Chapter 7: Safeguarding Mobile Devices
Mobile Operating System
An operating system especially designed for mobiles devices to allow them to run applications and programs is called a mobile Operating
System (OS). When the power button on a mobile device is pressed, the mobile OS loads the necessary files to run the OS and shows the
home screen filled with icons of different applications (or apps).
IOS: Owned by Apple, 10S Is a mobile operating system specially designed for Apple's hardware. It is installed on devices, such as iPad, IPhone and iPod Touch and has a direct manipulation based user interface. It operates using multi-touch gestures to control elements such as buttons, sliders and switches.
Android: Owned by Google, Android is an open source operating system designed for touch screen mobile devices. The OS is based on the Linux kernel and allows developers to make programs as per their choice by accessing unlocked hardware. It operates using touch gestures to control actions like swiping, pinching, tapping and entering text using the virtual keyboard.
Windows Mobile: Owned by Microsoft, Windows Mobile is a mobile operating system designed for smartphones. Windows Mobile OS can be recognized by tiled set up and dubbed metro, through which tiles can be moved and interchanged using the metro. Users can browse the web using mobile-optimized version of Internet Explorer, known as Edge in Windows 10 Mobile.
IMEI Number
IMEI (International Mobile Equipment identity) is a unique number, which is used to identify mobile handsets (using UMTS, GSM and LTE
networks) or devices which connect to a cellular network. IMEl is as important as the phone's operating system and is printed on every
phone inside the battery space. There is als0 a code that you can enter and display the IMEI number on the handset screen using USSD.
This code varies from operator to operator.
Role of IMEI Number
An IMEI number (eg. 568438 126755154) is useful for many events, such as:
- Mobile phone usage can be tracked by cell phone provider using IMEI number.
- Subscribers can be identified using IMEI number.
- Gadget type can be recognized using IMEl number.
- Remote device can be easily disabled using IMEl number if stolen.
Security Risks of Mobile Device
Eavesdropping: Eavesdropping is a real-time intervention in the personal conversation of others over an electronic medium. The attackers can intercept the communication on phone, video calls or instant messaging using IP based calls and other technological tools.
Unauthorized access: It is very common practice that people save their personal information and login details on their phones for easy access. his makes It very easy Tor the hackers to get the Crucial information of user by gaining access to their mobiles. By accessing a single device, the hacker can fetch the information of multiple accounts.
Theft and loss: Mobile devices are loaded with a lot of personal information like pictures, emails, social media accounts, banking apps, telephone contacts, important files and sometimes even login details of accounts. By merely losing a device, the user can lose all the data and becomes susceptible to online threat.
Unmanaged applications: It is advisable to keep the applications on the phone updated and managed. Failing this, user can invite hackers to intrude in their systems and get access to data.
Absence of mobile firewall: Due to non-availability of firewall on mobile devices, they are open to hackers via untrusted communication ports. In return, this puts mobile and sensitive information on high risk.
Vulnerabilities of Mobile Applications
Improper transport layer protection: Whenever the users search for any information on the internet, it interacts with the remote server that receives the device request, looks for the requested information and sends it to the client. During this exchange between server and mobile device, the transmission must be protected.
Poor authorization and authentication: If authorization is not handled properly, even a good authentication mechanism can causes issues. Mobile users must make it a practice not to access the data that is not meant for them. Mobile apps only trust the client side authorization, which can come out as a drawback.
Broken cryptography: Considering that the system is protected it the cryptography Is in place is a misunderstanding. Hackers remain active in solving and breaking even the strongest of cryptography techniques. Predictable keys, short protection codes, cryptography type and weak ciphers are some of the failures.
Threats Associated with Bluetooth Devices
Bluesnarfing: The unauthorised access of data through an open and insecure Bluetooth connection by a wireless device is refered ass Bluesnarfing. Keeping the phone in Bluetooth discoverable mode can make the device vulnerable to this attack.
Man-in-the-middle attack: When a perpetrator attempting unauthorized access secretly joins the authorized Bluetooth communication of two parties, such attacks are known as Man-In-The-Middle (MITM) attacks. The attacker can alter, modify, relay or steal the data exchanged between the parties.
Backdoor hacking: When an untrusted device gains access to another mobile device via Bluetooth to collect the data of the latter, this practice is known as Backdoor hacking. Pairing an untrustworthy device through Bluetooth connection can invite this attack.
Mobile Antivirus
Everyone has a mobile device these days. They use these mobile devices for online shopping, paying bills, storing personal information, managing finances and more, thanks to the increasing speed, power and storage capacity of these devices. The increasing use of mobile devices has made them vulnerable to several threats such as Ransomware, online banking fraud and Remote Access Tools (RATS) by cyber criminals. Although these threats are not so common as in the case of PCs and Macs, there is still a significant number of such threats (viruses and malware)-mainly on the Android platform because of its wider reach. A study from 2013 showed that 97% of viruses and malware were on Android phones. I here are limited ways to get a virus on your mobile device, for example, installing third-party apps from an unknown source.
There are several factors impacting mobile security
- Insecure web browsing
- Insecure Wi-Fi connectivity
- Lost or stolen mobile devices
- Corrupt application downloaded to the mobile devices
- Lack of security patches from service providers
Best security practices
- Install security software (antivirus and anti-malware) on your mobile device
- Update the operating system and apps regularly (whenever available)
- Install a phone finder app
- Use a backup program
- Set device to wipe contents after specified number of failed login attempts
