FORESEC
MOBILE SECURITY THREATS PROBLEM STATEMENT
THREATS ASSOCIATED WITH MOBILE
Mobile devices has become a part of daily tech for business as well as personal communication. Mobile devices often need additional protection due to their nature and exposure of threats that they face. Prior before implementing security for mobile devices, it is important that we identify the threats, vulnerabilities and security controls required for these devices modelling the threats based on the likelihood of successful attack scenarios and impact assessment. It is also important that we deepen our understanding of the existing security controls which may be already in place and looking forward for future control enhancement requirements.
LACK OF PHYSICAL CONTROL
LACK OF PHYSICAL CONTROL
1
USAGE OF UNTRUSTED MOBILE DEVICES
2
ATTACKS FROM HOSTILE NETWORKS
3
UNTRUSTED MOBILE APPLICATIONS
4
UNTRUSTED DATA CONTENTS
5
GPS DATA AND PRIVACY
6
As mobile devices such as smartphones in addition to tablets are becoming increasingly smaller in size and more attractive in design. Devices have now become a fashion statement rather than a gadget. But however the locations where these devices are used becomes a key concern. Coffee Shops, hotels, airports and conferences are namely some of the key places where mobile devices could be heavily utilised. The likely hood of the mobile devices to be stolen are generally higher than the actual laptops themselves as mobile devices generally carry more confidential and private data vs laptops themselves. Not to forget that the lost of a mobile device is equally as disastrous to a laptop computer
USAGE OF UNTRUSTED MOBILE DEVICES Personal mobile devices which is a common trend among organizations ( bring your own device BYOD ) are not necessarily trustworthy. Current mobile devices lack the root of trust features such as TPMs that are commonly built into laptops and other types of computing devices. There is also the issue of jailbreaking and rooting of mobile devices which only spells disaster as built in security restrictions on security, operating and other systems have been bypassed. Companies should always treat external mobile devices to be hostile before granting user access through these devices.