Need a perfect paper? Place your first order and save 5% with this code:   SAVE5NOW

Mobile Device Attacks

Introduction

Approximately 7 billion people worldwide use some form of mobile device, including a smartphone or a tablet, to do anything from checking their bank accounts and making purchases to updating their profiles on social media and keeping tabs on their wellness (Zhou et al., 2018). Despite the widespread use of mobile devices and the trust placed in them to store sensitive data, numerous high-profile breaches have occurred as a direct result of mobile device attacks. Also on the rise are risks to mobile device safety, with 3 billion malware operations hitting over 2 million users in 2016 alone (Kizza, 2017). Attacks against mobile devices, such as phishing, flawed cryptography, insecure Wi-Fi, spyware, and networking spoofing, will be discussed. Furthermore, the paper will discuss different ways to regulate mobile device security risks.

Malicious Apps and Websites

The FTC defines malicious apps as software that secretly installs other software on a user’s device without their knowledge or consent, such as worms, spyware, ransomware, and other destructive programs (Chiba et al., 2012). Malicious websites aim to infect a user’s device with malware (a catch-all term for programs that can damage a computer, steal personal information, or even take complete control of a computer) (Chiba et al., 2012). Rogue websites are designed to trick users into giving up personal information or installing malicious malware on their computers.

Mobile Ransomware

Mobile ransomware refers to malware created specifically to encrypt a mobile device. Once ransomware infects a firm’s network, it can spread rapidly to every machine in the company (Zheng et al., 2016). Protecting mobile devices against ransomware can be as simple as forming a partnership with a reputable cyber security services company like Mimecast. People can work together to prevent ransomware from harming mobile devices and businesses. Mimecast’s secure email services are compatible with any desktop or mobile email client, including those used by the company’s employees. Members can remotely check for malicious links, encrypt their connections, and back up their data in a safe cloud environment (Zheng et al., 2016).

Phishing

The goal of a phishing assault is to get access to sensitive information stored in a computer system by sending a user an email that looks like it came from a trusted source (Sumner & Yuan, 2019). As a last resort, attackers can hold a network hostage until a ransom is paid, at which point they will have access to all users’ accounts and personal data. Everyone must be aware of phishing and how it functions as a ransomware attack to protect themselves from malicious emails. Hackers who mean harm to others first decide whom they want to target. And then they trick their targets into doing something they should not, like opening an attachment or clicking a link, by sending them official-looking but malicious emails and SMS.

Man-in-the-Middle (MitM) Attacks

When a user communicates with an app, a man-in-the-middle (MITM) assault occurs when an attacker masquerades as a neutral third party to either eavesdrop on the conversation or pretend to be one of the parties (Conti et al., 2016). A solid encryption mechanism at all entrance points is crucial to prevent anyone from automatically connecting to your wireless network. The security of a network from brute-force assaults and man-in-the-middle attacks is directly proportional to the quality of its encryption (Conti et al., 2016). The safer it is, the more secure the encryption process.

Advanced Jailbreaking and Rooting Techniques

Android devices are generally modified by rooting, while iOS devices are altered by jailbreaking. One can remove software restrictions imposed by the device’s manufacturer through jailbreaking or rooting (Geist et al., 2016). This technique frees up a closed electrical device so that more software can be added. By gaining access to the device’s root directory, or “jailbreaking,” a user can get superuser capabilities, install any software they want, and investigate the device’s operating system (Geist et al., 2016).

Device and OS exploits

The term “exploit” refers to using a vulnerability in a piece of software to gain unauthorized access to the system (Li et al., 2019). When this occurs, the code’s authors typically issue a patch to fix the issue. Many vulnerabilities can be exploited: It is possible to take advantage of a security flaw in a machine anywhere on a network without physically connecting to it by using a technique known as a remote exploit (Li et al., 2019). Exploits that can only be performed locally require the attacker to be logged into the vulnerable system and often give them access to sensitive data or other rights beyond what the system’s administrator has granted.

Network Spoofing

For malicious purposes, hackers will create a phony Wi-Fi network that looks and acts like the real thing to snare sensitive data (Rohokale et al., 2015). Important terms like “Free Street Wi-Fi” entice consumers to connect to a bogus network in a busy, crowded location. Because of this, many kinds of private information can be cracked or hacked into.

Solutions to the Mobile Device Attacks

The following are the most critical steps that an individual or a company may take to prevent regular mobile device assaults: Before anything else, people are warned against using accessible, open Wi-Fi networks, as doing so can put their mobile devices in jeopardy by allowing them to get unauthorized access to sensitive personal or company data (Kizza, 2017). Conversely, as most third-party providers are incredibly unreliable and insecure, it is recommended that individuals and organizations only download software from official sources. You should update your gadgets often if you want to keep them safe from spyware threats. Moreover, to further facilitate communication channels, most organizations recommend adopting apps that provide simple data encryption during employee transmission.

Technologies involved

While the measures mentioned above and actions have been taken, technology has also been used to solve the problem of mobile device security. Recent technological advancements include mobile device management (MDM), sandboxing, and secure webpages (Raggo, 2016). Mobile device management (MDM) is an application designed to keep track of and secure all mobile devices within a company or other business. This method guarantees that all affected devices will receive a consistent remote push whenever policy changes are made. It has several flavors and a wide range of uses that include optimizing VPN configurations, screen lock times, and passcode generation. Furthermore, MDM provides a framework that blocks the installation of apps from unknown and untrustworthy sources. In this way, MDM assists in preventing malware from infiltrating the gadgets and opening the door for a hacker to steal sensitive information or cause other catastrophic damage.

Sandboxing is a technique to isolate software on a computer to prevent malicious interactions between them. For this to work, the mobile device must be partitioned into two sections, with one section serving as a “sandbox” for experimentation. Sandbox ensures the security of all vital and private company data by encrypting it and only revealing the cypher text after a user logs in. This ensures that sensitive information is protected if the gadget is lost by limiting access to the Docker container.

Protected web browsers are another helpful utility. If a device has a blacklist of malicious websites, vulnerable browsers can be blocked and substituted with safe ones, reducing the risk of malware attacks and social manipulation. Companies such as Symantec, Trend Micro, Viewing Platform, and Webroot have responded to this by creating secure internet browsers.

Future Trends

Historically, viruses and malware like ransomware were the most common attack vectors, but this has changed in recent years. This has sounded the alarm and kept the intelligence community on their toes as they work to create practical tools and equipment to counteract such risks and deal with cybercriminals who remain committed to initiating assaults regularly. As an example of a future tendency, consider the following:

Nearby device infiltration

This requires exploiting endpoints’ vulnerabilities to breach the target network’s security. Data mining is the goal of these attacks, and they employ social manipulation and client-side attacks to gain access to the information on the seized gadgets.

Cross-platform banking attacks

This comprises the introduction of malware that explicitly targets internet banking transactions on portable devices. If the user logs into the internet banking network, the virus quickly recognizes and collects all banking information before any encryption has even been performed.

Conclusion

The widespread use of mobile devices in the modern world has compromised sensitive and private data belonging to both individuals and businesses. There must be a concerted effort to establish cyber security requirements to prevent assaults or hacking operations on personal or business data stored on a broad range of mobile devices. Mobile devices are a part of our daily lives since they help us do several tasks in practically every industry, from communications to commercial transactions. However, numerous security concerns with their use are currently on the rise, so professionals and analysts must remain vigilant to ensure that upgrades, fixes, and operating systems are available to users at all times.

References

Chiba, D., Tobe, K., Mori, T., & Goto, S. (2012, July). Detecting malicious websites by learning IP address features. In 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet (pp. 29-39). IEEE.

Conti, M., Dragoni, N., & Lesyk, V. (2016). A survey of man in the middle attacks. IEEE communications surveys & tutorials, 18(3), 2027-2051.

Geist, D., Nigmatullin, M., & Bierens, R. (2016). Jailbreak/root detection evasion study on iOS and Android. MSc System and Network Engineering.

Li, S. W., Koh, J. S., & Nieh, J. (2019). Protecting cloud virtual machines from hypervisor and host operating system exploits. In 28th USENIX Security Symposium (USENIX Security 19) (pp. 1357-1374).

Sumner, A., & Yuan, X. (2019, April). Mitigating phishing attacks: an overview. In Proceedings of the 2019 ACM Southeast Conference (pp. 72-77). https://doi.org/10.1145/3299815.3314437

Zheng, C., Dellarocca, N., Andronio, N., Zanero, S., & Maggi, F. (2016, October). Greateatlon: Fast, static detection of mobile ransomware. In International Conference on Security and Privacy in Communication Systems (pp. 617-636). Springer, Cham.

 

Don't have time to write this essay on your own?
Use our essay writing service and save your time. We guarantee high quality, on-time delivery and 100% confidentiality. All our papers are written from scratch according to your instructions and are plagiarism free.
Place an order

Cite This Work

To export a reference to this article please select a referencing style below:

APA
MLA
Harvard
Vancouver
Chicago
ASA
IEEE
AMA
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Need a plagiarism free essay written by an educator?
Order it today

Popular Essay Topics