1. Home
  2. Training Library
  3. Security issues [CISMP]

Mobile

Mobile

How secure do you think your mobile phone and its contents are? Are you aware of any dangers or risk to your phone?

Mobile is a crucial area of cyber security. Every day, we use our phones to conduct our social, financial, and professional lives. These uses are increasing and widening all the time. Daily, we connect to many different networks, quickly and without thinking. For example, you might use the Wi-Fi on the bus on your way into town. Then, while waiting in a cafe for friends, you connect to their free Wi-Fi. Later, at a friend's house, you might connect to their Wi-Fi, and so on. Most of us do all this without reflecting for a second on any dangers there might be. So as you can see, the risk of security breaches related to mobile technology is extremely high.

Chief mobile risks

Mobile phones and devices are subject to many of the risks you have encountered in this course so far, but there are some risks more specific or typical to portable devices.

The main dangers of mobile computing relate to the use of portable devices and wireless networking. Here are some of them:

Rogue Wi-Fi

Connecting to a rogue public Wi-Fi hotspot. It might look legitimate but could be under the control of an attacker, and is still a risk if a TLS connection is used.

Loss or theft of a device

Losing a device or having it stolen. Depending on the security and encryption, loss of a device could lead to serious data breaches.

War driving

War driving comes from the practice of hackers driving around searching for weak Wi-Fi networks (typically WEP) to exploit. They drive around find a susceptible network and quickly hack the key. The practice has now evolved to infiltrators mapping the location and type (frequency channel and security method) of wireless networks operated by the target. Some of these networks may be accessible from outside the building.

Wireless sniffing

Then there is Wireless sniffing (or 'packet sniffing') which is monitoring the information flowing through a wireless network. It may involve software or hardware. Simply 'sniffing' the presence of wireless networks is often very easy for hackers, though they may risk being observed by security guards or cameras. A more serious attacker might be able to position rogue access points, using a 'sniffing' device such as the Hak5 Pineapple to penetrate the network or perform other wireless attacks using intelligence gathered from war driving. Sniffing is not necessarily malicious; it may be used as part of an internal audit of the network system.

Chief countermeasures

You have noted how vulnerable mobile computing can be. Fortunately there are effective defences against the threats involved.

Some security controls that might help mitigate the risks of mobile computing include:

  • Confirming wireless access points under the organisation’s control are configured to use WPA2/3. This ensures that traffic is encrypted, and each channel is secure. Connections which use Wired Equivalent Privacy (WEP), encryption shouldn’t be allowed because they’re easily hacked.
  • Ensuring laptops have encrypted hard disks so that, if the device is lost or stolen, the information is safe. Full disk encryption should be a requirement when new hardware is procured.
  • Educating users on how to avoid social engineering attacks is a must. Users should know how to calculate the risks of using open-access internet zones, how to protect their devices when they’re travelling, and how to assess the risk of transporting confidential or personally identifiable information, including large datasets. Effective training can improve user habits and reduce exposure to risky situations.

For more on WPS vulnerability see this link to a guide on cracking Wi-Fi.

Here is an example of a WPS being hacked.

Clearly, with the constant advancement of mobile tech, users should cultivate security awareness in order to best avoid emerging threats. Along with a solid hardware and network security, user best practice can help prevent mobile infiltration and data breaches occurring in the first place.

What's next?

Next, you will hear our expert Mark talking about wireless (WLAN) systems and the risks and solutions involved in their use.

Difficulty
Beginner
Duration
30m
Students
17
Description

In this next course you will be taking a closer look at network security issues. These include old technologies like PSTN as well as more recent ones like VoIP, as well as staples like email and mobile.

About the Author
Students
23707
Labs
113
Courses
902
Learning Paths
43

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.