SECURING A MOBILE WORLD
Today’s smartphones and tablets are more than communication devices. They are hip-mounted personal computers, with more memory and processing power than your laptop of just a few years ago. They are an integrated part of our lives… personal and professional. The information they provide is so vital that the Army is piloting their use as standard field issue to every soldier, complete with combat-focused applications . However, smartphones and tablets raise new security issues. They are more likely to be lost or stolen, exposing sensitive data. Malware risks are increased because they connect to the Internet directly rather than from behind ...view middle of the document...
Examples include apps that gather personal information, track location, and charge accounts by sending text messages to premium-rate numbers. Using a mobile device to access corporate email or other resources extends the threat to the organization, including the theft of sensitive data . With the acknowledged role of mobile devices and social networks in the revolutions in Egypt, Libya, and Syria, malware and viruses targeted at intelligence gathering and device-usage denial will increase significantly in the future . While viruses and malware targeting mobile devices would share many of the same goals as on the PC, the enhanced capabilities of these devices present expanded attack surfaces through sensors such as GPS, accelerometer, camera, microphone, and gyroscope. Recently, Kaspersky Lab discovered a new threat involving the photo-scanning of Quick Response (QR) codes . QR codes are 2-D matrix barcodes increasingly used in advertising and merchandising to direct mobile-phone users to a website for further information on the tagged item. In this case, users downloaded what they thought was a legitimate app, but instead was malware that sent Simple Message System
Safeguarding Data in a Mobile Device World
Sean C. Mitchem, Southwest Research Institute Sandra G. Dykes, Ph.D., Southwest Research Institute Stephen W. Cook, Southwest Research Institute John G. Whipple, Southwest Research Institute
Abstract. With the proliferation of mobile devices in today’s information-rich environment, the security of data at rest on the device and in transit will determine the ultimate usability of mobile devices in the defense environment. Relying on the security models provided by the major OS providers such as Apple’s iOS or Google’s Android is not enough to meet the information protection needs of the defense environment. Researchers at Southwest Research Institute® (SwRI®) are investigating the security models available for application development on the iOS and Android platforms, the threats involved, methodologies for application-level data protection, the intersection between data security and user experience, and best practices for ensuring data security within mobile applications.
SECURING A MOBILE WORLD
(SMS) messages to a premium-rate number that charged for each message . This app could have easily been reconfigured to send covert copies of emails and text messages to an intelligence gatherer instead. In another example, using the unique capabilities of a mobile device, Georgia Tech researchers were able to use the phone’s accelerometer to detect PC keyboard vibrations and decipher complete sentences with up to 80% accuracy. This was done by placing the phone within three inches of the keyboard of a PC, allowing the researchers to pick up the keyboard vibrations and decipher words of up to three to four characters fairly accurately. The key to understanding the threat vectors of mobile...