Mobile security

Indeed, smartphones collect and compile an increasing amount of sensitive information to which access must be controlled to protect the privacy of the user and the intellectual property of the company.

Countermeasures can be implemented at all levels, including operating system development, software design, and user behavior modifications.

In addition, since some apps could themselves be malware, their functionality and activities should be limited (for example, restricting the apps from accessing location information via the Global Positioning System (GPS), blocking access to the user's address book, preventing the transmission of data on the network, or sending SMS messages that are billed to the user).

The Crowd Research Partners study, published in 2017, reports that during 2017, most businesses that mandated the use of mobile devices were subjected to malware attacks and breaches.

[clarification needed] Jailbreaks for iOS devices work by disabling the signing of codes on iPhones so that applications not downloaded from the App Store can be operated.

[1] There are a number of threats to mobile devices, including annoyance, stealing money, invading privacy, propagation, and malicious tools.

There is a real-world example of this attack: the virus Commwarrior[16] sends MMS messages (including an infected file) to all recipients in a mobile phone's address book.

[20] This is the basis for eavesdropping attacks on mobile radio networks using a fake base station commonly called an IMSI catcher.

[citation needed] Once the encryption algorithm of GSM is broken, the attacker can intercept all unencrypted communications made by the victim's smartphone.

With limited opportunities for input (i.e., only the numeric keypad), mobile phone users might define short encryption keys that contain only numbers.

Free Wi-Fi is usually provided by organizations such as airports, coffee shops, and restaurants for a number of reasons, including encouraging customers to spend more time and money on the premises, and helping users stay productive.

Generally, individuals filter business premises based on Internet connections as another reason to gain a competitive edge.

It is also possible to eavesdrop and sniff Wi-Fi signals using special software and devices, capturing login credentials and hijacking accounts.

[22] Security issues related to Bluetooth on mobile devices have been studied and have shown numerous problems on different phones.

[26][failed verification] The Internet offers numerous interactive features that ensure a higher engagement rate, capture more and relevant data, and increase brand loyalty.

Due to the tremendous growth of the Internet, there has been a rapid rise in the number of security breaches experienced by individuals and businesses.

[28][failed verification] Sometimes it is possible to overcome the security safeguards by modifying the operating system (OS) itself, such as the manipulation of firmware and malicious signature certificates.

In theory, smartphones have an advantage over hard drives since the OS files are in read-only memory (ROM) and cannot be changed by malware.

'French National Agency for the Security of Information Systems') demonstrated the capability to trigger the voice interface of certain smartphones remotely by using "specific electromagnetic waveforms".

[27] Outsiders may perform over-the-shoulder surveillance on victims, such as watching specific keystrokes or pattern gestures, to unlock device password or passcode.

Nonetheless, recent studies show that the evolution of malware in smartphones have rocketed in the last few years posing a threat to analysis and detection.

For example, in 2022 it was shown that the popular app TikTok collects a lot of data and is required to make it available to the Chinese Communist Party (CCP) due to a national security law.

In 2019, Kryptowire identified Android devices with malicious firmware that collected and transmitted sensitive data without users' consent.

Infection is the method used by malware to gain access to the smartphone; it may exploit an internal vulnerability or rely on the gullibility of the user.

[39] This usually occurs to proximate devices via Wi-Fi, Bluetooth, or infrared; or to remote networks via telephone calls, SMS, or emails.

Mobile ransomware poses a significant threat to businesses reliant on instant access and availability of their proprietary information and contacts.

The likelihood of a traveling businessman paying a ransom to unlock their device is significantly higher since they are at a disadvantage given inconveniences such as timeliness and less direct access to IT staff.

[44] Some malware carries several executable files in order to run in multiple environments, utilizing these during the propagation process.

Depending on the goals of the malware, the consequences of infection are not always the same; all malicious applications are not intended to harm the devices on which they are deployed.

[full citation needed] These statistics show that consumers are not concerned about security risks because they believe it is not a serious problem.

Access Point spoofing
Malware types based on number of infected smartphones (2009) [ 32 ]
Diagram (in French) which ranks common smartphone malware behaviors by frequency. [ 32 ] At least 50 malware varieties exhibit no negative behavior, except their ability to spread. [ 32 ]
vectorial version
vectorial version