Mobile Devices Under Attack
Mobile devices have infiltrated society in many forms. People use their smartphones, tablets, laptops, and other devices in the coffee shops, malls, grocery stores, and too many other locations to note. These also have been adopted by children as they learn the many uses of technology. These IoT devices have substantially improved the user experience (UX) and significantly increased the number of units in use along with productivity. As you walk through public areas, most people have these devices and actively using them.
One area within this realm which has not been exceptionally addressed in InfoSec. These devices hold a mass amount of data, mundane and confidential. The data also would have various levels of confidentiality involved. The person's physical address, in the grand overview, would not be as marketable as the social security number, parent's last names. This data is being targeted by the attackers. This was recently researched by Check Point. Their research indicated 100% of the respondents, businesses located throughout the world, badly experienced malware on their mobile assets The sample consisted of 850 businesses on four continents. The focal point of the attacks were both the Android and iPhone devices.
The attacks were not isolated within each business, but there were many instances of each business. The study also noted 89% of the businesses had the opportunity to manage man-in-the-middle attacks (MitM). On a secondary level, 75% of the organizations also experienced their devices becoming compromised, as defined with the device being rooted or jailbroken. The results indicate the mobile devices are clear targets. With the devices themselves, the Android systems were less secure than the iOS and Windows.
With these focused attacks, it would appear defending against would be nearly impossible. With sufficient and regular training with the staff, this may be remediated to a manageable level. When the staff understands what not to do, what to not click on, what to watch for, etc., there are fewer instances of issues.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.