Three Ways to Keep Your Mobile Device Safe
Mobile devices are at the core of the current cycle of business, technological and innovative transformation. This is both good and bad news. The good news is that vendors are filling the innovation and product pipeline as fast as consumer and business can drain it. For instance, according to the International Telecommunications Union (ITU), there are almost as many mobile cellular subscriptions (6.8 billion) as there are people on the planet (slightly more than 7 billion). In other words, we're close to a 100 percent penetration rate for mobile-cellular subscriptions.
The bad news is that attackers are keenly aware of this growth and density of mobile devices - which organically introduces risk into organizations. A recent U.S. government report helps shed some light on mobile risk profiles. According to this report, Google's Android operating system represented 79 percent of all malware threats to mobile operating systems in 2012. The report goes on to list three primary areas of concern:
- Premium-rate SMS: Close to 50 percent of malicious Android apps leverage premium-rate SMS to generate revenue for an attacker.
- Rootkits: By stealthily installing software into the phone's operating system, attackers can gain significant control over the mobile device. This can give an attacker the ability to turn portions of the phone on or off as needed or to download additional software. Conversely, stealthy malware can also send data, pictures and other files from a victim's device to an attacker's system.
- Fake App Stores: Configuring a mobile device to download applications from unknown sources should be considered "extremely risky behavior". While some users attempt to justify why they would want to do this, it is generally a very bad practice. Malware authors find less stringent requirements for placing their apps into these "fake" application stores (Google Play Domains).
There are several ways that mobile device users can protect themselves and reduce organizational risk:
- Use a highly reputable mobile device security product.
- Check your billing bi-weekly at a minimum. There are usually carrier/vendor apps that allow you to quickly check on data transfers, SMS messages and other activities. This gives you a quick snapshot to make sure you're not getting billed for unwanted services or activities.
- Stick to the official app stores (Google Play). Avoid taking risks with unauthorized mobile application marketplaces where there are sure to be numerous applications that act as Trojan horses. While you're busy toiling away at getting higher scores in your mobile game, they are carrying their true payloads.
"It should be noted that avoiding the Android platform isn't the solution to reducing risk. For instance, according to the CVE database there are currently 238 iOS vulnerabilities which are rated at varying levels of severity."