The 10+1 commandments of mobile security

The mobile landscape is diverse but they have one thing in common – each one of them can be hacked.

Mobile devices have inundated our lives. Smartphones, tablets, phablets, wearables… the list of mobiles and their variants is endless. People have stopped talking and started dat(a)ing in a big way. Communication through smart devices has clearly overwhelmed us like never before. People are buying, paying and living through their mobiles. Love and relationships can be activated through a single app. 

We have reached a state where people use more than a single smart device at a time. As long as the smart-ness of smartphones was confined to individuals, the corporate world could afford to remain a silent bystander, but no longer. The BYOD or Bring Your Own Device is the new norm and not a single business can avoid the challenges which come with mobility in management.

Mobile overview

The mobile landscape is diverse but they have one thing in common – each one of them can be hacked. You are in the danger of exposing your sensitive personal data, like bank particulars which can compromise not only your account but also put thousands and millions of accounts in jeopardy. The dangers of using a smartphone go way beyond your pocket. eWay robbers can steal your personal data like passwords which give access to your personal life – photographs, texts, chats, love life, heart rate and even your bedroom secrets. When people are told about the dangers, they usually shrug their shoulders and claim with a prim comment that these things happen to others, not to them. 

Unfortunately, it’s a question of time before tragedy visits through their mobile and then it’s too late.  You don’t really need technology to break into a mobile. Losing a mobile is easily accomplished – many thousands do it routinely. They become easy targets for data thieves who don’t even have to steal anything. Earlier, it was impossible to lug around a desktop computer and the chances of misplacing, losing and forgetting it in a movie hall were nil. Mobiles can and do go with you everywhere and it becomes easier to misplace. Your data is a sitting duck for those who are looking for such an opportunity. 

To add to your woes, you keep all your sensitive data, personal and official, right inside your smartphone, unlike in the past when information concerning your office resided exclusively on your official desktop. Mobile security must therefore be given top priority by you. 

Why not use a safe mobile?

The mobile security environment is quite fluid – a perfectly safe smartphone today may become a terribly unsafe one tomorrow. Hackers are having a field day trying to break into the safest mobiles. Everyone has heard of the Apple iPhone saga concerning the FBI. It has been widely reported that the top notch investigative agency had to pay a cool million to an unknown private entity to pry open the San Bernardino iPhone. 

The identity of the contractor is a closely held secret. The cloak and dagger game goes to highlight that even invincible mobile machines can be compromised by run of the mill hackers. However, the general opinion was that Apple iPhones are safe from intrusion. But the situation soon changed with the release of iOS 9.3.5. The operating system was pried open to enable snooping into the data. Apple in response released a security patch in August 2016. Can anyone guarantee a perfectly safe smartphone in this scenario? Most unlikely.  The situation with other mobile manufacturers and operating system providers is no better or even worse. 

There are breaches galore in the Android based mobiles. There are many reasons why an Android is a better candidate than iPhones for hacking. The first reported bug in Android based smartphones happened in Android 4.4. This bug or vulnerability continues to bug this operating system ever since. Google has smugly announced that they are looking into the matter, while billions of users are at risk of getting infected with malicious code. Some reports claim that Blackberry phones are the safest, but how many users does it have anyway? Hackers don’t want to waste their time hacking into phones which have no impact. The fun in the hacking game is to disrupt communication and compromise data in a big way. 

Compromising a Blackberry would not give that kind of vicarious pleasure. The same logic applies to Microsoft mobile operating system. There will certainly be more attempts at intrusion if MS operating system becomes more popular. 

Ways to compromise mobile security

From our discussion it seems that we are all sitting ducks for hackers and there is no way we can escape the mobile karma. Security can and will be compromised and there is no point running away from this truth. Fortunately, there are many ways to escape this morbid fate and manage to work with a secure mobile environment. To understand the escape routes, we must first grasp how smartphones get compromised in the first place.  

The first and most important factor in mobile security is to safeguard them physically. It comes as no surprise when research suggests that most mobiles are compromised because of loss or theft. It’s quite easy to forget a mobile as compared to misplacing your desktop. Hackers can play mischief with your data and your bank balance if they get hold of your mobile. From an organisation point of view, a lost mobile can lead to irretrievable loss of official data when can be used to completely ruin them. Therefore, physical security must be emphasised when dealing with mobile users. The second issue is concerned with the original sin – greed. Mobile users don’t want to pay for apps but want them free. 

There are hackers who can highjack a mobile by inserting malicious software through apps. The iPhone users are protected to a certain extent from this malice. Apple apps can only be downloaded from their iTunes site and third party apps are prohibited. This does not stop abusers from jailbreaking the iPhone. Users want to play with fire by going out of their way to compromise security. They save a few dollars without realising that they are probably giving away millions in the form of breach in security.  As far as Google is concerned, it has a laissez-faire attitude. Users can do as they wish and download apps from wherever they want. This puts the entire Android network in the vulnerable zone. 

Not many Android users download apps from the official Google Play store. The risks involved in Android phones are comparatively higher than Apple iOS. Security risk in using mobiles is greater than that from desktops because of the size. In fact, size matters when it comes to security. Smaller memory means you can store limited number of apps in your mobile. When you consider that mobile users want to cram everything – from social media to office applications into a single mobile, there is very little space left for installing security apps. Moreover, security apps slow down mobiles. Imagine what would happen if users don’t get their dose of social media dope every minute? 

They would go absolutely crazy and suffer from severe withdrawal symptoms. The lack of memory also means that mobile users won’t update their operating systems with security patches. This is like inviting hackers to visit your home for weekend lunch. A lot can happen in this time.  Security agencies find new and novel ways to protect mobile users from webway robbers waiting to setup unwary surfers. Social engineering is the new buzzword in security circles. The latest in this saga is the access to sensitive data of no less than the CBI director himself. 

If you think that all security breaches are managed by mature and serious professionals, you are in for a very rude shock. It turns out that the guy who stole sensitive information of CBI director was a young teen who knew his way around the internet. The teenager used common techniques used by conmen to do what he did. He simply asked for information from the mobile service provider posing as the director himself. You can decide for yourself whether to cry or laugh.  Mobiles are used mainly to connect to social media sites, which have therefore become a hotbed of activity for hackers. Surprisingly a lot of data is waiting to be high jacked from your Facebook account and other similar sites. Safe surfing is the only way you can avoid a tragedy.

ABOUT THE AUTHOR

Santosh Varughese is President of Cognetyx, the world’s first “Ambient Cognitive Cyber Surveillance” solution to safeguard medical information. Cognetyx uses advanced machine-learning artificial intelligence to detect rogue users.