Security

How to overcome mobile computing security issues

protected

Nowadays most of the people are engaged in mobile computing. Because of the mass usage and important data being transferred, attackers and intruders are very enthusiastic of accessing mobile computing devices unauthorizedly. So, in mobile computing the vulnerability of being expose to attackers is high. Nobody needs to be vulnerable to the attackers. Nobody needs to give away their private and confidential information to the malicious users. So, it’s really important to maintain a good behavior in usage and follow appropriate security solutions. In my previous blog post (check this link if you are interested https://kumudika.wordpress.com/2017/04/28/vulnerabilities-and-threats-of-mobile-computing/) I have discussed some of the main vulnerabilities and threats of mobile computing. So, in here I’ll discuss about what we shall do as a preventing mechanism.

  • Use a proper anti-malware software or scanning tools and update it regularly
  • Use appropriate authentication methods
  • Encryption for data in transmission(SSL, SSH) and data at rest(database, drive)
  • Beware of vulnerabilities and security threats

virus

 

 

 

 

 

  • Use protections for confidentiality threats like shoulder surfing, social engineering, etc
  • Use licensed software and hardware
  • Conduct security checkups regularly
  • Identify vulnerabilities of the existing devices and make appropriate solutions
  • Enforcing proper access rights (authorization)
  • Use strong passwords and do not reveal credentials to unauthorized parties. Do not use personal data like name, birthday as your password or password hints which can be easily guess
  • Do not use same username, password, email for every account because if a hacker new your login credentials of one account, those credentials would be his first guess when he is involving in a Bruce force attack
  • If any website gives you the password back when you ask for the forget password option, do not use that site again. Because it doesn’t use encryption when storing passwords. So, the attackers can hack their database and steal your credentials

Find-your-lost-mobile

  • Lock your devices if your are leaving your device for a while
  • Logout after using personal accounts like social media account
  • Avoid storing sensitive data in the mobile devices (eg: ATM password)
  • Be careful in online transactions and submitting banking details via online
  • Use technologies like native remote lock and find and wipe capabilities in case of theft or loss devices
  • Organize email inbox and be careful about spam messages
  • Read policy statements before installing a software or any other mobile application
  • Maintain software and data backups
  • Double check when installing free mobile application
  • Surf only in secured websites

https

  • Be careful when clicking links on the websites. Before click, hover on the link and check what is the destination of that link
  • Control wireless network and service connectivity
  • Beware of storage capacity, speed of your own devices. Any irregular pattern might give you a sense of attack because some attackers use your device’s storage/ connection for their malicious purposes
  • Use only properly registered network connections and Access Points

network-security

  • Be careful when adding unknown persons into your social media accounts. Fake accounts and pages are one of the way that attackers use to steal your personal information
  • If you have recognized that you are under an attack, quickly inform that to the authorized/responsible parties

 

Security

Vulnerabilities and threats of mobile computing

vulnerability

Mobile computing is a main part of the daily activities of the modern day people. They use mobile devices to access communication technologies which give the internet facility from anywhere any time. Smartphone, tablets, laptops, mobile data storage devices, music players and GPS are some of the common devices used in mobile computing. Most of the latest trends like e-learning, e-commerce, and e-communication are engaged with mobile computing to increase the efficiency, productivity of the day to day functions. For most of the people, mobile computing is a main part of their lives. So, it’s better to know about the threats and issues related to mobile computing. When we are talking about threats/vulnerabilities, we should concern about the physical device, data, and the communication medium/ the channel.

DOS attacks (Denial of Service)

In here, the attacker’s intention is to prevent actual users accessing the connection/service. In order to do that, attackers create a huge traffic by sending large number of request to the server and server gets busy with giving responses to those requests instead of responding to the actual user’s request.

Eg: If “X” send a probe request to the Access Point (AP) and attacker needs to disrupt. So, the attacker send a new probe request to the AP by using X’s MAC address. Due to that, AP will drop X’s probe request and drop his connection and will response to the attacker’s fake request.

Wormhole attacks

Attackers use the internet connection using a wormhole node and pretend as an Access Point (AP) to a user showing that it is the shortest path for the internet connection. So, the every packet transmitted through the AP can be captured and read by the attacker.

wormhole

Replay attacks

Attackers spy the conversation between the sender and the receiver and grab the authentication details. Then connect to the infrastructure for a while and re-transmit the content again pretending as the previous sender.

Spoofing

Malicious persons attack to the network connections by pretending as another user (using their IP address)

Traffic analysis

Attackers listen to the traffic flowing of the channel and capture packets and read data. Then they track locations and get access to the personnel information of the targeted users.

Eavesdropping

In simple terms it says getting illegal access to a conversation as a third party. Data sent from the client to an enterprise server is often unencrypted. So, it leads to eavesdrop on users’ sensitive communications.

High dependency

Most of the software applications and hardware are interconnected synchronized. If a component infected with a malicious attack, then it affects to the other components automatically. So, the likelihood of expose to the risks is high.

Theft and loss

Because of the high usage and the portable size, misplacing mobile devices is a common issue in mobile computing. It may cause data loss and exposes private and confidential data to the unauthorized parties. Most of the mobile applications ask for login credentials when accessing. Because of the ease most of us store credentials and stay logged in for those mobile applications. So, in case of loss or theft, no more we are the owners of our data. Whoever the person gets our device can unauthorizedly access our device.

Malicious software (Malware)

It means any program or an application which can cause harm to the computer device or to the user. Virus, Worm, Trojans, Spyware are some of the examples for malware.

Virus- A computer program which maliciously attached to a genuine program and make duplicates of itself and spread them among other programs and infect them by modifying data of those program files
Worm- A standalone computer program which can make an exact copy of itself and spread among other computers
Trojans- it’s a kind of malware which can use to hack into the computer by giving wrong idea or the impression. Then the attackers can access personal data like passwords, banking information
Spyware- A software which is attached to the genuine software or hidden inside the genuine software without knowing the user in order to steal information of the user

Pull attacks

In here an attacker controls the device as a source of data and obtained data by device itself

Push attacks

Malicious codes which can establish in the mobile device and then gradually reach to other components of the network.