Mobile Security Research
By research of the “European Union Agency for Network and Information Security”, ENISA, there has been a research about information security risks for smartphone users the top ten.
Below is a list of the top 10 security risks. The help of experts, we can determine how important each risk. The level is intended to be able to compare different risks. This gives you an easy overview.
|1||Data leakage resulting from device loss or theft||High||The smartphone is stolen or you lose it and the memory or removable media is unsurpassed protection allowing anyone with access to your data|
|2||Unintentional disclosure of data||High||Smartphone user makes accidental data seen on the phone|
|3||Attacks on decommissioned smartphones||High||The smartphone is incorrectly dismantled so everyone has access to your data|
|4||Phishing attacks||Medium||Criminals send fake messages via SMS or email to find out user data such as passwords|
|5||Spyware attacks||Medium||The smartphone has spyware installed, allowing an crimimal to access or infer personal data. Spyware covers untargeted collection of personal information as opposed to targeted surveillance.|
|6||Network spoofing attacks||Medium||A crimininal deploys a rogue network access point (WiFi or GSM) and the users connect to it. The criminal subsequently intercepts (or tampers with) the user communication to carry out further attacks such as phishing.|
|7||Surveillance attacks||Medium||Criminals keep users in mind, through targeted smartpone|
|8||Diallerware attacks||Medium||Through malware, criminals steal money from the user, they do this by using premium SMS services / numbers|
|9||Financial malware attacks||Medium||The smartphone is infected with malware specifically designed to steal credit card numbers, online banking or e-commerce transactions|
|10||Network congestion||Low||Source network overload due to unavailability network to the end user|
More detailed information about each possible mobile security breach:
Data leakage resulting from device loss or theft
The smartphone is stolen or lost and memory or the removeable media are not protected, allowing an crimimal to access the data on the disk. Smartphones often contain valuable information such as credit card information, bank account numbers, passwords and contact information.
Unintentional disclosure of data
The smartphone user accidentally reveals the data on the smartphone users are not always aware of all the functionality of the smartphone apps. Even if they have given express consent of people realize that they are not risking harassment or robbery.
Attacks on decommissioned smartphones
The smartphone is dismantled incorrectly allow an criminal to access the data on the device. Due to a growing awareness of identity theft now destroy many people and organizations or wipe computer hard drives for decommissioning.
An criminal collects user credentials (such as passwords and credit card numbers) by means of fake apps or (SMS, email) messages that seem genuine. Phishing attacks are a well-known threat for users of traditional PCs. Phishing attacks are actually platform independent, because the criminal does not need to attack the user’s device in any way.
The smartphone has spyware installed, allowing an criminal to access or infer personal data. Spyware covers untargeted collection of personal information as opposed to targeted surveillance.
Network Spoofing Attacks
A criminal deploys a rogue network access point (WiFi or GSM) and users connect to it. The criminal subsequently intercepts (or tampers with) the user communication to carry out further attacks, this is called phishing
A crimimal keeps a user under surveillance through the user’s own smartphone.
Smartphones can be used to keep a targeted individual under surveillance. Smartphones contain multiple sensors such as a microphone, camera, accelerometer and GPS.
An criminal steals money from the smartphone owner by means of malware that makes hidden use of premium SMS services or numbers.
Certain smartphone API calls cost the user money, e.g. SMS (including micropayments), phone calls, and data over metered GSM/UMTS.
Financial malware attacks
The smartphone is infected with malware specifically designed for stealing credit card numbers, online banking credentials or subverting online banking or ecommerce transactions.
Financial malware is software specifically designed to steal credentials or perform man-in-the-middle attacks on financial applications or web services.
Network resource overload due to smartphone usage leading to network unavailability for the end-user.
The uptake of smartphones and mobile Internet increases the risk of network congestion