Mobile Devices Are A Security Risk

it training

Mobile devices are a great answer to smaller, better, faster means of accomplishing tasks and storing data. They also pose a greater risk of malware intrusion and an unsecured region for personal and professional information. Where some would say it is nothing to get upset about, other situations speak otherwise. Recently, two different smart phones were delivered to retailers with microSD cards containing malware. One of the malware microSD cards had a botnet client, a worm, and a password stealing virus on it. It is estimated over three thousand smart phones in Spain were infected. The other brand of smart phone, sent to Germany, contained a worm that would copy files to the device and replicate itself. These two examples place malware loaded onto micro cards in the same category as intrusion software located on a USB drive, a CD or a DVD. They are a means of transport and unwittingly to the user, a pervasive method to enter a personal workstation and eventually move to a server or network.

Certain smart phone platforms are easy to invade, while phones like the iPhone are harder to compromise because Apple retains control over the phone and the method that applications must follow if they are allowed to execute in the iPhone environment. Suddenly, the decision to disallow Flash and keep the phone as a closed system makes sense. Also, it proves why jailbreaking the phone is a bad idea. Yes, opening the phone’s system architecture will give the user the ability to load any application they desire, but it also defeats eighty percent of the security features built into the iPhone. The Android platform, on the other hand, will let the user install any application they want. It is great for marketing and promoting sales, but not so stellar when you imagine the ramifications and what could happen from a security standpoint.

Security vendor Symantec’s director of consumer regional product marketing in the Middle East Europe, and Africa, Con Mallon, has this to say. “Any operating system and application is likely to have some sort of vulnerability, given the complexity of software these days. There are differences in the context within which mobile OS and applications currently exist. The world of the PC platform, where we can see, day in day out the creation and vast distribution of malware is one that is primarily homogeneous i.e. Windows dominates.”

The principal analyst for Quocirca and its communication, convergence and collaboration division, Rob Bamforth, said, “Phone phreakers used to attack phone systems long before we all had personal computers or digital telephony, but the attacks on feature phone users are more likely to be social engineering (SMS fraud etc) or for those supporting Java, there’s a risk there too. Given the rapid development of this software and the limited barriers to entry, it poses the dilemma to determine the reputable vendor/app from the disreputable/malicious apps. Gullibility and greed are evenly spread, so just increasing the number of ‘smart’ platforms increases the total system risk – mobile malware can use social engineering attacks (phishing etc) just as easily, perhaps more easily, as in a desktop context. With smaller screen real estate and ‘busy’ timescales, people respond more in haste when on the move, so the risks of clicking on a link that goes somewhere bad is probably higher.”

Security awareness, as that provided by CISSP online training, brings a knowledge base in understanding a smart phone is nothing more than a miniature personal computer. Just like a computer, it carries critical personal information, and needs the same security features and protection. K Alliance is a premier source of information security certification training, and a necessity in today’s environment.

Phishing attacks are one of the more prevalent methods, along with Bluetooth hijacking and wireless intrusion, are a few of the ways your device can be compromised. Mindless clicking on links, or providing requests with your log-in information, personal information, and passwords are procedures and practices you can change.

Also, in the event your personal device is lost or stolen, there should be some of locking scheme that prevents full access to your personal information. It is easier to wipe the device clean and replace the data, than to allow someone complete access to your identity.

Always remember, if it exists, someone will discover a way to gain from your misfortune or lack of knowledge.

About Us: Expert Training is a superb location containing computer-based training courses and enterprise library solutions. SharePoint Server 2010 training courses alleviate the problem of storing and retrieving business intelligence, and brings teams together in collaboration and brain storming efforts. Areas including CISSP information security training courses and PMP project management training courses aid in obtaining certification in today’s demand for expert, professionals who can successfully get the job done. Expert Training is your single resource for the best training available.