The internet has become almost ubiquitous in the developed world and beyond with the advent of the smart phone and tablet computer. As such, staying secure and keeping information private has become an issue of utmost importance way beyond the traditional computer desktop. Writing in the International Journal of Information and Computer Security, computer scientists from the Ulster University, UK, have surveyed the security mechanisms that are now in place and their shortcomings.
Kevin Curran, Vivian Maynes and Declan Harkin reveal the whys and wherefores of encryption, authentication, remote wipe capabilities, lost phone hotlines, firewalls and anti-virus software. They also discuss the notion of a false sense of security that the implementation of such tools can bring and the loopholes that exist in the likes of Wi-Fi, Bluetooth and other wireless connectivity protocols.
The team points out that while many people are vaguely aware of privacy and security concerns many do not take the time to ensure that the information on their phones – their photos, bank details, account logins and such – are secure. They report that a survey by Information Week revealed that only half of smart phone users have their phones set to auto-lock with a PIN or password. Moreover, very few encrypt their emails making the details travelling to and fro across the mobile networks and Wi-Fi vulnerable to snoopers looking for backdoors into your financial accounts and other sensitive logins. It also leaves user vulnerable to being spied upon by government agencies.
“No one mobile OS is inherently more secure than another. They each have strengths and quite often the more popular one can be more secure but due to popularity, that is where most hacker attacks are aimed,” the team says. Users of Android, Apple or Microsoft smart phone operating systems are all vulnerable to hacking and snooping, some more so than others, but also depending on the third-party applications, or apps, one installs on the device.
The team suggests that primarily the onus is on the service providers. “The wireless network operators need to take responsibility for providing a secure, efficient mechanism of communication,” the team asserts. Secondly, “The mobile devices themselves need to incorporate system-level security to ensure they are not susceptible to attacks in both network and virus format.”
Curran, K., Maynes, V. and Harkin, D. (2015) ‘Mobile device security’, Int. J. Information and Computer Security, Vol. 7, No. 1, pp.1–13.