The device that in its days of infancy was used only to make phone calls on-the-go has grown up into a stylish, intelligent and highly sophisticated gadget and has become an indispensable part of our lives. Mobile devices have changed our lives at both professional and personal levels. The usage of these devices is steadily increasing as their technology becomes more powerful and universal. Smartphones are continually adding on storage capacity, processing power, batter lifetime and display abilities. The functionality of disparate technologies such as MP3 players, GPS navigation, cameras, and game systems has been integrated into mobile phones. These devices have thus transformed from ‘telephones’ to computers that we can keep in our pockets. Applications such as games, calendar, task scheduler and file manager are typically inbuilt in most of the mobiles. However, modern smartphones can also access app stores through which they can purchase or download a multitude of smart applications. These provide additional functionality to the device.
Apart from the mobile phones, the use of personal digital assistants such as iPads and other tablets has also increased. PDAs have their origins in simple digital organizers for telephone numbers. The first true PDA, the Newton from Apple, was introduced in 1993 [CNI06]. Its main features were fax and email communications, built-in personal information management applications (e.g., contacts, calendar, notes), character recognition of pen-based input entered on a touch screen, and data synchronization with a desktop computer. Similar characteristics can be seen in present-day PDA devices though there are several advanced features including internet browsing, messenger services, one touch access to social networking sites like Facebook, Twitter, You Tube and lots more. PDAs have finger touch sensitive screens for entering data, memory card slots for data storage and technologies such as IrDA, Bluetooth and Wi-Fi.
Though smartphones and personal digital assistants have become indispensable for today’s highly mobile workforce, they also pose new risks especially to organizations. Some of the typical concerns associated with these mobile devices include the following:
- Their small size and on-the-go use outside homes and offices makes them vulnerable to damage and theft. These devices can be misplaced more often than comparatively bulky laptops and notebooks. If they fall into wrong hands, gaining information to personal and critical stored information is easy for the perpetrator.
- Communications networks, desktop synchronization, and tainted storage media can enable the delivery of malware to mobile devices. Malware is often disguised as a game, device patch, utility, or a social networking application available for download. Once installed, malware can initiate a wide range of attacks and spread itself onto other devices.
Like desktop computers, mobile devices are also subject to spam through the Internet. However the problem is more serious for these modern day hand held devices. This is because, spam for a smartphone is not only unsolicited electronic mails but also in the form of text messages, voice messages and other multi media messages. Besides the inconvenience of deleting spam, there may be a charge for excessive inbound activity (exceeding stored and downloaded data limit). Spam messages also increase the risk of phishing.
- In mobile phones, there is a possibility of electronic eavesdropping for phone calls, messages and other wirelessly transmitted information. Installation of a spy software on the device (through email attachments and social networking applications) is one the most direct means to get access to data. Once set in the operation system of the phone or PDA, the spyware can collect and forward crucial personal and official data elsewhere. Other components of a communications network, including the airwaves, are also possible avenues for exploitation.
- Location tracking techniques are often used legitimately to track the whereabouts of lost phones. However, these techniques may also be used surreptitiously by miscreants.
- Server-resident content, such as electronic mail is maintained in smartphones and digital tablets by the network carrier as a convenience. It may however expose sensitive information through vulnerabilities that exist at the server.
The incidents for malware issues and other identified dangers that have occurred against mobile devices may be less when compared with those against desktop and networked computers. One of the reasons for this is that no single operating system dominates modern smartphones and personal digital assistants. This fragments the number of potential homogeneous targets. Cellular network carriers have also favored a closed system approach in which they exerted control over devices and applications, as well as their networks. However the amount of mobile malware has still increased over the past few years and this raises concerns for the future.
To ensure the integrity of their data, business organizations need to plan and address the security aspects of cell phones and PDAs that they issue to their employees. Security is much more difficult to address once deployment and implementation are underway, and should therefore be considered from the beginning. Augmenting a device with defenses against malware and other forms of attack is a critical consideration in planning, as is centralizing device security management.
The security of mobile devices calls for constant effort, and access to the right resources. Sound maintenance of a mobile device involves the following steps:
1. Maintaining the physical control of device.
2. Reducing exposure of sensitive data by controlling the working of infrared, and Bluetooth – unnecessarily keeping the phone exposed to other Bluetooth enabled devices increases the risk of undesired data transfer.
3. Backing up the critical data stored and avoiding the storage of unnecessary data in mobile devices
4. Employing additional software to prevent and detect attacks – authentic VPN, firewall, antivirus, intrusion detection, and anti spam components should be updated periodically to ensure their efficacy in the protection of the mobile device.
5. Testing and applying critical patches and updates in a timely manner.
6. Evaluating the security of device periodically.
Security involves continually analyzing and effectively handling risks. Mobile devices have added to convenience and efficiency by giving access to users to important data anytime, anywhere. With sufficient security and implementation of sound compliance policies, organizations can protect their employees, their intellectual property, their money, and their reputation.
About the Author:This article by Frank Johnson is the first in his series on ‘Security Issues for Mobile Devices’. Frank is a regular editorial contributor on digital media products and services that help small to mid size businesses. To know more about strategies for protection of mobile devices, you may interact with him here