News

Mobile Computing: Cyber Attack on the Go

  • Published
  • By Capt. Steven Pfau
  • 55th Strategic Communications Squadron
OFFUTT AIR FORCE BASE, Neb. --  Why does Mobile Computing make us so Vulnerable?

Do you remember when you first fell in love? That magical time when your significant other could do no wrong? Sure, you might have noticed some mistakes, but you loved those mistakes because you were in love.

One day, the honeymoon was over and reality set in. Ladies and gentlemen, enjoy it while it lasts, because we are in the honeymoon stage of this mobile computing era.

And why should we not revel in it? Mobile computing gives us that "one thing" that we all want, that "one thing" that does everything. Do you remember when everyone had to have a Swiss Army knife? Just wait: there will be an app for that too.

In truth, mobile computing has been around for a long time. Yet as it is with expanded networks, cloud computing and the internet backbone created by industry giants such as Google, Amazon, Apple and Facebook, mobile computing is starting to take on a whole new look. Laptops: see you later; PDAs: well, nobody really had these anyways. The new world of computing belongs to smartphones and tablets. In fact, smartphones just outsold PCs for the first time in 2011.

The ability to connect, in every sense on the word, is the power behind today's mobile computing. It is what allows these smaller, easier-to-carry-around devices to be as powerful as their predecessors. In essence, today's mobile devices allow you to connect to the larger infrastructure anywhere you go. This is the key to our love of this technology, but it is also its greatest weakness. It allows attackers new avenues to use that same connectivity to exploit or attack our information or systems.

Because we are still are in that honeymoon phase, we refuse to see it. We think that viruses and malware are for computers, and our phones just happen to have a lot of apps that make life easier. However, before you use your apps to crack open your next "iBeer", have an in-depth conversation with "Talking Tom", or go for the "Hold On" record....stop and think about this.

Cyber Threats: Old and New

The popularity increase of smartphones and tablets is absolute. The market has maintained a high growth, even during tough economic times. This means that people view these devices as more of a "need" than a "want." This perceived need is what allows mobile computing to drive a wedge further into our culture.

As this trend continues, we will continue to open ourselves up to more cyber threats, and attackers know this. It explains the 42 percent jump in vulnerabilities to mobile operating systems from 2009 to 2010. Many of the attacks on mobile devices are the same attacks just with a different look and feel. However, there are many new ones that use the phones technology to strengthen their attacks. Here are just some to be on the lookout for:
  • Phishing attacks are still just as prevalent in the mobile computing world, and for e-mail enabled devices the potential malicious code can be just as dangerous. Attackers have also added phishing voice calls and SMS messaging called "vishing" and "smishing" respectively to their repertoire. Like traditional phishing attacks, these will appear legitimate and even mirror current events like the tsunami in Japan to elicit a response.
     
  • Applications are the driving force behind mobile computing, but also one of its biggest threats. Apps can do the mundane or the extraordinary...even be used to power and control micro-satellites. Yet there are many apps out there that contain malware or code that could be dangerous. There are two major reasons why apps are such an easy way to target and attack people. First, the market and success of apps is based on it being a "collaborative effort". This means there is little control as to who can make an app and place it on the market. Second, for many apps to achieve their true potential, they need access to various other parts of your phone. Even safe applications could be used for attack by another program. Given the endless number of apps available, it is difficult to verify which ones are safe.
     
  • Perhaps the biggest new threat created by mobile computing is the physical security of these devices. Traditional computers would be locked at home and safe from potential attackers, but mobile devices are typically ripe for the picking. If your phone is physically compromised, that attacker could have potentially unlimited access to private or sensitive information on the phone. And again the power of connectivity compounds this vulnerability by giving them potential access to your e-mail, finances and more. They can even use the information on your phone to create an "information map" to help exploit these areas. For example: One very popular question for password resets is the "what is the name your favorite team?" How many Cornhusker fans have Big Red as their background on their smartphone?
How to Protect Yourself

One could argue that the biggest threat to mobile computing is the general perception that there is no real threat. The perception is created because we want these phones to do everything and just hope they will be secure. That is why people continue to "jailbreak" their phones, and trade security for ability. Unfortunately, there is a threat to mobile devices, and now you know. So if "knowing is half the battle" then the information below should give you the other 50 percent.
  • A Google search for top smart phone characteristics will show that security is not what people look for in a smartphone or tablet. Instead, it is all about the look and feel, the speed, storage, battery life and screen size. When shopping for a phone, be sure to ask about its security features, and ask about protective and antivirus software for its OS. As more people ask for security, this will force developers to continue to make security more robust and keep pace with today's cyber threats.
     
  • Because of physical security being such a large threat, it is important to remember to physically secure your device whenever possible. Additionally, it is good practice to password protect (strong passwords: 1,2,3,4,5 only works in the movies) items on your phone, especially to deny initial access. Finally, as a last line of defense, be sure you understand how to remotely lock and wipe your device. This allows you to deny access or even get rid of any sensitive information on your phone. According to one survey, only 45 percent of respondents said their devices were capable of remote locking and wiping.
     
  • Trust but verify. Always be on the lookout for phishing attempts. Try not to act on calls, texts or e-mails that you don't know. Typically the advice "if it sounds too good to be true" is accurate. To help protect your information, make sure to use data encryption whenever possible. According to that same survey, only 35 percent said they used data encryption. Also, while it can be difficult, take the extra time to shop around and ensure any apps or downloads are legitimate ones. The easiest way is to utilize the major smartphone platforms' trusted app sources.
     
  • When not using Bluetooth or Wi-Fi, get in the habit of turning this feature off, and ensure that you manually have to select the network. This will this limit your exposure to potential "Hot Spot Hackers", and will save you some battery life. Also if you need to use Wi-Fi, make sure you know the exact name of the network and ideally it will be WPA or better yet WPA2. Hackers will create names that are close, so don't connect to the "Starducks Hotspot". Finally, use encrypted websites when at all possible (https).
     
  • You waited hours in line for your iPhone5, but do not just throw away your iPhone4 or give it to the little kid down the street. First, remember to backup all data and information. This is a good practice to do throughout the life of the phone. You don't want to lose Baby JoJo's first picture, or have to retype in your thousands of phone contacts. Once you have done that, be sure to completely "data wipe" all the information from your phones before disposal. You can either check the device manufacturing website or stop by a retailer for assistance.
The bottom line is to remember that no matter how "smart" these mobile devices get, they can never replace our own common sense. Just be vigilant and know that mobile devices are just as, if not more, susceptible to cyber threats. So enjoy the rest of your honeymoon, and hopefully with these tips you can continue to have that long and happy life together. For more information about mobile vulnerabilities and how to protect yourself, check out the following links.

http://www.us-cert.gov/reading_room/cyber_threats_to_mobile_phones.pdf  

http://www.simplysecurity.com/2011/07/01/growing-mobile-commerce-market-highlights-need-for-new-security-tactics/  

http://www.aarp.org/technology/privacy-security/info-09-2011/hot-spot-hacker-scam-alert.html  

http://www.telegraph.co.uk/technology/apple/8020164/Top-ten-most-pointless-iPhone-apps-named.html

Offutt AFB Operator

The Offutt AFB Operator has been deactivated, please visit our directory.

Offutt AFB Public Affairs does not act as an operator service or base locator.