of mobile device users who connect to unencrypted Wi-Fi connections especially in public places. Such devices are highly vulnerable to man-in-the middle attacks that involve the use of sophisticated software. Hackers use tools that intercept any information such as passwords and usernames sent over network by users (Kumar & Xie, 2012). Experienced cyber criminals use sophisticated software to intercept communication between mobile devices and Wi-Fi access points, steal data, and use it to access users’ emails and online banking accounts (Misra & Dubey, 2013).
These attacks are very lethal because it is difficult for owners of mobile devices to identify them when they occur. The software programs used by attackers facilitate attacks by hijacking HTTP traffic, redirecting data packets from one host to another, analyzing network protocol, and sniffing websites accessed by different mobile devices (Oriyano, 2015). A fraudster commands a victim’s device to send information through the attacker’s device first before sending a request to the Wi-Fi network. This allows the attacker to access any information transmitted between the victim and the network’s access point.
Security
Physical
The security of mobile devices is important because attacks can lead to loss of sensitive information or corruption of systems. Users should avoid misplacing their devices because if they fall into the hands of cyber criminals, security breaches can lead to great loss of information (Kumar & Xie, 2012). It is important for individuals to ensure that wireless connections to their devices are closed when not in use to avoid external interference from attackers. On the other hand, it is insecure to give other people access to one’s device because they can use the opportunity to download and install malicious software and programs that can be used to steal information later.
Users should always review data in their devices and discard files that increase the susceptibility of their gadgets to attacks (Misra & Dubey, 2013). Choosing a device that supports SSL/TLS security is necessary because it provides extra protection. In addition, wireless VPN networking is an important security feature to consider when purchasing a mobile device (Kumar & Xie, 2012). It is important to create and use complex, private, and difficult to guess passwords to secure documents and any other sensitive information.
Wireless
Many cyber criminals attack mobile devices through wireless networks that are usually unencrypted. It is important to avoid public wireless networks that lack encryption because they expose devices to the risk of cyber attacks (Oriyano, 2015). In addition, many public connections are poorly secured and have many security vulnerabilities. Encryption of wireless communications ensures that any information sent from a mobile device is secure and cannot be easily accessed by unauthorized individuals (Jennings, n.d.).
Using unencrypted wireless networks increases the risk of data interception and theft (Misra & Dubey, 2013). Major communication channels such a Bluetooth and Wi-Fi connections are usually poorly secured. Device owners should ensure that applications and programs are locked when not in use. For instance, Bluetooth should be turned off always and switched on when connecting to other devices only (Oriyano, 2015).
Applications
Mobile device applications are common sources of vulnerabilities that facilitate attacks. For instance, certain applications request too many privileges that expose users to intrusion and data theft (Mobile Device Security Risk Analysis, n.d.). Malicious apps are developed with inbuilt features that connect devices to application developers. These features collect information that is usually sold to advertising companies. Device owners need to avoid installing free programs because they usually contain malicious components and do not notify users when new updates are available (Jennings, n.d.). In addition, they need to avoid out-of-date software and applications because they enhance the vulnerabilities of devices. Consumers should decline free and unauthenticated programs as they frequently contain malware disguised as games or other applications (Collett, 2014).
Defense
Programs
Protecting mobile devices from attacks can be done effectively through the purchase and installation of programs such as firewalls and antivirus. Mobile devices do not normally limit internet connection thus exposing users to the risk of attacks (Mobile Device Security Risk Analysis, n.d.). Firewalls secure ports that are used to connect to wireless networks and ensure that only authorized networks communicate with the device (Cooney, 2012). Lack of firewalls increases the risks of intrusions through unsecured ports. Many mobile devices lack security software hence the high risk of viruses, trojans, spyware, and spam (Cooney, 2012). These components are usually incorporated into malicious software that consumers regularly get for free in certain websites. Antivirus software prevents the installation of malicious programs that attackers use to increase the vulnerability of mobile devices (Hill, 2015).
Passwords
The lack of preinstalled security software in many mobile devices can be mitigated by using strong passwords that allow only users to access information in their devices. Passwords authenticate users, prevent unauthorized access, and ensure that the security of information in stolen or lost devices is not compromised (Cooney, 2012). On the other hand, use of personal identification numbers (PINs) together with passwords increases the security of devices. Users need to choose complex passwords that include numbers, letters, and symbols to increase their effectiveness.
A better alternative to using static passwords is applying two-factor authentication. Disadvantages of static passwords include ease of eavesdropping, guessing, and forgetting. Two-factor authentication includes user confirmation using two different approaches that foster security (Cooney, 2012). Devices can also be set to open applications with sensitive information using password authentication and lock after certain periods of inactivity (Mobile Device Security, n.d).
Encryption
Encryption is an effective way of protecting mobile devices from attacks. Owners of mobile devices should apply encryption to data stored in their devices and associated external devices such as memory cards and flash disks (Dunham, 2008). File encryption enhances security of information and prevents easy access by other people (Cooney, 2012). Users can either apply their devices’ inbuilt capabilities or purchase solutions from authentic software developers. Encryption can also apply to passwords. Passwords should be stored on devices only if they are encrypted. Unencrypted passwords and information are easy to intercept.
Updating
Mobile devices come with preinstalled software programs that require frequent updating to enhance their effectiveness and efficiency. Software developers usually provide updates that fix security vulnerabilities in their applications. It is important for individuals to obtain and install these updates in a timely manner to avoid security breaches that could occur due to vulnerabilities (Dunham, 2008). In many cases, vulnerabilities in a single program or software could risk the security of the entire device. Device owners can install applications that automatically search for new updates and install them whenever they are available from software and application developers.
Installing security updates is important and it can be done by obtaining them from manufacturers or transferring them from other sources using external storage devices (Dunham, 2008). It is also important for individuals to determine the authenticity of patches in order to avoid installing malicious updates that could compromise the security of their devices. Obtaining updates and patches from authentic software developers is the safest option available to consumers because cyber criminals can use such opportunities to spread malware and other malicious programs.
Conclusion
Mobile devices have become more like computers because of their enhanced capabilities that have originated from technological advancements. Increased capabilities have exposed them to risks of attacks by cyber criminals who aim to control them or retrieve information that can be used for malicious purposes. Attacks occur through Bluetooth and Wi-Fi connections that have poor security features. Individuals need to restrict access to their devices, avoid public wireless connections, and desist from installing applications from unauthenticated sources because they usually contain malicious components.
Protection of mobile devices involves installation of genuine security programs such as firewalls and antivirus software, use of complex passwords that are difficult to guess, and encryption of data. Finally, it is important for device owners to obtain security updates and patches from software developers in order to avoid potential attacks that are facilitated by illegitimate programs. The updates should be installed in a timely manner to avoid security vulnerabilities that enhance attacks.
References
Collett, S. (2014). Five New Threats to Your Mobile Device Security. Web.
Cooney, M. (n.d). 10 Common Mobile Security Problems to Attack.
Dunham, K. (2008). Mobile Malware Attacks and Defense. New York, NY: Syngress.
Hill, S. (2015,). Top 5 Android Security Apps: Do They Protect You? Web.
Jennings, R. (n.d.). A Review of Bluetooth Attacks and How to Secure Mobile Workforce Devices. Web.
Kumar, A., & Xie, B. (2012). Handbook of Mobile Systems Applications and Services. New York, NY: CRC Press.
Mobile Device Security Risk Analysis. (n.d.). Web.
Mobile Device Security: Tackling the risks. (n.d.). Web.
Misra, A., & Dubey, A. (2013). Android Security. New York, NY: CRC Press.
Oriyano, S-P. (2015). Wireless and Mobile Device Security. New York, NY: Jones & Bartlett Publishers.
Soto, C. A. (2005). A Menu of Bluetooth Attacks. Web.