 "Ravi Chauhan")
Mobile devices and apps have become ubiquitous in both our personal and professional lives, allowing for access to critical information at any time. The smartphone revolution has transformed the way we communicate - from a bulky handset with an antenna that prided itself on helping customers communicate on-the-go, to sleek and attractive phones that house an array of applications.
A recent study by Gartner concluded that 18.75 billion mobile phones will be sold in 2013, and of that 1 billion units will be smartphones. The Third Annual Mobile Threats Report (MTC) released by Juniper Networks in June 2013 states that cyber criminals are focusing 92 per cent of all MTC detected threats on Android and its open ecosystem, which has a commanding share of the global smartphone market. This does not indicate that the iOS platform is devoid of security threats. iOS users who circumvent Apple's content protection technology - or "jailbreak" their phones - are quite vulnerable to malicious infection, especially when downloading applications from external app stores/sites that cater to jail broken iOS devices. The report also shows malware professionals as shrewd in coordinating their attacks during the "busy" season of November and December.
Users today are highly dependent on their phones - right from checking grocery lists and movie timings to trading on the stock market. Here are some best practices users need to adopt to ensure the safety of their devices.
- Download the latest version of the software installed for increased protection. Even if it is time consuming and your internet connectivity is testing your patience, see it through. It will save you a lot of trouble later.
- One needs to be acutely vigilant while choosing from the plethora of applications made available for smartphones. Rogue apps can appear in legitimate as well as unofficial online app stores. Don't get swayed easily and make a point to review the app, the permissions it requires and its developer information thoroughly. It does seem like a lot of effort for a simple app but the key lies in the details. A malware titled 'Bad Pig', impersonating an innocent game Bad Piggies, has affected many devices in the past couple of months. Didn't see that one coming, did you?
- Be aware of your battery consumption on an average basis. If your battery starts draining really fast, then there is a chance that it is a malware issue. It may also just be an issue with the battery but it never hurts to check and rule out malware as your first diagnosis.
One must keep in mind though, that a malware attack is no longer restricted to a smartphone owner alone. With BYOD becoming increasingly popular, enterprises are becoming more susceptible to threat from malware now, more than they have ever been. A proper security and device management solution must be implemented in order to ensure that sensitive data residing on the network is not compromised. Some of the components that enterprises must keep in mind while implementing a mobile security solution are:
- It is important to download on-device anti-malware to protect against malicious applications, spyware, infected SD cards and malware-based attacks to the device
- On-device firewall to protect device interfaces
- SSL/VPN clients must effortlessly protect data in transit, and ensure secure and appropriate network access and authorisation
- Centralised remote locate, track, lock, wipe, backup and restore facilities for lost and stolen
- Centralised administration to enforce and report on security policies across the entire mobile
- Support for all major mobile platforms, including Google Android, BlackBerry, Apple iOS, Microsoft Windows Mobile, and Nokia Symbian.
- Device monitor and control, such as the monitoring of messaging and control of installed applications
- A solution that integrates with network-based technologies, such as network access control to ensure the security posture of mobile devices and determine appropriate access rights prior to allowing access to corporate resources
- Management capabilities to enforce security policies, such as mandating the use of PINs
- Ability for an administrator to monitor device activity for data leakage and inappropriate use
However, the pertinent question is 'why do I need to do so much?' Are malware threats really that large? The answer is a big resounding 'yes'. With the steady increase in the sale of smartphones, malware creators are increasingly behaving like calculating business professionals when devising their attacks. Through targeting threats at Android, leveraging loosely regulated third-party marketplaces to distributing their illicit wares and developing threats that yield profits, it is clear that mobile malware creators are more sophisticated and chasing higher rewards for their efforts.
Privacy violations are also an issue as many legitimate applications request excessive permissions to sensitive information stored on mobile devices. These applications, though not malicious, could give developers and advertising networks access to personal or corporate data, and disclose sensitive information about a mobile device owner's location, movement and activities.
While mobility continues to be an essential need among individuals today, the threat of malware providing access to one's sensitive information and possible loss of data is also a stark reality that we face every day. The time has come for us to take a proactive stance by being both aware and protected from the smartly crafted malware that hackers have to offer.
Ravi Chauhan
managing director, Juniper Networks, India & SAARC
managing director, Juniper Networks, India & SAARC
