Originally released: Adelphi, MD | April 1, 2013
In 2013, evolutionary development has been driven by wanting more computational and communication capabilities, but also by our desire for more information (Raval, 2010). Inasmuch, we have moved away from stationary devices and static use to mobile and dynamic, all as a function of pushing the envelope and working outside the boundaries and rules of industry and academia (Dyson, 2012).
The ascendancy of mobile computing offers great opportunities, but also presents a new series of security challenges (The Economist Business Unit & Booz Allen Hamilton, 2011), specifically that: mobile device proliferation, coupled with a disparity of capabilities in these same devices, which in turn will result in a proliferation of malware threats (Wright, 2011) where interdependencies and complexities of the 21st Century have an ever-increasing impact on our lives, real and perceived (Department of Homeland Security, 2009). As a result: technological weakness, configuration weakness, and security policy weakness (Rufi, 2007) add to threats and vulnerabilities from everyday business practices, such as our supply chains experiencing out-of-the-box hardware and software having pre-installed malware (Keizer, 2012).
Dangerous beliefs, such as accessing the Internet from a mobile device is as safe or safer that accessing from a “traditional computer” (Ruggerio & Foote, 2011), fail to recognize that some “really bad things” can happen to our mobile devices (Meyers, n.d.). Part of the issue is that we have yet to properly define what “mobile computing” is even as mobile devices are becoming prime targets because their increased use, storing of sensitive data, use calendar functions, contact information, passwords, and other vital information (Ruggerio & Foote, 2011), offering to serve the same functions or computers, with comparable computing power, but with little, or no, endpoint security (Juniper Networks, Inc., 2012).
Therefore, what does “mobile computing” exactly mean in 2013? 15 years ago, that may simply have meant having a laptop; 10 years ago, it may have meant having a laptop that could connect to a Wi-Fi network; five years ago, it may have meant using certain applications on your mobile phone. What will it mean five years from now? Will “computing” be all that different from “mobile computing” soon? Consider the following:
- In 2009, there were approximately 4 billion global mobile users (US-CERT, 2010);
- Over one billion use these devices to access the Internet (The Economist Business Unit & Booz Allen Hamilton, 2011);
- Broadband connectivity rose by 850% in 2008 (US-CERT, 2010);
- Android smartphone unit growth in Q3 2010 alone rose by 1,339.1% (Meyers, n.d.);
- Android malware from July 2011 to November 2011 increased by 472% (Thinesen, 2011);
- As of 2011, 50% of all smartphones were Wi-Fi enabled, but the projection is that by 2014, 90% of all smartphones will have Wi-Fi capabilities (Juniper Networks, Inc., 2011);
- Mobile commerce industry accounted for $1 billion worth in sales in 2009, but may account for $170 billion by 2015 (Levin, 2012); and
- By the end of the decade there may be 35 billion devices running 24 million different apps (Tolentino, 2012).
Mobile device attacks are multi-faceted, targeting: browsers, SMS, e-mails, but also are using previously successful techniques, such as exploiting the USB flash drive of the phone, all with a view to copying and stealing the data (Georgia Tech Information Security Center & Georgia Tech Research Institute, 2011). But many of these devices rarely employ the “security measures” we would use on a “regular computer”, even though these devices, in principle are computers, such as anti-virus software or firewall protection.
This can be particularly scary if we consider the new trend of BYOD. This is an entirely new and evolving phenomenon that has increased our exposure in ways that may not be measurable yet, particularly since organizations cannot use typical defenses on the devices of employees (Tapestry Networks, Inc., 2012). Adding to the problem is that the architects and administrators can no longer “lock down” or “routinely update” the device since it is physically in the hands of the user, creating a whole new set of vulnerabilities.
Wireless networks, be they Wi-Fi, Bluetooth, Mobile Broadband, Near Field Communication, are still networks, and are exposed to the same risks wired networks are; that said, they are vulnerable to additional risks as well as a function of their wireless capability (Radack, n.d.). From a technical standpoint, unless protective measures, such as encryption (Wright, 2011), are taken, these wireless networks, which transmit data through radio frequencies (Radack, n.d.), are fair game for attack even exposing: personal information, banking details, contacts, and so on, to be used to access money, data, or even steal an identity (Government of Australia, n.d.).
This is a complex problem we are facing and achieving cybersecurity is not a destination, but rather, it is journey (Marinos & Sfakianakis, 2012). Its composition is amorphous and in a constant state of flux, which is only frustrated by the fact that so many of the crippling attacks still being conducted (with great success) utilize well-known and unsophisticated technologies (Namestnikov, 2012). Inasmuch, an effective cybersecurity program could address these issues while keeping pace with new trends.
Works Cited
Government of Australia. (n.d.). Secure your mobile phone and device. Retrieved from Stay Smart Online: http://www.staysmartonline.gov.au/home_internet_users/Secure_your_mobile_phone_and_devices
Juniper Networks, Inc. (2011). Mobile Device Security – Emerging Threats, Essential Strategies: Key Capabilities for Safeguarding Mobile Devices and Corporate Assets. Sunnyvale, CA: Juniper Networks, Inc.
Juniper Networks, Inc. (2012). Malicious Mobile Threats Report 2010/2011: An Objective Briefing on the Current Mobile Threat Landscape Based on Juniper Networks Global Threat Center Research. Sunnyvale, CA: Juniper Networks, Inc.
Levin, N. (2012, June 21). Attack of the Phones: Combating Cyber Threats in the Era of Mobile Commerce. Retrieved from McAfee: http://blogs.mcafee.com/consumer/ecommerce/attack-of-the-phones-combating-cyber-threats-in-the-era-of-mobile-commerce
Melanson, D. (2012, June 18). Microsoft announces Surface for Windows 8 Pro: Intel inside, optional pen input. Retrieved from Engadget: http://www.engadget.com/2012/06/18/microsoft-announces-surface-for-windows-8-pro/
Meyers, A. (n.d.). Emerging Threats in Mobile Computing. Retrieved from American Council for Technology: http://www.actgov.org/sigcom/mobilityhome/Documents/SRA_Emerging_Mobile_Threats_noanim.pdf
Oak Ridge National Laboratory. (n.d.). A Brief History of Computer Technology. Retrieved from Oak Ridge National Laboratory: http://www.phy.ornl.gov/csep/ov/node8.html
Radack, S. (n.d.). Security for Wireless Networks and Devices. Retrieved from National Institute of Standards and Technology: http://www.itl.nist.gov/lab/bulletns/bltnmar03.htm
Raval, V. (2010). Risk Landscape of Cloud Computing. ISACA, 1.
Ruggerio, P., & Foote, J. (2011). Cyber Threats to Mobile Phones. Pittsburgh, PA: US-CERT.
The Economist Business Unit & Booz Allen Hamilton. (2011). Cybersecurity in the Age of Mobility: Building a Mobile Infrastructure that Promotes Productivity. McLean, VA: Booz Allen Hamilton Inc.
Thinesen, E. (2011, November 17). Malware Threats Increase 472% on Google Android Mobile OS Since Summer. Retrieved from IT Pro Portal: http://www.itproportal.com/2011/11/17/malware-threats-increase-google-android-mobile-os-since-summer/
Tolentino, M. (2012, March 29). Mobile Market Boom Leads To Increasing Cyber Threats. Retrieved from SiliconANGLE: http://siliconangle.com/blog/2012/03/29/mobile-market-boom-leads-to-increasing-cyber-threats/
US-CERT. (2010). Technical Information Paper-TIP-10-105-01 Cyber Threats to Mobile Devices. Washington, DC: US-CERT.
Wright, J. (2011). An Intense Look at the Mobile Computing Threat. Retrieved from SANS Institute: http://blogs.sans.org/pen-testing/files/2011/10/IntenseLookAtMobileComputingThreat-20111012.pdf