logo
contact@securiseeconsulting.com

How Is Your Cell Phone Security?

cell security

How Is Your Cell Phone Security?

cell phone securityAs companies look for more and more ways to reach their target audience, the internet is fast becoming a lucrative venture. Not only are more people spending more time online, but the internet provides the easiest way to locate and target specific demographics and get the most return for your marketing investments. Not only do we live in an instant gratification-led society, but it is also increasingly mobile. When before you had to hack into an employees work computer to get a company’s data, it became that you could hack into an employees laptop to get a company’s data. Now, not only can you do the preceding, but you can hack into an employee’s phone. More and more phones are being used to access company data, including being able to VPN into the company network. So far people do not take the security of their mobile phones as seriously as they do the rest of their computers.

 

There are a number of methods hackers use to gain entry into cell phones, many of which the users to not even recognize as being a possible security threat.

  • Text Messages
  • QR Codes
  • Malicious Mobile App Downloads
  • Social Networks
  • Email
  • Wi-Fi Connections
  • Application Exploits
  • Mobile Browsing
  • Mobile Payments and Banking
  • Passwords

Some of list above should be obvious, such as cracking passwords, or simply not having one. But hackers can also take advantage of users by using open Wi-Fi systems, or offering a download of a seemingly innocuous app. A QR Code can easily lead a user to a website where they can immediately become infected. With the increasing use of social media websites via mobile browser, users can leave themselves open to numerous exploits.

 

With Web 2.0 applications like FourSquare, Google Latitude (recently retired), Buddy Beacon, etc. Criminals can now even find out where you are and when you are not home. Linking these applications to your Facebook account will offer more opportunity for people to see your whereabouts and take advantage of it. Pictures uploaded online are usually tagged with a code noting where it was uploaded and often where it was taken. This can allow criminals to find where you live as well. Now that they have your address to go along with your whereabouts they can easily go about their business with less fear of detection.

 

The black side of the internet is a booming business. Billions of dollars are gained and lost every year due to various means of data theft and loss. They have been under fire many times for their security issues and have generally put a band-aid over the problem. Now with data mining from Facebook, Google, and even the US Government, the black-hatters will put their heft into trying to get the most information from the easiest places. Your internet activities are always being recorded. This information is all stored somewhere. If someone can get to a major amount of data like the government or companies like Google and Facebook have it makes their “job” much easier.

 

In 2006, hackers took advantage of a security flaw in the wireless LAN of TJ Maxx. By cracking the WEP protocol the store used for data transmission between hand held scanners and cash registers, the hackers were able to set up their own accounts within the system. Once there, they were able to install their own software which collected employee logins, passwords, and customer credit card numbers. With the complexity and capability of smart phones now, a hacker could easily utilize the same thing using their own phone without ever leaving the store.

 

Unless a company has devised an iron clad method of allowing its employees to access their data via wi-fi or mobile device, the best thing for them to do is to not allow it. However, that will not happen. In the meantime, only allowing certain high level, must need users to access the data from their mobile devices, or using wi-fi on their system should be implemented. The users will also need very clear training and education on what is acceptable and what is not when using these devices. Only company owned devices that receive regular IT and Security Specialist scrutiny should be allowed. No unapproved usage, or downloads will be allowed, and any applications deemed superfluous by the company should be removed.

 

Going forward, mobile browsing will continue to grow. The best possible scenario would be for people not to put personal information on the internet and to be better informed about what the possibilities and ramifications are with everything they post. Hopefully the mobile platforms will slow enough for the security portion of it to catch up, or there will be new advances in cyber security that will allow the white-hatters to gain a foothold in the war that they are losing. White hatters are outmanned and the more doors and windows that keep opening up, often by social media and other mobile outlets the harder it is for them to keep up.