Are phones the weakest link of Internet accessing digital devices? That’s a question asked in a research paper on the topic published by the University of Pennsylvania, “Mobile Devices and Cybercrime: Is Your Phone the Weakest Link?” (Wharton, 2013). In recent years mobile devices with ubiquitous Internet access have become the norm. As of last year, a pew study showed that 56 percent of American adults now have a smart phone (Farivar, 2013). Many of these have plans on 3G or 4G networks that allow for 24-hour connection to the Internet. With this new technology come new threats to people’s security. Gone are the days when people had to return to their houses and dial up on a modem to get connected to the Internet. The majority of Americans are now connected every second of every day and with that new connectivity is new risk those carrying Internet enabled mobile devices run.
While 56% of Americans have smart phones, 89% of workers in corporate environments are connected on some sort of mobile devices such as smart phones or tablets, making this ubiquitous in corporate climates. (Dimensional Research, 2012). The University of Pennsylvania’s report on the issue warns, “as wireless devices become increasingly ingrained into the daily lives of Americans, they open the door to heightened security risks” (Wharton, 2013). The risks comes from the fact that security measures that are routinely implemented and monitored on desktop computers, this habits such as this and password protection are not as common to take on mobile devices.
Research undertaken by the Harris Interactive survey done by the Cellular Telecommunications Industry Association has shown that less than 50% of mobile device users enable passwords or personal identification numbers on their mobile device (Wharton, 2013). This means that only half of people who do their banking online are taking measure to assure that the data being transferred is encrypted using security software. While 91% of people have installed anti-virus software on their laptops, only one-third of people have taken such measures on their mobile device.
The underlying cause of this threat stems from perception. People who take measures to secure desktop and laptop computers do not see it necessary to take the same measures on their mobile devices that they do on their computers. Only 45% view cyber security threats in the same way that they view attacks on their desktop computers (Wharton, 2013). Until people understand the threat levels they face from attacks on their mobile devices, or companies who build mobile devices program in better security software, this trend is unlikely to change.
The dangers that this lack of measure taking can lead to are many. With third parties able to write apps at will, and there not being extensive oversight into the coding of these apps, rogue mobile apps can be set up to record information like passwords, pins and bank account numbers (CTIA, 2013). Personal information is also vulnerable from this threat. From emails, to text messages, attachments, logins, photos and credit card numbers are all vulnerable on an unprotected mobile device.
Another source of a threat is mobile devices connected to unprotected Wi-Fi networks. With more people bringing their mobile device to the office to use for both personal and professional reasons, and rates still low of users securing these devices, the impact of the threat mobile devices pose on cyber security is significant.
Many offices have a BYOP policy, which stands for “Bring your own phone.” This means that business stand to lose from lapses in an individual’s mobile device if that person is using their personal phone for business reasons but not installing software that secures their device against cyber attacks.
According to the research compiled by the Wharton report this problem seems to be growing larger and does not show signs of reversing any time soon. “The problem is expected to grow as people step up their use of wireless devices. . . By 2015, more Americans are expected to access the Internet through a mobile device than a PC” (CTIA, 2013). By 2017 it is expected that four fifths of all Americans will be using a smart phone.
Also changes to how Americans use money will likely lead to a similar increase in cyber threats posed by mobile devices. More and more Americans are moving away from cash and credit cards to simplify their buying patterns by using mobile wallets (Wharton, 2013).
The US-CERT, or The United States Computer Emergency Readiness Team has come to this same conclusion in their unclassified 2010 report on the topic: Technical Information Paper-TIP-10-105-01. Looking at the global scale of the increase in mobile devices, they have identified current and future threat that the ever-increasing use of mobile devices will pose (CERT, 2010).
US-Cert has broken the threats into five categories. These are: threats of social engineering, exploitation of social networking, mobile botnets, exploitation of mobile applications and the exploitation of m-commerce. For every day citizens, the risk is stolen identity, breaches of privacy, and the financial and credit history risks that are associated with them. The US government though sees potential security risks for the country from cyber attacks on mobile devices (CERT, 2010). Some companies have developed software designed for spying available for mobile devices, which are being sold ass legitimate consumer project. This software is available for almost all of the major smartphones, including iPhone, Blackberry, and Windows Mobile. (CERT, 2010).
FlexiSpy is an example of such software. It retails for only $350.0 and can be used to evade detection from tracking, reject communication that is not on a predetermined list, listen to other’s phone calls as they are happening, record security SMSs and calls, view a phone’s GPS location, and forwarding emails to an alternative email address. FlexiSpy according to their website exists to help parents monitor their children and catch cheating spouses, but the possibilities for its abuse are obvious. If this is a product available for purchase to everyday consumers, image what sort of capability less public apps developed in secret might be able to do.
Phishing is also commonly targets users of mobile devices (CERT, 2010). Fishing is trying to pass off a bogus site as a legitimate one, usually to access login passwords with the goal of stealing money. Vishing is similar but instead of masquerading as a site, it uses voice calls to gain the same information. Finally, there is also Smishing, which is a way of exploitation through SMS messaging.
New York State’s Division of Homeland Security and Emergency services has done their own research and compiled their own report on the potential threats that mobile devices pose due to the treat of cyber attacks. Listed in their report is something that is missing from the CERT report. This is the Advanced Persistent Threat. Also called ATP, Advanced Persistent Threat is the threat that breaching does not occur just once, but that someone is able to gain continual access to information on a mobile device without detection. At the time of their report, the projected that, “PT is likely to remain high in 2012” (DHSES, 2011). This threat is likely to remain high for the foreseeable future.
While the world is quickly changing in how they communicate, share and store information, the ways that they protect that information are not advancing with the growth of technology. Looking at the state of statistical research on the topic paints the picture that more people than not using mobile devices are not protecting them. As cyber criminals get more advanced in their ploys to steal personal information, the need to protect one’s mobile device will become ever more important. It is not that there is not measures and software available to protect users, but that too many users are not familiar with the threat their mobile device poses and what to do to combat it.
References:
CERT. Retrieved February 18, 2014, from https://www.us-cert.gov/sites/default/files/publications/TIP10-105-01.pdf
Farivar, C. (n.d.). ArsTechnica. Ars Technica. Retrieved February 21, 2014, from http://arstechnica.com/business/2013/06/56-percent-of-americans-now-own-smartphones-pew-study-finds/
Mobile Technology Fact Sheet. (n.d.). Pew Research Centers Internet American Life Project RSS. Retrieved February 18, 2014, from http://www.pewinternet.org/fact-sheets/mobile-technology-fact-sheet/
Mobile Devices and Cybercrime: Is Your Phone the Weakest Link?. (n.d.).KnowledgeWharton Mobile Devices and Cybercrime Is Your Phone the Weakest Link Comments. Retrieved February 21, 2014, from http://knowledge.wharton.upenn.edu/article/mobile-devices-and-cybercrime-is-your-phone-the-weakest-link/
The Impact of Mobile Devices On Information Security. (n.d.). Dimensional Research. Retrieved February 20, 2014, from https://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report.pdf
Smith, T. D. (n.d.). New York State. NYS Division of Homeland Security & Emergency Services. Retrieved February 21, 2014, from http://www.dhses.ny.gov/ocs/awareness-training-events/news/2012-01.cfm