· Threats and Vulnerabilities:- Data Leakage§ Mobile apps a

1. · Threats and Vulnerabilities:
2.  
3. - Data Leakage
4.  
5. § Mobile apps are often the cause of unintentional data leakage
6.  
7. § “riskware” apps pose a real problem for mobile users, who give them sweeping permissions, but do not always check for the security
8.  
9. § The apps are normally free and found in official stores that perform as advertised, but also send personal and potentially corporate data to a remote server, where it is obtained by advertisers or even cyber criminals
10.  
11. § It also can occur through hostile enterprise-signed mobile apps.
12.  
13. § The mobile malware uses distribution code native to popular mobile operating system like IOS and Android to spread valuable data across corporate networks without raising any alarms.
14.  
15. - Unsecured Wi-Fi
16.  
17. § As no one wants to burn through their cellular data when wireless hot spots are available.
18.  
19. § However, those free Wi-Fi mostly is unsecured.
20.  
21. § People who connect to free Wi-Fi outside is more prone to be hacked by attackers and have their personal information compromised.
22.  
23. - Network Spoofing
24.  
25. § It is when attackers set up fake access points in high-traffic public location such as coffee shops, libraries and airports.
26.  
27. § These attackers will normally give the access point common names such as “Free Wi-Fi” or commonly used Wi-Fi name to bait victims into connecting the access point.
28.  
29. § Some of the access will require the users to create an “account” and complete with a password or input their personal information before they can have access to the Wi-Fi.
30.  
31. § As most of the user will use the same email, password and username for multiple services, it allows the attackers to compromise their email, e-commerce or other secure information.
32.  
33. - Phishing Attacks
34.  
35. § As most of the user is either working through their phone most of the time, most of the work is communicated through emails.
36.  
37. § Hence, mobile user often receives legitimate-seeming emails and take the bait.
38.  
39. § The victim will open the link or install an application embedded in the email and together it will install a malware secretly which will compromise the mobile device.
40.  
41. - Spyware
42.  
43. § Normally installed by spouses, co-worker or employers to keep track of their whereabouts and use pattern.
44.  
45. § However, if used wrongly, it can cause a lot of data to be leaked.
46.  
47. § It can affect the user by spying on their keystrokes on their phone so that they can obtain their password or recording their voices or calls the victim is making.
48.  
49. - Broken Cryptography
50.  
51. § It occurs when an app developer uses weak encryption algorithms, or strong encryption without proper implementation
52.  
53. § When an app developer uses weak encryption algorithm that have known vulnerabilities to speed up the process of app development, hence the result is that the attacker can crack the password and gain access.
54.  
55. § When an app developer uses strong encryption without proper implementation, it will means that he/she might leave the other “back door” open that limit the effectiveness.
56.  
57. - Improper Session Handling
58.  
59. § To facilitate ease-of-access for mobile device transactions, many apps make use of “tokens” which allow users to perform multiple actions without being forced to re-authenticate their identity
60.  
61. § Hence, attackers can take advantage of it to spoof their identity and perform multiple transactions for themselves
62.  
63.  
64.  
65.  
66.  
67.  
68.  
69. How to respect and protect ours and others mobile devices in an organization:
70.  
71. - Keep Mobile Devices Operating System Up-to-date
72.  
73. § Any new version of OS that is introduce on the mobile device is advisable to install.
74.  
75. § All the OS software updates always includes the latest fixes that deal with new security risks to prevent any attackers from bypassing the devices easily.
76.  
77. - Be Careful of What We Install
78.  
79. § Only install an application from a trusted source
80.  
81. § Check the website before installing any free application we find online.
82.  
83. - Turn off Inactive Wi-Fi and Bluetooth
84.  
85. § It is harder for attackers to connect to a device when the pathway to transfer information are closed.
86.  
87. § This will prevent attackers to intercept the pathway in between the data transfer and steal valuable information or change the data transferred.
88.  
89. - Be Aware of Text Messages We Receive
90.  
91. § Delete text messages from unknown sender that ask for our personal information and avoid clicking links embedded within messages
92.  
93. § Even if friends or someone in related to us send us an anonymous link, we should not even click on it, unless the link is verified.
94.  
95. - Lock Our Phone with a True Password
96.  
97. § Rather than using just numerical password such as 123456, we should use an alphanumeric password or password with special characters which will be harder to brute force as the password is unique and harder to figure out.
98.  
99. - Set Remote Access – Enable Phone Tracking Option
100.  
101. § To set remote access to help locate missing mobile device if it is stolen or misplaced.
102.  
103. § It also has a function to erase its memory so if it is stolen, they can’t access the information anymore.
104.  
105. - Set an Encrypted Auto Daily Backup
106.  
107. § By setting auto daily backup that is encrypted, it means that even if the phone gets stolen, I will still have all my data.
108.  
109. § This means that I can erase all the data in the stolen phone remotely and after that have an auto backup to retrieve all my data to my new device.
110.  
111. - Don’t Leave Online Sign-ups Open
112.  
113. § Normally there will be auto logins for most of the application, but this will mean that it has a higher security breach risk.
114.  
115. § Instead of clicking save password, we should type the password every time to help secure the device
116.  
117. - Be Careful with Public Wi-Fi
118.  
119. § Only use secure Wi-Fi only as Open Wi-Fi is one of the attackers’ favourite targets to obtain valuable information from the user connecting to the open Wi-Fi.