Mobile security: Risks, challenges and concerns
As smartphones and tablets become increasingly central to modern life, the amount of personal information routinely stored on them has grown dramatically.
Unlike traditional computers, however, phones and tablets are easily stolen or misplaced. If that happens, your private data— passwords, credit card numbers and addresses — will be freely available to whoever picks up your device.
In this article, we'll discuss the various security threats your smartphone or tablet faces today, as well as the measures you can take to protect your privacy.
We'll also look at how Android and iOS stack up on security, weighing the benefits and downsides of each platform, as well as the best Android antivirus apps.
Before discussing the ways in which you can lock down your Android or iOS device, it would be helpful to know what sort of security risks the modern smartphone faces.
ENISA, the European Union Agency for Network and Information Security, ranks some of the top security risks for smartphones and other mobile devices — and their threat levels — as follows:
Data leakage resulting from device loss or theft (high risk)
Unfettered access to your smartphone can be a gold mine for anyone seeking access to your private information. If you lose your device due to forgetfulness or theft, and you haven't locked it down with a PIN or password, your phone's new owner will have access to data including:
· Your email, including any passwords or account information that you've saved
· Your social media accounts, such as Facebook, Google+ and Twitter
· Passwords saved in your browser
· Credit card information and passwords saved in apps like Amazon and Google Wallet
· Email addresses, phone numbers and physical addresses of your contacts
· Access to secured Wi-Fi networks that you've saved
· Photos and videos saved on the device
Unintentional disclosure of data (high risk)
Developers frequently introduce more features than the average user can keep track of. For instance, you may be unaware that your device is broadcasting your location each time you post a photo using a social media app.
Here are some ways that you might be unintentionally letting the world know where you are:
· If you've posted a photo with the location data turned on
· If someone tags you in a photo without your knowledge
· If you've "checked into" a specific restaurant or café using a location app
Attacks on used/abandoned devices (high risk)
If you haven't wiped an old or discarded mobile device properly, the next user can easily access an alarming amount of your personal data. According to ENISA, studies have found that improperly decommissioned mobile devices can yield information such as:
· Call history
Phishing attacks (medium risk)
Phishing is an insidious form of data collection in which an attacker tries to dupe users into entering personal data, such as passwords and credit card information, by sending them fake messages that appear genuine.
Phishing can appear in a variety of guises:
· Fake apps designed to mimic legitimate applications such as "Angry Birds"
· Email messages that appear to come from legitimate sources such as banks and other financial institutions
· SMS messages that appear to come from legitimate sources such as your wireless provider
Spyware attacks (medium risk)
If your mobile device becomes infected with spyware— either from a rogue app or a malicious website — the malignant code can send your personal data to a remote server without your knowledge.
Information logged by spyware can include:
· All of the keystrokes made since the spyware was installed
· Names, phone numbers and email addresses of your contacts
· Credit card information entered in the browser
Network spoofing attacks (medium risk)
Hackers occasionally prey on users who have connected to bogus or unsecured Wi-Fi networks. Unless you studiously enter personal information only on websites that use SSL encryption, your data could be at risk of being stolen.
Here are some examples of information you could accidentally disclose:
· Passwords to unencrypted websites
· Credit card information sent via an unencrypted website
Follow David Eitelbach on Google+.