By Dr. Karen Paullet
Faculty Member, School of STEM at American Public University
Mobile phones have become ubiquitous within our society, and many would now consider them a necessity rather than a convenience. We are living in a world where people are staying connected via mobile technology more than ever before. Technology which was once only found on desktop computers can now be carried in the palm of our hands. The number of mobile phone users at the end of 2012 was approximately 5.9 billion worldwide. With the increase in mobile users, comes an increase in security threats.
Mobile malware is any type of malware that is specifically targeted toward smartphones, tablets and other mobile devices. Mobile malware is on the rise and is projected to continue its upward trajectory, propelled by the large and continually growing smartphone user base and an increasingly mobile workforce which provide enticing targets for hackers. The main goals of most mobile malware include theft of private information, incurring charges to premium numbers, or gaining access to a user’s bank accounts or credit information. Mobile malware poses a serious threat and is evolving into a complex landscape that will likely soon rival that of traditional computer malware.
In order to be able to address the risk factors associated with mobile malware, it is imperative to first understand the threats. Mobile devices are becoming a new target to gain user information as mobile device security has not kept up with traditional computer security. Cyber criminals are beginning to attack mobile devices due to the lack of security measures in place. Attacking mobile devices has become extremely attractive to criminals due to the plethora of information that is stored on the device. Such information includes email accounts, phone numbers, calendar information, network or login credentials, confidential notes or files, and contact lists to name a few. The question that we should ask ourselves is what are end users of mobile devices doing to stay secure?
The following list of recommendations can help mobile devices users to stay secure in terms of mobile malware:
- Lock your mobile device with a password, PIN or fingerprint to protect it from physical access.
- Cover the device when typing in the PIN or code because one never knows who might be watching.
- Maintain physical control of the device. Never hand the device to someone to take a picture or rest it on a counter at a store when making a payment.
- Research the features of your mobile device. Often times, people are unaware of the capabilities of their device. Many have password features that will automatically lock the phone if the incorrect password has been entered three times. A four or five digit PIN is then required to access the device.
- Install malware/security applications to regularly scan your device.
- Back up the data on all mobile devices on a regular basis.
- Check monthly phone bills for unusual activity.
- Do not automatically connect to public Wi-Fi. Hackers can utilize man-in-the-middle attacks or create fake Wi-Fi hotspots to fool unsuspecting users.
- Turn Bluetooth to “OFF” when not in use and set Bluetooth-enabled devices to non-discoverable. This makes the device invisible to others.
- Carefully decide what type of information to store on your mobile device. Refrain from storing passwords, bank account information or personal security information.
- Refrain from installing mobile apps without conducting research, especially in regard to free apps or apps sold in unregulated third-party app stores.
- Delete all information stored on the device before donating or throwing it away.
About the Author
Dr. Karen Paullet has been a faculty member at American Public University System since May of 2009 where she teaches Cyber Security. She holds a BS in Information Systems, a MS in Communications and Information Systems, and a DSc. in Information Systems and Communications from Robert Morris University. In addition Dr. Paullet has spent over 13 years working with law enforcement preparing cases using digital evidence for trial. She has spoken at over 100 engagements throughout Pennsylvania on the Dangers of Social Network Sites, Cyberbullying, Cyberstalking and the CSI Effect. She has applied her research interests to educate students, organizations and law enforcement throughout Pennsylvania. Her work has been published through various outlets to include the International Association for Computer Information Systems (IACIS), the Information Systems Educators Conference (ISECON), the Conference on Information Systems Applied Research (CONISAR) and The Institute for Operations Research and Management Sciences (SEInforms). She brings her professional experience in law enforcement and teaching to serve and educate others in the community.