With the advent of advanced smartphones, our communities and businesses have become more mobile than ever over the past decade. Ease of use and instant access to resources has totally changed the way we think about work today. Surprisingly, it didn’t even take many years for mobile technology to become part of our extended reality. We adopted it into our way of life without any resistance and this change in behavior happened irreversibly.
Work has shifted from onsite to everywhere. You might be sipping a cup of coffee in an airport while attending a meeting with your team spread across all locations. The network in which you work has considerably extended to the space which is in the open air. The perimeter of the network has dissolved and our devices are exposed to the world when they are at work.
Does this mean that we take safety for granted? Are we really safe to conduct our business in such a configuration? How long are we safe until we are listed on a hacker’s target list? What types of cyber attacks are happening via phones around the world? How can we prevent ourselves completely? These are just a few of the questions we will address in this report.
Reasons for security compromise on mobile phones
With the dissolution of the perimeter of the network, the threat surface of organizations has greatly expanded. Below are some points that make your smartphones more vulnerable for running your business.
Mobile data storage
To work on the go, you obviously need data access from anywhere. This means that your data should be stored either in the cloud or on your local drive in your phone. This increases the risk of confidential information leaking if your phone is hacked.
Gateway to a larger network
Due to their connection to a larger network, such as a stockbroker using a mobile to transact, mobile phones can act as a gateway to a larger network that hackers can attack. Forget about mobile phones, even less sophisticated IoT devices are enough for hackers to break into a network and steal sensitive information.
GSM or Wi-Fi attacks
Hackers can try to spy on your Wi-Fi or GSM network. The GSM network uses encryption algorithms belonging to the family of algorithms called A5. Since this encryption algorithm was made public, it has been proven that it can be broken by hackers within hours.
Public Wi-Fi networks can also be easily broken by hackers to distribute malware into connected devices. Hackers can spy on the communication while still being able to steal login credentials or hack accounts.
Mobile devices are convenient. It is as much a risk as an advantage. Even when your mobile is not hacked, its mere physical possession can represent a big loss. Of course, you can secure your devices with password or fingerprint access, but Kaspersky Lab search shows that nearly 52% of people still do not password protect their devices.
Few real incidents
Last year, more than 55 million attacks on cell phones were recorded. The figures per month can be seen in the illustration below for the last two years.
Some of the major incidents that made the headlines are:
WhatsApp used to inject Israeli spyware into phones
In an incident which took place on one of the most used apps, WhatsApp, in 2019, malicious code developed by an Israeli company called NSO Group, could be injected into users’ phones via voice calls over WhatsApp. The company immediately realized the flaw that allowed such an incident and fixed the flaw.
Walgreens Data Breach
In another incident last year related to Walgreens, the second-largest drugstore chain in the United States, It has been reported that an error in their mobile app with over 60 million downloads allowed users to see other users’ private messages. He exposed a lot of private information such as names, prescription details and delivery address.
Under Armor Password Leak
Under Armor is a sports and fitness company that has its mobile app called MyFitnessPal. In an attack, nearly 150 million user passwords to the application were cracked, giving hackers access to all the information on the eating habits of users. Almost a year later, some of these recordings were found available for purchase on the dark web.
Digital Identity Management: The Most Important Security Solution
Just like users, mobile authentication is an integral part of the corporate security solution. Only verified mobile devices should be allowed to use company resources. They must be authenticated by digital certificates that allow security measures in the following areas:
- Email access: Devices with digital certificates authorized to access corporate mail servers.
- Email encryption: This allows encrypted communication and prevention of phishing attacks.
- Secure Wi-Fi: Similar to computers that can access your corporate Wi-Fi network, you can also install certificates on mobile devices to allow them to access your Wi-Fi network.
- VPN access: VPN connections can be configured to allow devices with preinstalled certificates to access the corporate network.
In addition to these areas, using the digital certificate management solution would have additional benefits such as better user experience, increased security and low cost solution. With features such as automatic certificate enrollment, it leaves no gap in the availability of certificates and thus provides non-stop connectivity.
While there are other steps you can take to secure your employees’ mobile devices as well, certificate management solution is one of the most advanced security features you can adopt. In this blog, we haven’t even scratched the surface of the immense benefits it can bring to your organization.
To learn more about this, schedule a call with our experts.
The article Mobile Security: An Often-overlooked Area in Your Business appeared first on AppViewX.
*** This is a syndicated Security Bloggers Network blog from Blogs – AppViewX written by Shoeb Ahmed. Read the original post at: https://www.appviewx.com/blogs/mobile-security-an-often-overlooked-area-in-your-business/