Mobile Device Threats

Mobile devices and their users face many threats. In a number of cases, the device itself is compromised with malware before the end user even purchases it. Threats to mobile devices are extensive and cover all aspects, from the user to the application software, hardware, and operating system.

The device itself can become compromised through malware delivered via application installations that are often downloaded for "free." These applications may send SMS (short message service or text) messages that charge the user's service provider for messages the user did not intend to send. Mobile application malware may also attempt to steal bank account credentials.

Network attacks are also common where "evil twin" or rogue wireless access points are positioned to trick the device or the end user into connecting, often unknowingly, to a network that is not secure.

Malware has been found that may take control of a user's mobile device microphone or camera, causing a breach in user privacy. GPS and location services on a mobile device are also often leveraged to invade a user's privacy or deliver malicious attacks.

What are other mobile threats, and what can you do to prevent these attacks? Review the resources below to learn more about mobile threats.

References

Ayers, R., Brothers, S., & Jansen, W. (2014). Guidelines on mobile device forensics: NIST Special Publication 800-101, Revision 1. National Institute of Standards and Technology. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-101r1.pdf

Kirk, J. (2014, March 5). Preinstalled malware found on new Android phones. https://www.computerworld.com/article/2488173/pre-installed-malware-found-on-new-android-phones.html 

Check Your Knowledge

Choose the best answer to each question:
Question 1
A rogue access point (AP) differs from an evil twin AP in that a rogue AP may not have malicious intent and does not attempt to impersonate a legitimate AP. 
True
False
Question 2
A victim may be forced to connect an evil twin AP without the victim's knowledge. 
True
False
Question 3
Rogue and evil twin AP detection requires that the AP is connected to the organization’s LAN. 
True
False