Mobile security involves protecting portable devices, such as laptops, smartphones, and tablets, in addition to the networks they are connected to, from threats or security breaches associated with mobile computing.
Mobile security may also be referred to as wireless security.
Ensuring that mobile devices are safe and secure has become increasingly important in the past decade. The total number of devices in operation, as well as the wide-ranging applications they are used for, has increased substantially in recent years. There is also an ongoing trend across corporate sectors in which employee users are connecting to corporate networks with their personal mobile devices. This practice is referred to as bring-your-own-device (BYOD) and presents significant security risks, making device monitoring and management more challenging.
A wireless security survey from 2012 polled approximately 500 professionals in IT security and management domains. These professionals ranked the following mobile security concerns as posing the greatest threats.
1. Loss of a device.
When a device such as a tablet, mobile phone, or laptop is left at a restaurant or bar, or in a taxi or subway, it presents a significant security threat. Potentially sensitive data, such as private customer information or intellectual property, is made vulnerable. Similar incidents have already resulted in numerous high-profile corporate data breaches. In addition, given the increasing prevalence of BYOD in corporate settings, the chances that a device contains sensitive information is augmented.
2. Application security.
The second concern ranked by IT professionals was the securing of applications. One of the most significant hurdles here is that applications request privileges which permit them access to various data on the mobile device. When users download and install an application on a mobile device, they often agree to allow the app access to their contacts, browsing history, and location, among other sensitive data. These apps, which are often made available free of charge to the user, offer this valuable customer information to ad networks, who are willing to pay for the extraction of this data. But when sensitive corporate data such as contacts, calendar items, or even the location of employees is leaked, it hurts the company.
Another application security concern is malicious or infected applications that appear to perform normally but secretly collect sensitive data and upload it to a remote server.
3. Malware attacks.
Malware attacks were among the top security concerns for mobile security. In the world of wireless devices, the most significant concern is SMS Trojans, which are designed to charge fees for premium text messages. Android devices are the most susceptible to this threat, though other platforms may attract different varieties of cybercriminals, particularly financially motivated hackers who use mobile payment technologies to make money. According to an analysis of malicious Android files, approximately 4 out of 5 are classifiable as Trojans, while 1 in 10 are monitoring tools, and the remainder (5%) are malicious applications.
4. Device theft.
Finally, device theft was another top concern. Smartphone theft is a common issue, primarily affecting individuals who own high-end or recently released devices such as iPhones and Androids. When devices are stolen, there is a danger that corporate data, including access to email and account credentials, falls into the hands of the wrong person.