Very small computing
devices represent a new frontier in the computer security war. Mobile devices
amplify existing security concerns while introducing a new set of risks, but
most people have an incomplete understanding of the full range of threats and the
measures to limit their exposure.
 |
| 7 things you should know about mobile security |
Large
and fast-growing numbers of people from all walks of life use Smartphone’s and
other mobile devices for a widening range of activities, including conducting
financial transactions and exchanging other sensitive information.
This
explosion of mobile devices quickly erodes the control that institutions might
otherwise have had. Mobile users also put privacy at risk when they share
location information because knowing where individuals are or where they are
not can be powerful information in the hands of stalkers, burglars,
advertisers, and others. At the same time, the rising tide of awareness of
security risks for mobile devices should benefit the security of all devices.
Not Just Portable but Mobile
Simply by virtue of the fact that laptops are easier to misplace or steal than desktops, the introduction of “portable computing” brought with it greater risks to computer security. From a software standpoint, though, laptops and desktops are relatively close kin—both use “PC-based” operating systems and applications. By contrast, very small computing devices that use mobile operating systems and mobile apps represent a new frontier in the computer security war. Mobile devices (as distinct from traditional laptops) include smartphones, of course, but also emerging classes of devices, including tablets such as the Apple iPad, the Samsung Galaxy, and the Motorola Xoom. They run on operating systems such as Apple’s iOS, Google’s Android, Microsoft’s Windows Phone, and RIM’s BlackBerry OS. Mobile devices also tend to run different or scaled-down versions of browsers and other applications. Nonetheless, mobile devices are computers: You don’t have to go too far back in time to find desktops less powerful than today’s Smartphone’s, and notwithstanding the limitations of a small screen and keypad consumers expect to be able to do virtually everything on their phones that they can do on a PC. The evolution of such powerful mobile devices raises a range of security concerns, some of which are familiar, while others present entirely new challenges.
Overlapping Insecurities
The moment you disconnect the network cable and begin transmitting data wirelessly, you open the door to a range of security threats. Encrypting data can go a long way toward securing wireless traffic, but this approach is only as good as the type of encryption used. Encryption standards for Wi-Fi have matured to the point that properly configured connections—and appropriate user behaviour can provide reasonably high levels of security. Still, inherent risks remain for wireless computing, and most people have an incomplete understanding of the full range of threats to wireless traffic and of the measures to limit their exposure. Traffic over cellular networks faces similar challenges, and the encryption for at least one type of cellular traffic has been compromised. As a result, mobile devices—which typically use cell service or Wi-Fi, depending on availability—are at least as susceptible to security threats as laptops.
The moment you disconnect the network cable and begin transmitting data wirelessly, you open the door to a range of security threats. Encrypting data can go a long way toward securing wireless traffic, but this approach is only as good as the type of encryption used. Encryption standards for Wi-Fi have matured to the point that properly configured connections—and appropriate user behaviour can provide reasonably high levels of security. Still, inherent risks remain for wireless computing, and most people have an incomplete understanding of the full range of threats to wireless traffic and of the measures to limit their exposure. Traffic over cellular networks faces similar challenges, and the encryption for at least one type of cellular traffic has been compromised. As a result, mobile devices—which typically use cell service or Wi-Fi, depending on availability—are at least as susceptible to security threats as laptops.
Risk Amplification and Divergence
In a number of important ways, mobile devices amplify existing security concerns while introducing a new set of risks. Compared to PC-based operating systems, mobile operating systems are less mature hackers have spent less time trying to poke holes in them, but by the same token, developers have spent less time protecting them. The same holds true for mobile applications, including antivirus software—despite the fact that malware targeting mobile device platforms has surfaced, panellists at a recent security conference noted that “the market for enterprise-grade Smartphone antivirus solutions...is largely nonexistent.” The mobile
In a number of important ways, mobile devices amplify existing security concerns while introducing a new set of risks. Compared to PC-based operating systems, mobile operating systems are less mature hackers have spent less time trying to poke holes in them, but by the same token, developers have spent less time protecting them. The same holds true for mobile applications, including antivirus software—despite the fact that malware targeting mobile device platforms has surfaced, panellists at a recent security conference noted that “the market for enterprise-grade Smartphone antivirus solutions...is largely nonexistent.” The mobile
antivirus software that does exist is generally considered less robust than for PCs. Unlike most laptops or desktops, mobile devices often do not have password protection enabled by default. Given these factors, mobile security becomes highly problematic: When a mobile device is lost or stolen, unauthorized users typically have much less difficulty accessing resources stored on the device or accessed through it, especially when users allow those devices to store passwords to online services. Security tools that allow users to delete all of the data from a lost or stolen device are increasingly common on laptops; such remote-wiping applications are far less common on mobile devices, though this appears to be changing.
Most mobile
devices include cameras, which introduce a range of concerns, given the number
of places and circumstances in which the ability to take clandestine photos or
video can pose security and privacy risks to individuals and organizations.
Even on platforms for which all apps must be approved, the marketplace for mobile
apps is another avenue for security threats, and that risk may be greater for
apps that have little or no oversight. In addition, mobile payment services
connect mobile devices to bank accounts and let consumers use Smartphone’s to
pay for goods and services; this clearly has broad security ramifications. The convenience
and opportunities that mobile devices provide are remarkable. Many consumers,
however, fail to appreciate the risks that come with having full-featured,
Internet-connected computers in their pockets.
The Other Side of the Security Coin Is Privacy
Mobile devices also diverge from laptops in the area of location awareness. Using GPS or other methods, many mobile devices can pinpoint their locations at any time a feature rarely found on laptops and can share that information with others. Indeed, some services, such as the social network Foursquare, are built on a model of knowing where your friends are at any time. Similarly, people often use services like Twitter from mobile devices to say where they are (at a restaurant, out of town). Knowing where individuals are—or where they are not—can be powerful information in the hands of stalkers, burglars, advertisers, and others. Often users voluntarily provide location information, but frequently mobile apps transmit it, sometimes without the user’s knowledge, even when the device is turned off. Many mobile devices can be remotely activated, turning them into microphones without the user’s knowledge.
Mobile devices also diverge from laptops in the area of location awareness. Using GPS or other methods, many mobile devices can pinpoint their locations at any time a feature rarely found on laptops and can share that information with others. Indeed, some services, such as the social network Foursquare, are built on a model of knowing where your friends are at any time. Similarly, people often use services like Twitter from mobile devices to say where they are (at a restaurant, out of town). Knowing where individuals are—or where they are not—can be powerful information in the hands of stalkers, burglars, advertisers, and others. Often users voluntarily provide location information, but frequently mobile apps transmit it, sometimes without the user’s knowledge, even when the device is turned off. Many mobile devices can be remotely activated, turning them into microphones without the user’s knowledge.
Mobile Floodgates Are Open
The severity of a given security risk is proportional to the number of users potentially affected. Large and fast-growing numbers of people from all walks of life use Smartphone’s and other mobile devices for a widening range of activities, including conducting financial transactions and exchanging other sensitive information. On campus, mobile devices are becoming common tools for teaching and learning and for administrative functions, as well as for personal activities. One result of this widespread adoption and the gold-rush expansion of apps is that mobile devices become a honey pot for the unscrupulous and the criminal. Of course, developers of mobile operating systems and security software are also at work, and the inevitable power struggle ensues.
Special Concerns for Higher Education
Colleges and universities are the custodians of considerable amounts of sensitive information. Regulations such as HIPAA and FERPA hold institutions accountable for a wider range of data than many other organizations, and a litany of data breaches involving stolen laptops and misplaced fl ash drives chronicles higher education’s spotty record with electronic data. Meanwhile, the explosion of mobile devices quickly erodes the control that institutions might otherwise have had in terms of software updates and patches on devices that access campus networks. Most mobile devices are purchased and maintained by individuals, whether students,
Colleges and universities are the custodians of considerable amounts of sensitive information. Regulations such as HIPAA and FERPA hold institutions accountable for a wider range of data than many other organizations, and a litany of data breaches involving stolen laptops and misplaced fl ash drives chronicles higher education’s spotty record with electronic data. Meanwhile, the explosion of mobile devices quickly erodes the control that institutions might otherwise have had in terms of software updates and patches on devices that access campus networks. Most mobile devices are purchased and maintained by individuals, whether students,
faculty, staff , or other users who access campus networks. Measures to limit the amount of data stored on mobile devices and tools (such as remote-wiping applications) can mollify the risk, but the days of tight control have likely passed.
People: The Security Wildcard
As with all forms of computer security, the biggest threat for mobile devices comes from people. To a considerable extent, mobile devices can securely store private data and conduct sensitive transactions, but only if those devices are configured and used appropriately. Users need to understand the trade-offs between security and functionality in order to make informed decisions about the things they do with mobile devices and the risks those activities incur. User education can be an important part of reducing security incidents, though they will never be eliminated. The rising tide of awareness of security risks for mobile devices will benefit the security of all devices, in terms of changed user habits and of more attention from security vendors to the threats posed.
+Awards+Red+Carpet+Best+Dress.jpg)
.jpg)
No comments:
Post a Comment