What is Mobile Security?
When we call trends now, we say trend is technology or smart devices will all emergence of IOT, AI etc. It shows how important is Mobile in our life.
- Mobile security is the protection of smartphones, tablets, laptops and other portable computing devices, and the networks they connect to, from threats and vulnerabilities associated with wireless computing. Mobile security is also known as wireless security. Eventually, we are saying that Application, Mobile and Network all THREE VECTORS are open for attackers from any of the end.
- Securing mobile devices has become increasingly important in recent years as the numbers of the devices in operation and the uses to which they are put have expanded dramatically. The problem is compounded within the enterprise as the ongoing trend toward IT commercialization is resulting in more and more employee-owned devices connecting to the corporate network.
Our own top 5 mobile security concerns are listed below : –
IOS and ANDROID are the leaders in the market. So, in context of ANDROID and IOS. Android, IOS and Malicious Mobile Applications (MMA) Security takes centre stage. We are discussing the same below: –
Android Security
Security is a major part of Android device. Android was created with openness in mind, and is conducive to the use of third-party applications and cloud based services.
Five key features of ANDROID are
- Security at the OS level through the Linux kernel
- Mandatory Application Sandbox
- Secure inter process communication
- Application Signing
- Application defined and user-granted permissions
The Linux kernel provides Android with a set of security measures. It grants the operating system a user-based permissions model, process isolation, a secure mechanism for IPC, and the ability to remove any unnecessary or potentially insecure parts of the kernel. It further works to prevent multiple system users from accessing each other’s resources and exhausting them.
IOS Security
- IOS System architecture includes the platform and hardware used to protect IOS devices, software update releases, developer/application certification, and sandbox mode for application testing.
- Encryption and data protection systems are also in place to safeguard user data in the event of theft or an attack. Other security features include data Protection technology, passcodes, data class policies, and the iOS keychain.
- IOS Network security refers to the procedures in place to protect data as it is transmitted, like VPN capability, encrypted Wi-Fi, and Transport Layer Security.
- Device access prevents unauthorized parties from using the device and includes security measures such as passwords, passphrases, unlock patterns, and remote wipe tools. All of these iOS security features work together to ensure that Apple iOS devices are secured through different types of uses and from different types of attacks.
OS Security can be viewed in four layers.
Malicious Mobile Applications
There is one thing common between IOS and Android is that Malicious Applications are same for both of them. Four main kinds of Mobile Malicious Applications are
As discussed above about MOBILITY. We can conclude that “MALICIOUS FUNCTIONALITIES” and “VULNERABILITIES” are the TWO major all-time Mobile App and Mobile Code SECURITY Risks.
Malicious Functionality
- Activity monitoring and data retrieval
- Unauthorized dialing, SMS and payments
- Unauthorized network connectivity (exfiltration or command & control)
- UI impersonation
- System modification (rootkit, APN proxy config)
- Logic or time bomb
Vulnerabilities
- Sensitive data leakage (inadvertent or side channel)
- Unsafe sensitive data storage
- Unsafe sensitive data transmission
- Hardcoded password/keys
