The Complex Web of Mobile Security Risks

Risk Group Founder, Jayshree Pandya Ph.D, discusses ” The Complex Web of Mobile Security Risks” with Vijay Vishwanathan, a Chief Information Security Officer.   Introduction Mobile technology, smartphones and related applications are as essential to modern society as air, food and water. Life today would be utterly unthinkable without mobile technology, phone, applications and commerce. As more and more users and businesses across nations employ smartphones as communication, commerce, healthcare and banking tool, it raises a serious concern about the security and privacy of personal and business information now stored on smartphones. “Mobile” smartphones and technologies are causing profound changes in the way we communicate, shop, track, direct, market, commerce across nations: its governments, industries, organizations, academia and individuals (NGIOA-I). As a result, “Mobile Security and its vulnerabilities” are rapidly becoming increasingly important in mobile computing. As the number of mobile users and threats grow at a rapid pace, any smartphone user today is exposed to various security and privacy risks when they use their phone. Amidst that how can the industry assure its users that smartphones are secure? Smartphones Under Attack Across nations, smartphones seem to be under attack. So the fundamental question that anyone would have is “What happens when a smartphone is under an attack”? Is there a way to know it’s under attack? It seems that- * When a smartphone is infected by an attacker, the attacker can either manipulate the smartphone and can communicate and send commands which will be used to send unsolicited messages using text messages or email * The attacker can easily force the smartphone to make phone calls * Attacker can use this method to call paid services resulting in a charge to the owner of the smartphone * Attacker could call emergency services and disrupt those services * A compromised smartphone can record conversations between the user and others and send them to a third party * An attacker can steal a user’s identity, usurp their identity, and thus impersonate the owner * The attacker can reduce the utility of the smartphone, by discharging the battery * The attacker can prevent the operation of the smartphone by making it unusable * The attacker can remove the personal and professional data There are reports that some mobile apps that consumers download could themselves be malware. So the question is how can consumers be made aware of such applications nature, functionality and activities, so that its use can be limited all across nations—thereby preventing further damage? There are some attacks that derive from flaws in the management of SMS and MMS. So the question is- * Isn’t the mobile network encrypted? * Aren’t the operating system or applications on the phone secured? * Is it possible for cyber criminals to modify the operating systems of smartphones? * How can we build security in operating systems? When the blue-tooth devices on different phones have security issues, how common are these challenges and how can they be fixed? How is the industry attempting to secure smartphones? Charging Kiosks There is a rising concern that the charging kiosks set up in public places are not secured. There are reports that many devices have been susceptible to data ex filtration or malware installed by simply utilizing malicious charging kiosks set up in public places. The question is who is accountable for the security of the public places kiosks? Mobile Phone Manufacturers Mobile phone manufacturers have the basic responsibility of ensuring that the mobile devices that they manufacture ...