Over the past few years, cyber criminals have expanded their focus from desktop PCs to mobile devices such as smart phones, PDAs, and tablet computers. Unfortunately, even though many mobile devices approach personal computers in functionality, most mobile users are not aware of the degree of security threats in the mobile environment. “As mobile Internet usage continues its rapid growth, cyber criminals are expected to pay more attention to this sector” (Siciliano, 2010, p. 1). There are several security threats related to mobile devices. The most common security threat associated with mobile devices is their propensity to become lost, stolen, or misplaced. Social Engineering is a method used by cybercriminals to trick users into providing personal or financial information, or downloading malicious software. One common social engineering attack against mobile devices involves attempts to collect personal, credit card, and banking information from users. Malware is short for malicious software and refers to a collection of malevolent software tools designed to attack the pillars of information security: confidentiality, integrity, availability, and authentication. Although malicious software and security attacks can occur in a number of ways such as SMS text messaging, the primary mode of infection is through the download of mobile applications such as games. Unfortunately, all mobile devices and all mobile operating systems are subject to mobile malware attacks. As a result, malware has become a prevalent threat to mobile devices.
TopIntroduction
The three core pillars of information security are confidentiality, integrity and availability. Known as the CIA Triad, these elements form the basis for developing and assessing all information security efforts. Confidentiality means that information is not available to people who are unauthorized to access it. Integrity means that changes to the information by unauthorized personnel is not allowed. And availability means that information is available to authorized users when and where they need it. The concept of authenticity is frequently included when discussions of information security occur. Authenticity means that the user requesting or accessing the data is who he or she states they are. (Stewart, 2008) Threats against any of these security principles form the basis for malicious attacks and cyber criminal activity.
The term mobile device can mean different things to different people. Some consider all devices that can be used to connect through wireless networks to be mobile devices. For the purposes of this chapter, mobile devices are defined as the category of handheld devices including cell phones, smart phones, PDAs (Personal Digital Assistants), and tablet devices such as the Apple iPad. Desktops, laptops and netbooks are included in the family of personal computers. These two categories of computing devices have much in common but there are some distinguishing issues related to handheld mobile devices. This chapter will focus on those security issues that are applicable to handheld mobile devices.
Mobile devices are uniquely susceptible to security risks in that they are always on and accessible, and provide several means of communication and connectivity through text and multimedia messaging, voice, and wireless connectivity through Bluetooth and Wi-Fi. Although they offer tremendous benefits with their convenience, functionality and immediate access to data, messaging, downloaded applications, and Web services, mobile devices are also fertile grounds for cyber criminal attacks. Each of these avenues is the means to distribute malicious software to the mobile device.
Users of computer technology commonly translate security threats into the need to protect their computers from hackers and cyber criminals who may try to steal information for nefarious purposes or destroy data for fun. Many users understand the risk of security threats such as viruses and identity theft and have taken steps to protect their personal computers with software to protect against these malicious software attacks. However, “Viruses, Malware, & Spyware are no longer threats for just PC owners. Malicious software is steadily making its way into our pockets.” (Kardos, 2010, p. 1). Over the past few years, cyber criminals have shifted their focus from desktop PC’s to mobile devices. Unfortunately, even though many mobile devices approach personal computers in functionality, most mobile users are not aware of the degree of security threats in the mobile environment. “As mobile Internet usage continues its rapid growth, cyber criminals are expected to pay more attention to this sector” (Siciliano, 2010, p. 1). A troublesome trend in mobile devices is indicated by the escalating numbers of mobile malware and the increasing use of Internet capabilities in mobile devices. Together these indicate “a growing malware development community” and an “increasing source of potential attack vectors.” (Jansen, 2008, pp. 3-9).