Providing mobile PC or mobiles to access internet for official purpose’s remote access to all business applications may put a personal or organization’s vital information at risk. For professionals or individual users, using mobile or mobile PC, there are plenty of benefits such as work from anywhere, etc...The mobile devices have their own characteristics but also with security concerns such as sensitive information access with mobiles.
There are various threats, which can affect the mobile users in several ways. For example, sending multimedia messages and text messages to the toll free numbers, unknowingly clicking for a message received through the mobile phone. Now-a-days many malicious programs have come which will try to get access over mobile phones and laptops and steal the personal information inside it.
Exposure of critical information
Small amounts of WLAN signals can travel significant distance, and it’s possible to peep into these signals using a wireless sniffer. A wireless intruder could expose critical information if sufficient security isn’t implemented.
Lost or Stolen devices
Even if sufficient security is implemented in wireless Virtual Private Networks (VPNs), if a device is lost or stolen. the entire corporate intranet could be threatened if those devices aren’t protected by a password and other user-level security measures.
Mobile Viruses can be major threat, particularly with devices that have significant computational capabilities. Mobile devices, in general are susceptible to Viruses in several ways. Viruses can take advantage of security holes in applications or in applications or in the underlying Operating System and cause damage. Applications downloaded to a mobile device can be as Virus-prone as desktop applications. In some mobile OS, malformed SMS messages can crash the device.
Bluejacking is sending nameless, unwanted messages to other users with Bluetooth-enabled mobile phones or laptops.
Bluejacking depends on the capability of Bluetooth phones to detect and contact another Bluetooth enabled device . The Bluejacker uses a feature originally proposed for exchanging contact details or electronic business cards. He or she adds a new entry in the phone’s address book, types in a message, and chooses to send it via Bluetooth.The phone searches for other Bluetooth phones and, if it finds one, sends the message. Despite its name, Bluejacking is essentially harmless. The Bluejacker does not steal personal information or take control of your phone.
Bluejacking can be a problem if it is used to send obscene or threatening messages or images, or to send advertising. If you want to avoid such messages, you can turn off Bluetooth, or set it to “undiscoverable”.
Bluesnarfing is the theft of data from a Bluetooth phone. Like Bluejacking, Bluesnarfing depends on the ability of Bluetooth-enabled devices to detect and contact others nearby.
In theory, a Bluetooth user running the right software on a laptop can discover a near by phone, connect to it without your confirmation, and download your phonebook, pictures of contacts and calendar. Your mobile phone’s serial number can also be downloaded and used to clone the phone.
You should turn off Bluetooth or set it to “undiscoverable”. The undiscoverable setting allows you to continue using Bluetooth products like headsets, but means that your phone is not visible to others.
E-mail Viruses affect PDAs in much the same way regular e-mail Viruses affect PCs. These Viruses are costly to enterprises and interrupt normal business too. PalmOS / LibertyCrack is an example of a PDA e-mail virus. It’s a known Trojan horse that can delete all applications on a Palm PDA.
Malicious soft wares like Worms, Spywares and Trojans
Worms may disturb the phone network by spreading from one mobile to other mobile through Bluetooth transfer, Infrared transfer or through MMS attachments. Spyware that has entered into the mobile phone through Bluetooth may transfer the personal information to the outside network. The Trojan which got installed along with the game application in the mobile may send SMS messages to expansible members and may increase the phone bill.
Guidelines for securing mobile devices
- Be careful while downloading applications through Bluetooth or as MMS attachments. They may contain some harmful software, which will affect the mobile phone.
- Keep the Bluetooth connection in an invisible mode, unless you need some user to access your mobile phone or laptops. If an unknown user tries to access the mobile phone or laptop through blue tooth, move away from the coverage area of blue tooth so that it automatically gets disconnected.
- Avoid downloading the content into mobile phone or laptop from an untrusted source.
- Delete the MMS message received from an unknown user without opening it.
- Read the mobile phone's operating instructions carefully mainly regarding the security settings, pin code settings, Bluetooth settings, infrared settings and procedure to download an application. This will help in making your mobile phone secure from malicious programs.
- Activate the pin code request for mobile phone access. Choose a pin, which is unpredictable and which is easy to remember for you.
- Use the call barring and restriction services provided by operators, to prevent the applications that are not used by you or by your family members.
- Don't make you mobile phone as a source for your personal data, which is dangerous if it falls in to the hands of strangers. It is advisable not to store important information like credit card and bank cards passwords, etc in a mobile phone.
- Note the IMEI code of your cell phone and keep it in a safe place. This helps the owner to prevent access to the stolen mobile. The operator can block a phone using the IMEI code.
- Regularly, backup important data in the mobile phone or laptop by following the instructions in the manual.
- Define your own trusted devices that can be connected to mobile phone or laptop through Bluetooth.
- Use free cleansing tools, which are available in the Internet to make your mobile work normally, when ever it is affected by malicious soft wares.
IMEI stands for International Mobile Equipment Identifier which is of around 15 or 17 digit number, which is unique from each and every mobile device. When a mobile is lost the owner of the mobile can ask the operator to block the mobile from working by giving the IMEI number of that mobile phone to the operator.
For more information:Mobile app security