With the explosion of mobile devices, security risks are at an all-time high. People are using smartphones for an increasing number of activities and often store sensitive data such as passwords, contact information, email etc. And, this why mobile phones are becoming more and more vulnerable to attacks. In this blog I’ll cover the latest security threats and vulnerabilities to the mobile enterprise.
- Malware: These are malicious software designed to steal data and computing resources or trick users into taking actions that further compromise their devices. Common mobile malware hijack browser sessions, spy on user activities, display false/misleading adware, and open communications to a remote attacker.
- Advanced Persistent Threats (APTs): One of the most dangerous examples of stealth. APTs target individuals, businesses, governments and their data and redirect it via mobile connections. Data leaks, including espionage and exposure of corporate data is common with this type of threat. This threat is cheapest to implement because they use off the shelf malware and hacker tools like viruses and Trojans.
- Phishing Attacks: The rise of mobile commerce, banking has opened door to a flood of phishing attacks. Phishing is when a user is compelled or fooled into visiting a compromised website or reveal personal information, such as login credentials, credit card numbers and banking information. These attacks on mobile phones are more effective because users of these devices are more likely to click on links. Also, because of difficult navigation on mobile devices, it becomes difficult for the user to discern whether the link was legitimate or illegitimate.
- Outdated operating systems: Users today fail to realize the importance of OS updates. They tend to ignore or block updates that are being sent by OS vendors. This leaves their mobile devices vulnerable to common malware and exploits. Moreover, many users tend to jailbreak their devices which enables the downloading of apps, extensions etc. that are often unavailable through regulated channels. This opens another door for vulnerabilities.
- Untested Mobile Applications: Users sometimes tend to download apps from third party vendors instead of downloading it from regulated app stores. Many of these apps don’t have clear app sources and become very vulnerable because of coding errors that are not updated enough to prevent exploitation. This is true for legitimate software as well, as some of them are not updated on regular basis.
Enterprises can no longer ignore these mobile security threats and vulnerabilities, as devices are out in the open and wander freely in the wilds of the internet. They should seriously consider their mobile risks and take actions to defend their mobile enterprise.