Mobile Threats and Attacks
• Mobile devices make attractive targets:
– People store much personal info on them: email, calendars, contacts, pictures, etc.
– Sensitive organizational info too…
– Can fit in pockets, easily lost/stolen
– Built-in billing system: SMS/MMS (mobile operator), in-app purchases (credit card), etc.
– Many new devices have near field communications (NFC), used for contactless payments, file transfer, etc.
– Mobile device become wallet : Paytm, Mobiquick, etc.
– Location privacy issues
• Increase mobility → Increased exposure
• Easily lost or stolen – device, content, identity
• Susceptible to threats and attacks – App-based, – Web-based, – SMS/Text message-based
App Based Risk
• Mobile devices may contain malware. Consumers may download applications that contain malware.
• Consumers download malware unknowingly because it can be disguised as a game, security patch, utility, or other useful application.
• Difficult for users to tell the difference between a legitimate application and one containing malware.
• Many web threats are device-agnostic making them dangerous and extensible to all types of devices. To protect against web threats, the MDS service ensures that all mobile device traffic, including from native and mobile web applications, is routed through a secure, encrypted VPN tunnel to the MDS service. The service uses WebFilter technology, to scan all transmissions, including encrypted traffic.
• By identifying and blocking malnets, the infrastructures used to launch new malware attacks, web security proactively stops attacks by blocking malware at the source.
How it Protects:
• Encrypt all communication between end-point and MDS PoD
• Block traffic from Mobile device to – Malnets – Mallicious Websites – Infected websites
• Block traffic from WWW to Mobile device if – File is found infected with malware – File risk rating is high – File type is not allowed as per Policy
• Deploy Mobile Device Security
• Perform constant market research
• Provide non-technical executive management enough information to make informed risk decision(s) regarding mobile devices
– Immature market = limited choices, constant change
– Set realistic expectations
– Communicate risks in business terms