Threat and Security Issues in Mobile Computing
Mobile computing provides a variety of wireless devices that has the mobility to allow people to connect to the internet. It provides wireless transmission to access data and information from the locations they are stored.
There are mainly three aspects of Mobile computing
- Mobile communication: This aspect specifies the communication issues in ad-hoc, infrastructure networks, communication properties, protocols, data formats and concrete technologies.
- Mobile hardware: This aspect specifies the mobile devices or device components that are used in mobile computing.
- Mobile software: This aspect specifies all the necessary files and software related to the computer used in mobile computing.
As we know that mobile computing is the communication between computing devices without any physical connection between them, we use wireless networks to establish connections in mobile computing. So there are always some chances of threats and security issues due to wireless connections.
Mobile Computing faces many improper and unethical practices and problems such as hacking, industrial espionage, pirating, online fraud and malicious destruction etc. The threats and security issues of mobile computing can be divided into two categories:
- The security issues that are related to the transmission of information over wireless networks.
- The security issues and threats that are related to information and data residing on mobile devices.
General Security Issues
There are mainly five fundamental goals of security used in the information system to deal with security issues. They are:
Confidentiality
This is used to prevent unauthorized users from gaining access to any particular user’s critical and confidential information.
Integrity
This is used to ensure that any type of unauthorized modification, destruction or creation of information cannot be done.
Availability
The availability is used to ensure that authorized users get the required access whenever they need it.
Legitimate
This is used to ensure that only authorized, and legitimate users have access to the services.
Accountability
Accountability is used to ensure that the users will be responsible for their security-related activities by arranging the users and their activities in a linked form.
We have to achieve these goals according to the security policy used by the service providers.
Wireless Security Issues
Wireless security issues are considered as the primary security issues of mobile computing. These are related to wireless networks. These issues occur when the hackers intercept the radio signals. Most wireless networks are dependent on other private networks, which are managed by others, so after these issues, the users have less control of security procedures. These security issues are:
Denial of Service (DOS) attacks
The denial of services or DOS attacks is one of the most common attacks of all kinds of networks and especially in a wireless network. It prevents users from using network services because the attacker sends a large amount of unnecessary data or connection requests to the communication server. It causes a slow network, and therefore the users cannot get benefitted from using its service.
Traffic Analysis
Traffic analysis is used to identify and monitor communication between users. In this process, the service provider listens the traffic flowing in the wireless channel to access the private information of users affected by the attacker.
Eavesdropping
It specifies that the attacker can log on to the wireless network and access sensitive data if the wireless network was not secure enough. This can also be done if the information is not encrypted.
Session Interception and Messages Modification
It specifies that the attacker can intercept the session and modify the transmitted data in this session. This scenario is called “man in the middle.” It inserts the attacker’s host between the sender and receiver host.
Spoofing
In this security issue, the attacker impersonates him as an authorized account of another user and tries to access the sensitive data and unauthorized services.
Captured and Retransmitted Messages
In this security issue, the attacker can get some of the network services by getting unauthorized access. After capturing the message, he/she can reply to it with some modifications to the same destination or another.
Device Security Issues
Mobile devices are very prone to new types of security attacks and fraud issues. These issues are not only because of the mobile devices’ vulnerability but also because of the sensitive data that the mobile devices have stored. These security issues and threats such as Virus, Spyware and Trojan may damage or destroy the mobile devices and steal the information stored on them. A virus is a part of malicious software or spyware that tends to gather information about the user without his/her knowledge.
Following is a list of some mobile computing security issues we face using mobile devices:
Push Attacks
In the push attack, the attacker creates a malicious code at the user’s mobile device by hacking it and then he/she may spread it to affect other elements of the network.
Pull Attacks
The pull attack is a type of attack where the attacker controls the device and handles it in his/her way. He can decide which emails they want to receive. In this attack, the user can decide about the obtained data by the device itself.
Forced De-authentication
In this security issue, the attackers convince the mobile end-point or the mobile user to drop its connection and re-connection to get a new signal. Within this process, they insert their device between the mobile device and the network and steal the information or do the fraud.
Multi-protocol Communication
The multi-protocol communication provides the ability of many mobile devices to operate using multiple protocols. For example, A cellular provider’s network protocol. Most of the protocols have some security loopholes, which help the attacker to exploit this weakness and access to the device.
Mobility
This security issue may occur because of the mobility of the users and the mobile devices. You may face these security threats due to a user’s location, so you must replicate the user profiles at different locations to allow roaming via different places without any concern regarding access to personal and sensitive data in any place and at any time. This repetition of sensitive data on different sites can increase seethe chances of security threats.
Disconnections
These types of security issues occur when mobile devices go to different places. It occurs in the form of frequent disconnections caused by external parties resulting in the handoff.
Personnel security issues or insider attacks
These are the non-technical attacks. They are occurred due to the lack of awareness of security policies. Due to this reason, many times, security breaches occur. Even though corporate has standard policies for mobile device security, many employees don’t understand its risks. It is found in a study that most of the security risks and threats (almost 72%) occur because of careless employees than hackers (28%). It shows the importance of implementing a strong combination of technology and security awareness within an organization.
How to handle security issues?
The biggest issue in mobile computing is the credential verification of users. Because the users share the username and passwords, it may become a significant threat to security. Due to this sensitive issue, most companies are very reluctant to implement mobile computing. Some recommendations can be followed by companies or mobile users to keep their mobile devices and the data stored in the devices secure.
- The company should hire qualified personnel.
- You should install security hardware and software.
- You should ensure that the data stored in the mobile devices are encrypted and audited.
- Educate the users on proper mobile computing ethics and security issues.
- You must ensure that the mobile devices are configured with a power-on authentication to prevent unauthorized access if lost or stolen.
- You must ensure that anti-virus software is installed on mobile devices.
- Make sure that the firewall client is installed on mobile devices.
- Make your mobile devices encrypted with a strong password.
- Encrypt your data stored in the secondary storage devices such as Memory Sticks, Data card, removable USB etc.
- Ensure that the Bluetooth, Wi-Fi, etc. enabled mobile devices are turned off when you are not using them.
- Make periodic backups of your mobile devices on a data server.