Companies are making progress in improving the security of their products, which is forcing cyber criminals to focus more on mobile devices. Here are a few ways your data can be compromised.
Theft, loss, or improper decommissioning of devices and data. Smart phones, tablets, net books, and similar devices are relatively small and easy to steal or lose. Compromised devices can be mined for sensitive data. Attackers have become more sophisticated and can use forensic techniques to recover data that the owner thought was deleted.
Compromise via wireless technologies. Wi-Fi, cellular, and Bluetooth can now be combined into one device. Integrated GPS can track a user’s location, and attackers can gain unauthorized access to private networks. Wi-Fi can be picked up from miles away, and hackers have demonstrated that they can intercept and decrypt cellular data traffic.
User habits. Users often lack the proper awareness of and training in the risks posed by accessing corporate resources while mobile.
Malicious code. Viruses, worms, and Trojans are being created specifically for mobile devices. Malware download and execution typically needs the acceptance of the user, but there are cases where this interaction is not required and a malicious SMS can lodge automatically on the user’s phone. Location disclosure. While most apps have privacy settings for controlling how and when location data is transmitted, many users are unaware, or forget, that the data is being transmitted.
Phishing. An attacker collects user credentials (passwords, credit card numbers) using fake apps or SMS messages that appear to be genuine.
Spyware. A smart phone with spyware installed allows an attacker to access or infer personal data.
Network spoofing attacks. An attacker deploys a rogue network access point and users connect to it. The attacker subsequently intercepts the user communication to carry out further attacks such as phishing.
Diallerware. An attacker steals money from the user by means of malware that makes hidden use of premium SMS services or phone numbers.
Impact on customers. Subscriber data manipulation or other negative experiences can increase customer care costs, customer churn, open liability exposure, and corrode the brand image.
Network congestion. Network resources may get overloaded because of unauthorized smart phone usage, leading to network unavailability for genuine users