The latest from ISACA on mobile threats is a an eye opener. Mobile computing devices (i.e., laptops, tablets and smart phones) can cause serious harm to organizations and to device owners, their friends and families, because mobile devices are far less secure than desktops and laptops. The Verizon 2015 Data Breach Investigations Report tens of millions of mobile devices. And, according to Statista, there will be 4.77 billion mobile phone users in 2017 and 1.15 billion tablets in use in 2016. As the number of mobile computing devices increases, so do mobile security concerns. There are already many existing and new threats related to mobile devices.
App-based threats include malware, spyware, vulnerable apps, compromised apps and data information leakage due to poor programming practices. The types of app attacks include:
• Disabling or circumventing security settings
• Unlocking or modifying device features
• Apps that were obtained (free or purchased), but contained malicious code
Examples of malware capabilities include:
• Listening to actual phone calls as they happen
• Secretly reading SMS texts, capturing call logs and emails
• Listening to the phone surroundings (device is used as a remote bugging device)
• Viewing the phone’s GPS location
• Forwarding all email correspondence to another inbox
• Remotely controlling all phone functions via SMS
Each day, mobile device attack vectors are continuously undergoing dynamic changes, and it is difficult to represent a complete set of the threats and vulnerabilities. With the development of mobile computing devices that can be carried in a pocket or a duffle bag comes the responsibility to protect those devices and the data within them. Being aware is only the first step in the fight to protect the data.