Wednesday, May 6, 2020

Smartphone Security Essay Example For Students

Smartphone Security Essay Security Issues in Smartphone Markets Are you buzzing about the new Verizon Blackberry Storm or the T Mobile G1? They are the new crave and everyone wants one right? What these owners many not know are the security risks that surround the raving technology. Most of the unawareness starts at companies and customers not placing more significance on security as smartphones get smarter. Although a smartphone may not be at greater risk than a PC, some security issues and risks are still present with PDA’s and smartphones. In the United Kingdom, a whooping 800,000 people were the victim of mobile phone theft in 2006. Even though 90 percent of these phones deactivated within 48 hours, what happened to the other 10% of users that lost data to the crime. Smartphones are linked to the corporate network and are as vital as a laptop on the company network. Also, you cannot stop your employees from having accidents by underestimating these devices. Mobile phone operators can stop SIM cards and stop expensive calls from being made. However, a smartphone differs from regular mobile phones. Executives carry all kinds of information on the device, from confidential announcements, to financial results and business in progress. If any of these were ever lost, it could result in the lost of business and trust within company IT infrastructures. It is important to recognize the dangers before permitting a full mobile device network within the company. When sending emails, texts, and using smartphone applications may seem harmless, however your phone could be very vulnerable to hijacker attacks. We will explore some security issues that surround some of the primary smartphones leading the markets today and address how to mitigate users’ risk of being attacked. Some of the issues that smartphones are having problems with securing encryption keys that can unlock cell phone holders’ private information. Digital signatures are also being compromised through man in the middle and proxy attacks. While these may not seem to affect every user, surely the danger of having your password captured due to spyware may catch your attention. On the other hand, many Symbian Operating System security flaws that smartphones use to operate have proven to be the source of some application hijacks. Since smartphones such as Blackberry do not require an application code signature, network access is permitted attackers access to owners’ applications. This could cause third parties to send messages, edit, delete, and add contracts and PIM (Product Information Management) data, read and call phone numbers. Simple functions such as sending and receiving SMS (short message service) text messages can be intercepted by another application that could cause outgoing text messages to be picked up by an expensive application. This causes confusion to the smartphone owner who is oblivious that his or her messages have been negotiated leaving the customer to pay the bill. A problem for businessmen and/or businesswomen smartphone owners is opening certain files from their smartphone application can contain this malicious code causing the data to be compromised. A hackers’ claim that they can pay one hundred dollars for an API key that can open backdoor to Blackberry’s RIM (Research in Motion) devices. If this is true than owners and companies have to worry about the data integrity of within application and software. Some issues that are present are the talk about an API key that can be bought for one hundred dollars. It gives hackers the ability to allow unauthorized network access. Let’s take the iPhone developers. They have yet to incorporate Microsoft Exchange or Lotus Notes. This makes it easy for an Internet provider to expose private data due to unsecured connections to servers. The current iPhone user must forward their e-mail to an Internet service provider, potentially exposing data. Trust could be gained if communications were encrypted from start o finish and usage of a VPN. Some devices like Blackberry and Sidekicks argue that there devices are encrypted from start to finish, but that is one on a phone service aspect. With growth in mobile networks full encryption should be implemented on both phone and web network sectors. VPN’s could mitigate the issues surrounding application data integrity. VPN’s use SSL (Secure Socket Layers). A SSL provide security and data integrity for communications over TCP/IP networks and are used in wide-spread use in applications like web browsing, electronic mail, instant messaging and voice-over-IP (VoIP). With this connection a user can ensure that pictures, text messages, emails, and application data going out or coming in is kept private. Do users think spying on your smartphone is impossible or hard? Of course, spying through social engineering risk, but what about if users have no idea that they are being watched? When connected to a PC, smartphones no authentication. They are USB devices that can give up all data that is stored in them. If accessed by the wrong hacker, he or she could install malware that can store all of user events and upload them onto an Excel sheet. Trust Of giving counsel essay exampleBBProxy opens a back channel bypassing the organizations gateway security mechanisms between the hacker and the inside of the users’ network. The communications channel between the BlackBerry server and mobile device is encrypted and a tunnel is opened by an administrator so encrypted communications can connect to the BlackBerry server inside the organizations network. A hacker will use this backdoor channel to move around inside of an organization unnoticed and remove confidential information undetected or install malware on the network. The Palm Treo security flaw existed in how data is accessed. It can allow anyone in possession of the device the ability to find data even if the device is locked. With security threats, flaws, and risks discussed, why are smartphones targeted? Well, many store a lot of their personal and business information on smartphones. Users have the deception that their smartphone is immune to hackers or attackers. No anti-malware or anti-virus protection software is installed on smartphones. Also, policies are overlooked because the vision of a mobile device is not taken as serious as a computer on the network. This is why smartphone security is important. With the smartphone market being so competitive, the first smartphone to have a major security breech will surely fade away. With major PC companies such as Microsoft, they have a market advantage. Security issues that are with the software may not as picked apart as the smartphone market. This is simply because a mobile device and easily be replaced. So smartphone companies do not have the same pull on the market as Microsoft. The most important thing to worry about with smartphones is emails and browsers that gateways to malicious activity. Most risks that users face however are not setting a user password and losing their mobile device. Hopefully companies will be better prepared in preventing security threats that are overlooked in smartphones. Companies that are planning to give employees access to business applications on their company smartphones. First, a company should Know the technology youre getting into, advises Shane Coursen, senior technology consultant at Kaspersky Lab. This simply means to understand the security risks before the company purchase a certain mobile device. Educate employees on importance of smartphone security. Have training classes that teach employees on best security practices and make sure they understand company policies about smartphones. Addresses issues such as, using a Virtual Private Network (VPN). Hire a company that can manage the company’s smartphones. That is, find qualified companies to manage your smartphone network and updates. Have accountability of smartphones. Take inventory and have only one smartphone carrier. This helps pin point a problem easier if one was to ever arise. Know the risks that the company can face. If data was lost or vulnerable how would it be recovered or protected? If smartphones are used as a thin client, have employees access applications through a Web browser so that nothing is stored locally, encryption is a great line of defense for data thats transported between back-end systems and smartphones. Enforce passwords. This is a way of protecting mobile devices that have data stored on them even though spyware or back doors can be present. Firewalls also add to security to prevent penetration to data. The most important is to buy anti-virus software that will protect your smartphones from malware and set standards so that updates will be ran routinely over the air. Bottom line is users must start treating smartphone like a laptop or desktop. The steps to hardening a smartphone network should become a necessity. REFERENCES John Edwards. â€Å"The iPhone Security Threat. † 25June 2007. Submitted by Computers. â€Å"Smartphone Virus Threat? † 30 June 2008 Symantec Corp. â€Å"Symantec Mobile Security 4. 0 for Symbian protects smartphones from viruses, hackers and other malicious threats. † 2005 Secure Computing Corporation. Warning of a serious BlackBerry security threat. † 09August 2006 Dawn Kawamoto. â€Å"Palm Treos ring up security flaws. † 16 February 2007 Elena Malykhina. â€Å"Best Practices in Smartphone Security. † 03November 2006 Symantec announces Anti-Virus and Firewall for Symbian smartphones 9 May 2005 John Markoff. â€Å"Securi ty Flaw Is Revealed in T-Mobile’s Google Phone. † 24October 2008 Davak. â€Å"The Unimportance of Smartphone Security — so far. † 01 August 2007 Jon Espenschied. â€Å"Ten dangerous claims about smart phone security. † 23 March 2007 Ryan Naraine. â€Å"Cracking the BlackBerry with a $100 Key. † 30November 2006

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.