Hacking your back pocket

by Sue Poremba, security and technology writer, Central Desktop, a PGi company, October 27, 2015

Convenient, but vulnerable

There are two primary reasons why your smartphone is more likely to be hacked than other devices, according to Paul Hill, senior consultant with SystemExperts: the physical security of the devices and the use of untrustworthy networks.

“Mobile devices are more likely to be physically accessible to an attacker because the devices are not always within the security perimeter of company offices or data centers,” Hill explained. “Since the devices are taken out of the office, they are more likely to be stolen, lost, or accessed by an unauthorized individual if left unattended.”­

As for the problem with untrustworthy networks, users tend to forget how easy it is for hackers to eavesdrop unencrypted traffic. “If a user of mobile devices uses any unsecure protocols while the network is being monitored by a third party, account names, passwords, or any confidential data will be revealed to the eavesdropper,” said Hill.

In addition, Hill added, a compromised or hostile host on an untrustworthy network could send packets to devices on the local network and seek to discover known vulnerabilities on the mobile device, and then exploit the discovered vulnerability by sending the correct packets.

The cost of free WiFi

The very nature of mobile computing exposes more vulnerabilities than it hides, which increases the risk of an attack. There has been an increase in attack vectors that are unique to mobile devices, all of which are susceptible because users aren’t thinking about security in the same way they would on a traditional computer.

Take the problem of rogue infrastructure, for instance. Rogue infrastructure is unique to mobile devices and did not previously threaten the enterprise because end users stayed within the confines of the protected network, said Michael J. Covington, Senior Director of Product Management for Wandera, which develops mobile security solutions. As users began to connect to corporate resources from outside that perimeter, threats had more direct access to the network and its data, largely because users aren’t taking the precautions to avoid untrustworthy situations. They continue to use open WiFi sources with zero authentication.

Apps have become so ubiquitous that it easy to overlook basic security protocols before downloading. Also, because users have been repeatedly told that apps downloaded from the App Store or Google Play or a similar trusted source, they are safe. However, we’re beginning to see that that isn’t always the case.

To read the full article click here.