Mobile devices have become one of the swiftest growing consumer technologies; just like the devices, mobile applications are booming. As mobile devices develop, so do incentives for attackers. For example, the malware is on the increase as attackers are experimenting new business models through targeting mobile phones. The development of mobile payments emerges as another key driver to the threats. The transactions are estimated to reach approximately $630 billion by the year 2014 (Androulidakis, 2012). Mobile payments generate an attractive avenue for attackers, as they permit direct monetization of attacks. Smart phones and other devices are currently playing a remarkably crucial role in the way people communicate, entertain, work, bank, network and shop. Developments in the mobile market such as advancements in applications, storage and performance are occurring at a remarkably dizzying pace. However, the area of mobile security, which is a fundamental area, development has not been realized. As mature security software like antivirus is ubiquitous on desktops and laptops, a vast majority of mobile devices remain entirely devoid of security. Today’s mobile devices and corporate assets that they connect to are vulnerable. In the following paragraphs, threats that are currently plaguing mobile devices will be outlined.
Most mobile devices do not provide users with full control of their device operating system. In an attempt to gain absolute power over their device operating system, individuals usually jailbreak or root their device. This process takes advantage of the operating system vulnerabilities in bypassing security guards on a device. Software vendors desire to fix vulnerabilities as swift as possible, before they become exploited and utilized maliciously; hence, well-intentioned researchers disclose vulnerabilities they encounter to software vendors. However, on mobile devices, there is usually a conflict of interest. This is because vulnerabilities are usually the only way of rooting devices; most researchers do not desire to fix vulnerabilities in order to maintain absolute control of their devices, so this intention generates a disincentive for researchers in disclosing vulnerabilities (Androulidakis, 2012). The conflict of interest amid vulnerability disclosure and capacity for individuals to control their devices poses an immense security threat onto mobile devices.
Once a vulnerability used to root devices becomes open to the public, it may also become utilized by malicious attackers; for instance Droid Dream (Soriano et al, 2010). It is not until all mobile devices permit users to have full control without rooting that the conflict of interest amid control and safety is going to end. Therefore, due to the conflict of interest between safety and control, mobile devices face threats. There is a need for mobile device security due to the organizations’ and individuals’ desire to maintain their confidentiality so that it will not be compromised, and integrity of organizational and personal data will not be lost. Any existing threat to the security of mobile devices will definitely pose a risk onto the management of crucial personal and organizational data (Dunham & Abu-Nimeh, 2009). This implies that any threat existing in the use of mobile devices as a key problem, which deserves consideration of effective measures that can be put in place to override the risk.
Threats to Mobile Devices
There are numerous security threats, which affect mobile devices, that usually fall into various categories that include: web based threats, application based threats, physical threats, and network based threats.
In this grouping, downloadable applications usually present various security issues to mobile devices. This includes software that is specifically designed to be malicious and software that is usually exploited for malicious reasons. Application based threats fit into the following categories:
Malware describes software created and utilized by attackers in disrupting computer operations, gathering sensitive information, or even gaining access to private systems. It may appear in the form of scripts, code, active content, or other software. It entails ransomware, computer viruses, Trojan horses, worms, and other malicious programs. Malware can perform actions without the user knowing about it; for instance, malware can be used in making charges to phone bills of the user, or sending unsolicited information to the contact list. It has the capacity of stealing personal information from mobile devices, which can result in financial fraud or identity theft. With the lack of security mechanisms and increased power and proliferation of mobile devices, malware is proliferating. Research findings indicate that between 2009 and 2010, there was an increase in threats reported, which increased by 250% (Soriano et al, 2010). Virtually, all principal platforms are usually malware targets. For instance, Trojans send messages to first-rate numbers and compromise passwords leading to frauds. Malware threats continue to grow extensively with the development of malware that has the characteristic of changing its properties during propagation; this avoids detection of the malware. This has increased the security threat for mobile devices.
Spyware describes any technology, which helps in gathering data about an organization or a person without the organization or person awareness. Spyware does not spread in the same way as a worm or virus since infected systems do not try to copy or transmit the software to other systems. Otherwise, spyware installs itself on systems through deceiving the user or exploiting software vulnerabilities. Spyware is installed without the consent and knowledge of the user; it is usually through the use of deceptive tactics. For instance, some spyware usually deceives users through bundling itself with desirable software. Some spyware authors usually infect a system via security holes in other software. The moment the user navigates to web pages controlled by spyware authors, the pages contain codes that attack the browser forcing downloads and installations of spyware. Common data targeted by spyware may include: text messages, browser history, location, contact list, camera pictures, and email among others. Spyware may be targeted or untargeted. Targeted spyware is usually designed with a purpose of surveillance of a given person or organization. On the other hand, untargeted spyware gathers data regarding a vast group of individuals. Depending on how it gets utilized, targeted spyware may not or may be malicious. Spyware applications are prevalent and monitor device communications, and cyber criminals may remotely control them. Spyware applications like Flexi Spy, MobiStealth and Mobile Spy are effective and readily available. Due to its difficulty in identification, spyware is a threat to mobile device security. The identification of spyware requires robust anti-malware. They usually pose an immense threat to the integrity and confidentiality of using mobile devices.
Privacy threats can be caused by applications, which are not necessarily malicious although they might be. However, they gather or utilize more sensitive information such as contact lists, location, and personally identifiable data. This information is more sensitive than necessary in performing their task, or than coziness of the user. These applications may be malicious in that they may gather sensitive information, which may lead to individuals and organizations losing confidentiality of their vital data. Therefore, these applications are a threat to mobile device security.
These contain software vulnerabilities, which may be exploited for malicious reasons. They usually permit an attacker to have access to sensitive information, make a service function improperly, perform undesirable operations, and automatically download additional applications that are usually fixed through an update from a developer.