Tracking (and Thwarting) the Latest Mobile Threats
— October 21, 2014Our world has only recently taken a dive into another dimension; one which many security experts say we are not ready to venture into.
It has, however, become inevitable that we will dive head-first in this new direction of Mobile Application Development, whether we like it or not. This dimension, mobility, has enhanced the way we do business in so many ways, but it also brings many threats along with it.
Because of the wireless nature of mobile devices, the list of possible vulnerabilities is considerably larger than that of the wired PC. But we’ve ventured too far. We can’t really turn back, can we? Instead of asking ourselves whether the trade-off was worth it, we must understand how we can eliminate the entire “trade-off” aspect of mobile computing!
To understand what we must do to stop hackers dead in their tracks, we must first understand the methods they use to infiltrate our devices:
Phishing
The most typical example of phishing dates back to the 90s, when hackers were posing as legitimate representatives of a company and asking users for sensitive information such as account usernames and passwords. To this day, phishing is a widely-practiced scam, although not as rampant as it was back in its prime. Viet Nam software outsourcing and Vietnam software services firms are trying hard to come up with the most effective solutions to prevent this.
Phishing has since evolved to accommodate for mobile environments. A hacker will now impersonate a service set identifier (SSID), which you may recognize as the network name for a Wi-Fi network, to steal your data. We will need a scenario if we want to fully understand how this works. Let’s say you’re logging into a Wi-Fi network called “Point A.” You tap on your screen, get to the Wi-Fi network list, and tap on “Point A”. But that isn’t the real “Point A.” A hacker tricked your phone into thinking that his fake network is the real one. The process of seeing everything you send and receive is now as easy as starting an application and letting it run. This is known as WiPhishing.
This works because of a fundamental flaw in Wi-Fi. When you send out a packet, there’s no way to know exactly where the access point is. To reach its destination, it needs to be broadcasted via radio waves. The signal will travel in every direction indiscriminately. If another person is connected to the same network, that person will also receive your transmission without even trying to do so.
Preventing phishing is actually easier than you may think. Just connect to a virtual private network (VPN), and you’re set! Because the connection is encrypted from top to bottom, it makes any hacker sniffing your data end up with a bunch of gibberish with no point of reference by which to decrypt the message.
Stealing
Because hacking can be quite difficult, some hackers in the Mobile Application Development resort to just swiping your phone. It’s quick, it’s dirty, and it can get the thief in trouble with the law. But in many cases, it’s very successful, and the stakes can be very high for you if you store sensitive company data on your phone.
Tablets and laptops are hot-ticket items, since presumably more data is stored on these devices. While you should be more careful with these devices, you should certainly protect your phone equally from theft. Most importantly, keep your data off the devices altogether. Instead, use an in-house or cloud server to store your data. In the event of a theft, you should already be prepared with an application that can remotely wipe the data off of it.
Rogue/vulnerable apps
Apps have a way of either intentionally or unintentionally causing you harm. You’ll find more of the latter than the former, but they’re both equally as dangerous. There are lots of patterns these apps manifest through their permissions, so you can still spot them.
If you’re downloading an app from a developer you don’t know, have a long look at the permissions. Do you really need an alternative app for Twitter to be able to initiate phone calls? Think about each permission, and sort out the ones that make no sense. Yes, your app should be able to send emails, especially if it has an email-sharing option. But does it really need to have root access to your device?
What else can you do?
Developer in the Mobile Application Development industry already discussed what you can do specifically to prevent each of the most common types of hacking incidents, but there’s still more you can do.
First, make sure you use different passwords for different services. Is that a little too hard to manage? Then look into single sign-on (SSO).
Turn Bluetooth off when you’re not using it. Although it’s very well-patched against most security threats, you never know when someone will wise up to these patches and slip in through some cracks that were left behind. This only recently became an issue with OpenSSL, which was thought to be extremely secure.
Keep your device’s firmware up to date. Ask your device’s manufacturer or carrier if they have any new patches or see for yourself through their websites if you’re feeling adventurous.
In the end, even the best of us slip up once in a while. That’s why it’s good to hold up some principles and live by the strict security guidelines outlined here. Keeping your devices in line will help them serve you better in the long run and prevent embarrassing blunders.
Source: INC