The popularity of smart phones and their relatively low security have made them easy targets for cyber attackers. Cyber criminals have seized the opportunity and increased attacks on mobile devices. The rate of attacks on mobile devices is increasing each year with attackers being more sophisticated. Taken measures to curb such attacks seem to be unproductive and slow to catch up. Most of the attacks are financially motivated. Cyber criminals try to steal data, passwords and take down the important communication infrastructure. The value of cryptography and encryption in mobile security and challenges of controlling information online will be discussed.
Emerging Cyber Security Issues and Vulnerabilities
Understanding the emerging threats and working towards neutralizing cyber attacks is the key to maintain cyber security and ensure the communication infrastructure is not in danger. Mobile devices are increasingly being targeted by cyber criminals. This increased attacks directed towards mobile devices can be attributed to the existence of three major operating systems on the mobile platform. According to the Emerging Cyber threats Report (2012), mobile device is a favorite target since most of its applications depend on the net thereby presenting new security challenges in terms of scale and usability. In addition to that, mobile devices could be new vectors for introducing malware and viruses into other devices. The increased number of people who use the Internet means that more people are exposed to cyber attacks (Emerging Cyber threats Report, 2012).
The increased vulnerability of mobile devices will be aided by the fact that most applications rely on the Internet. Some of the factors that make mobile devices vulnerable to cyber attacks include the web browser security in capabilities, mobile device’s small screens, and existence of SSL icons on the browsers in varied ways. The Emerging Cyber threats Report also points out that the emerging mobile threats are aimed at stealing users’ data. The report states that attacks launched against android and iOS devices are increasing. The fact that botnet is evolving is also captured in the report. The report also mentions that controlling of online information could be the key to win the cyber security war and points out that advanced persistent threats will adapt to the security measures that are in place until the attackers’ aim is achieved. The report also mentions that computer hardware and cloud computing could form new avenues through which attackers will launch their attacks. Additionally, weak passwords, human error, and inadequate user education are mentioned as the major vulnerabilities.
Vulnerabilities of Mobile Devices in Regard to Usability and Scale
The number of mobile device users is increasing. Therefore, the number of cyber attacks that target mobile devices rise. The devices are increasingly becoming vulnerable to the attacks as people continue handling sensitive data and information on their mobile devices. Social networking applications hold a lot of information about users while recent developments have made it possible for financial transactions to be done from the mobile devices. Most of the vulnerabilities of personal computers are shared with mobile devices, but some attributes of the mobile devices make them more vulnerable. Firstly, the portability of the devices makes it easy for attackers to steal them and access all the personal information. Secondly, many mobile software masquerade as being legit yet they are malicious. This software can easily be developed by attackers and the service providers might also offer third party applications without evaluating their safety thus exposing the devices to attacks (Ruggerio and Foote, 2011).
Vulnerability of mobile devices is high due to the fact that most of the applications rely on the browser. This makes it easy for web based attacks to be launched. Additionally, a device constraint such as the small screen sizes makes it hard to solve the flaws in the browsers. In addition to these, most mobile devices are not regular updated and patched. The browsers and most operating systems never get updated thus giving the attackers advantage in that they can take their time to find their way into the device’s system (Emerging Cyber threats Report, 2012).
The vulnerabilities can be mitigated in various ways. Firstly, it is important that users consider the security features of the devices before acquiring them. A secure device should offer file encryption, have authentication features such as passwords, and offer the ability to find and wipe off malicious wares (Ruggerio and Foote, 2011). Users should configure their devices to be more secure. Password features should be enabled, and users should be encouraged to use complex passwords. Configuring web accounts to use secure encrypted connections will prevent attackers from accessing the web sessions and eavesdropping. Mobile device users are also encouraged to avoid following links that are sent through suspicious mails or texts. Such links could lead to malicious websites thus exposing the devices to attacks. Another way through which the vulnerabilities can be contained is by considering the type of information stored on the devices. Less personal and financial information on the device provides some security to data theft. Additionally, users should be careful about the applications they install on their devices and avoid the use of third party firmware that may contain malicious codes or security vulnerabilities (Emerging Cyber threats Report, 2012).
The Value of Cryptography and Encryption
Cryptography and encryption make it possible for information to be shared between two or more people more securely. It provides integrity, authentication, and non-repudiation. Encryption makes it possible to share information between two parties to be concealed with the sender encrypting the message and the receiver decrypting it. To an eavesdropper, such information will be unreadable. Integrity on the hand makes it possible for the receiver of the encrypted message has not been altered by a third party while in transit. Authentication makes it possible for the receiver to verify that the source of the information is known to him. Lastly, non-repudiation makes it possible for the sender not to deny the fact that he sent the information (Elbaz, 2002)
Cryptography and encryption can be used to provide privacy and confidentiality. By encrypting the message, the third party, who intercepts it, will not be able to decrypt it without the decryption key. A good crypto system should provide enough possible keys to make it hard for attackers to find them, and its generated cipher text should look random. Equifax policy on mobile devices is based on encapsulation. This has been achieved by encrypting the corporate part of their employees’ devices thus making it possible to point out devices that might be compromised (Emerging Cyber threats Report, 2012). Cryptography and encryption, therefore, make it possible to protect enterprises from cyber attacks by preventing the corporate information from being decrypted by attackers.
Gunter Ollmann’s Comments about Zeus-in-the-Mobile
In recent times, botnet attacks have started focusing on specific operating systems. According to Ollmann, controllers of botnet are creating huge profiles of their users. The information on the profiles includes both personal and financial. This information, according to Ollman, is later sold and finally gets into legit channels. Botnets are used to steal information thereby making it possible for such information to be used elsewhere without the knowledge of the victims. Such information is usually valuable to businesses that use it for lead generation reasons. Such businesses buy the information without realizing that it was stolen. Additionally, information acquired thorough botnets can be used in forms for marketing purposes. Ollmann claims that the botnet controllers are creating profiles of their users which are quite true. According to info security (2012), there is evidence to show that Zitmo is changing into a botnet. Botnets specialize in stealing of information from unsuspecting users. Therefore, Ollmann’s claims can be justified since many unsuspecting users are increasingly using applications that contain such Trojans.
Security breaches such as this will have severe implications. After infecting many computers and devices, the master of the botnet network can use it to deliver a DDos attack. After establishing such a network, the botnet masters might also decide to sell them to other cyber attackers who want to carry out a large scale attack. Botnets also monitor and give a report of users activities on the web for profit purposes. They can be used automatically to download and install some adverts or force the browser to visit some sites from time to time. Identity theft via botnets can result in loss of money and blackmailing of victims (Emerging Cyber threats Report, 2012).
Greatest Challenge in Controlling Information Online
The main challenge in controlling information online is that hackers are also in the race to control information. They have developed attacks that affect both the DNS service providers and the certificate authorities. These kinds of attacks have proved to be very challenging due to their complexity. Apart from being hard to detect, they surpass the need to have attackers put a man in the middle. The attacks will go undetected even on people who are security conscious. In addition to that, stolen certificates authorities can be used by attackers to create fake applications that will enable them to have control of information, steal money, and also steal personal information.
Biggest Issue with Mobile Browsers
According to Dan Kuykendall, one main problem of mobile browsers is that they never get updated. This is unlike in the personal computers where browsers are usually set to update themselves automatically. Lack of updates makes such browsers easily vulnerable to attacks since more attacks that the browsers can not define keep emerging every day. It takes time for mobile threats to be remedied thus leaving the users vulnerable to more attacks. A good example to illustrate Kuykendall is the lack of updates on the Symbian platform that results in the Zeus banking Trojan circulation for a couple of years.
Mobile devices are losing their main functional purpose to be a means of communication. Many people use them as devices to access the Internet. Increased use of mobile devices has also resulted in increased attacks from cyber criminals. This has been reasoned by the fact that mobile devices are more vulnerable since most of the devices have lax security measures against cyber attacks. One main factor that makes the devices more vulnerable than personal computers is that most of the applications rely on the browser. The browsers lack regular updates thus making them susceptible to new threats.