Threat and Security Issues in Mobile Computing
Mobile computing provides a variety of wireless devices that has the mobility to allow people to connect to the internet. It provides wireless transmission to access data and information from the locations they are stored.
There are mainly three aspects of Mobile computing
As we know that mobile computing is the communication between computing devices without any physical connection between them, we use wireless networks to establish connections in mobile computing. So there are always some chances of threats and security issues due to wireless connections.
Mobile Computing faces many improper and unethical practices and problems such as hacking, industrial espionage, pirating, online fraud and malicious destruction etc. The threats and security issues of mobile computing can be divided into two categories:
General Security Issues
There are mainly five fundamental goals of security used in the information system to deal with security issues. They are:
This is used to prevent unauthorized users from gaining access to any particular user's critical and confidential information.
This is used to ensure that any type of unauthorized modification, destruction or creation of information cannot be done.
The availability is used to ensure that authorized users get the required access whenever they need it.
This is used to ensure that only authorized, and legitimate users have access to the services.
Accountability is used to ensure that the users will be responsible for their security-related activities by arranging the users and their activities in a linked form.
We have to achieve these goals according to the security policy used by the service providers.
Wireless Security Issues
Wireless security issues are considered as the primary security issues of mobile computing. These are related to wireless networks. These issues occur when the hackers intercept the radio signals. Most wireless networks are dependent on other private networks, which are managed by others, so after these issues, the users have less control of security procedures. These security issues are:
Denial of Service (DOS) attacks
The denial of services or DOS attacks is one of the most common attacks of all kinds of networks and especially in a wireless network. It prevents users from using network services because the attacker sends a large amount of unnecessary data or connection requests to the communication server. It causes a slow network, and therefore the users cannot get benefitted from using its service.
Traffic analysis is used to identify and monitor communication between users. In this process, the service provider listens the traffic flowing in the wireless channel to access the private information of users affected by the attacker.
It specifies that the attacker can log on to the wireless network and access sensitive data if the wireless network was not secure enough. This can also be done if the information is not encrypted.
Session Interception and Messages Modification
It specifies that the attacker can intercept the session and modify the transmitted data in this session. This scenario is called "man in the middle." It inserts the attacker's host between the sender and receiver host.
In this security issue, the attacker impersonates him as an authorized account of another user and tries to access the sensitive data and unauthorized services.
Captured and Retransmitted Messages
In this security issue, the attacker can get some of the network services by getting unauthorized access. After capturing the message, he/she can reply to it with some modifications to the same destination or another.
Device Security Issues
Mobile devices are very prone to new types of security attacks and fraud issues. These issues are not only because of the mobile devices' vulnerability but also because of the sensitive data that the mobile devices have stored. These security issues and threats such as Virus, Spyware and Trojan may damage or destroy the mobile devices and steal the information stored on them. A virus is a part of malicious software or spyware that tends to gather information about the user without his/her knowledge.
Following is a list of some mobile computing security issues we face using mobile devices:
In the push attack, the attacker creates a malicious code at the user's mobile device by hacking it and then he/she may spread it to affect other elements of the network.
The pull attack is a type of attack where the attacker controls the device and handles it in his/her way. He can decide which emails they want to receive. In this attack, the user can decide about the obtained data by the device itself.
In this security issue, the attackers convince the mobile end-point or the mobile user to drop its connection and re-connection to get a new signal. Within this process, they insert their device between the mobile device and the network and steal the information or do the fraud.
The multi-protocol communication provides the ability of many mobile devices to operate using multiple protocols. For example, A cellular provider's network protocol. Most of the protocols have some security loopholes, which help the attacker to exploit this weakness and access to the device.
This security issue may occur because of the mobility of the users and the mobile devices. You may face these security threats due to a user's location, so you must replicate the user profiles at different locations to allow roaming via different places without any concern regarding access to personal and sensitive data in any place and at any time. This repetition of sensitive data on different sites can increase seethe chances of security threats.
These types of security issues occur when mobile devices go to different places. It occurs in the form of frequent disconnections caused by external parties resulting in the handoff.
Personnel security issues or insider attacks
These are the non-technical attacks. They are occurred due to the lack of awareness of security policies. Due to this reason, many times, security breaches occur. Even though corporate has standard policies for mobile device security, many employees don't understand its risks. It is found in a study that most of the security risks and threats (almost 72%) occur because of careless employees than hackers (28%). It shows the importance of implementing a strong combination of technology and security awareness within an organization.
How to handle security issues?
The biggest issue in mobile computing is the credential verification of users. Because the users share the username and passwords, it may become a significant threat to security. Due to this sensitive issue, most companies are very reluctant to implement mobile computing. Some recommendations can be followed by companies or mobile users to keep their mobile devices and the data stored in the devices secure.