Security Threats on Mobile Devices

Security Threats on Mobile Devices

Lukáš Aron (Brno University of Technology, Czech Republic)
DOI: 10.4018/978-1-4666-8345-7.ch003


This chapter contains basic introduction into security models of modern operating system like Android, iOS or Windows Phone. There are described the methods of attacks to the mobile devices. Such attacks consist of application based threats and vulnerabilities, network based attacks and internet browser vulnerabilities. The following section contains description of defensive strategies and steps for securing the device. There is also section about securing mobile device for enterprise environment. At the end of this chapter are discussed recommendations for security practices for mobile devices.
Chapter Preview


Development on mobile devices development has been enormous over past 20 years and its results are all around us. It has been a long time since mobile phones were used only for making a call or writing short text messages. Technologically advanced societies are trying to speed up and simplify any process that can be automated and to provide user an easy access to it. These processes may be implemented as applications on mobile devices and are aimed on helping people to finish daily tasks easily or more quickly. Such mobile devices could be smart phones, tablets, notebooks or similar devices which man can easily carry along with him. Recent years have witnessed an explosive growth in smartphone sales and adoption.

The software on these mobile devices consists of an operating system and applications that are installed on the device. The most widespread operating system is Android (Burnette, 2009; Tesfay,

Booth & Andersson, 2012) from Google, which will be the model example for the further explanation, mainly because of its popularity and open source properties, but the principles can be applied to every other platform being used. The paper is going to introduce and explain the principles of mobile threats appearing through all platforms of mobile operating systems. There are also covered topics like securing Android for enterprise environment or recommendation security practices for mobile devices. The introduction into security on mobile devices begins with security models of mobile platforms Android, iOS and Windows Phone, which are explained in the first part of this chapter.

The next section of this paper is being aimed on the basic information about application-based mobile threats, and types of these threats in detail. Mobile threats are endangering the safety of individuals, companies, and if measures are not taken, than the cybercrime can have an impact on the security of the whole society. First, we have to ask the question: Why do threats and attacks on mobile devices exist? The answer is simple since the motivation could be the same as for the attacks on desktop machines.

Primary target of these attacks could be the secret information, whose gain could lead to stealing user’s money, but attacker could be able to get an access to the computational power of the device, which could be also used for committing more cybercrime. The reason for emphasizing the security of mobile devices has its roots in this: while only experienced users were working with these devices 20 years ago, nowadays users that do not have any IT education and even small children are using modern technologies.

All security rules which were previously applied to personal or business computers or other non-mobile devices are now being applied to mobile devices. These rules are usually stricter, because owner of the device is also the main user (usually the only user) and may transmit sensitive information outside a secure area (e.g. home or office). It is necessary to refuse an access to this device by unauthorized users.

The simplest type of attack is to steal the device. The owner of the mobile device is generally the only user and that is the reason why there is not great emphasis on the physical security. This could be dangerous if the stolen device is the workstation of the user and the security threat to the whole company when the device is connected into corporate network. These problems related to networks and enterprise environment are covered after the section about application-based mobile threats.

There are a lot of types of security threats on mobile devices, but the weakest point is always non-expert user. In this chapter are discussed these threats that the user cannot control or can be deceived by the attacker. There are also cover defensive strategies and steps what to do for protecting the mobile devices as much as it possible. There are also recommendation security practices for mobile devices in the almost last part of this chapter.

The first section of this chapter is introduction into security models. Such models of modern mobile operating systems and compare them. The second part is targeted to application-based mobile threats and there are covered the most discussed security threats like malware, spyware, and privacy leak threats. After section about application-based mobile threats follow the section with caption defensive strategies. These strategies are steps for protection the mobile device. Different types of mobile threats which come from classical computers are browsers threats. These types of threats are well known from desktops and mobile devices are usually connected to the internet through internet browser which has almost the same vulnerabilities like the desktop one.

Complete Chapter List

Search this Book: