ignore the danger

Mobile devices are the stuff of nightmares for anyone interested in data security.

Despite the proliferation of mobile devices in the workplace, there are multiple security issues around smartphones and tablets — leaving IT administrators cringing over the potential loss of sensitive data.

Yet the average mobile user doesn't seem to care, even on a personal level.

Recent research from the US Federal Reserve Board shows 52 percent of people with a bank account and a smartphone have used mobile banking in the past 12 months. That's a high percentage, considering 70 percent of iOS banking apps and 90 percent of Android apps have been hacked.

The report also shows 42 percent of smartphone owners used their phones to browse product reviews or get product information while shopping at retail stores, and 79 percent of them changed the items they purchased based on this information.

The Mobile Allure

Why are mobile devices so inherently insecure? Patrick Kehoe, Chief Marketing Officer with mobile security vendor Arxan, said it's time to stop blaming the users.

Arxan has identified a number of security issues with mobile devices, all related to the devices themselves.

“In contrast to centralized web environments, mobile apps live 'in the wild' on a distributed, fragmented and unregulated mobile device ecosystem. Unprotected binary code in mobile applications can be directly accessed, examined, modified and exploited by attackers,” Kehoe said.

Hackers are increasingly aiming at binary code targets to launch attacks on high-value mobile applications, across all platforms, he added.

Last month at the Rethink! IT & Infrastructure Security Minds 2015 in Munich, Germany, Joachim Haas, security expert and sales manager for Central Europe at Arxan said too many people have access to mobile app code for it to be secure.

In addition, enterprises quickly integrate mobile apps into business processes to improve productivity and process efficiency and carry out financial transactions.

For Convenience's Sake

While the enablement of mobile banking opens new revenue streams and creates additional channels on the mobile computing platform, it also exposes the enterprise infrastructure to hackers. There are three specific risks:

Coding Issues: Much of the binary code has not been obfuscated, which makes it easy for hackers to reverse engineer and enter the enterprise. It also makes encryption and any other employed security practices relatively easy to break, which means that customers are essentially transmitting plain text information.

Lack of Antivirus Programing: There is a notable lack of reliable antivirus programs for mobile devices. This gives users a false sense of security, which in turn exposes them to more dangers.

Third-Party Apps: Once downloaded, these apps run in the background and constantly monitor every piece of data. The data it collects, which can include financial information, is not always secure.

What to Do

Organizations need to take pre-emptive measures including building self-defense mechanisms into apps. They also need to provide runtime protections and self-repair measures to get back up and running in the event of an attack, Kehoe said.

In addition, encourage best practices. Encourage employees to:

  1. Install only trusted applications on mobile devices. The fewer applications that are installed, the lower the risk that a rogue app will collect sensitive information.
  2. Install an antivirus and a firewall. While these will not protect against every threat, they will help to prevent some.
  3. Use mobile banking apps that have built-in security.
Arxan mobile app infographic

Creative Commons Creative Commons Attribution 2.0 Generic License  Title image by pichardo2227.