MOBILE DEVICE THREATS
Data Leakage
Mobile apps are often the cause of unintentional data leakage.
. These are typically free apps found in official app stores that perform as advertised, but also send personal—and potentially corporate—data to a remote server, where it is mined by advertisers or even cybercriminals.
can also happen through hostile enterprise-signed mobile apps.
Unsecured Wi-Fi
No one wants to burn through their cellular data when wireless hot spots are available—but free Wi-Fi networks are usually unsecured.
only use free Wi-Fi sparingly on your mobile device, and never using it to access confidential or personal services, like banking or credit card information
Network Spoofing
when hackers set up fake access points (connections that look like Wi-Fi networks but are actually traps) in high-traffic public locations such as coffee shops, libraries and airports.
cybercriminals give the access points common names, like “Free Airport Wi-Fi” or “Coffeehouse,” which encourage users to connect.
to using caution when connecting to any free WiFi, never provide personal information, and if you are asked to create a login, always create a unique password, just in case.
Phishing Attacks
Since mobile devices are always powered-on they represent the front lines of any phishing attack.
According to CSO, mobile users are more vulnerable, since they are often the first to receive legitimateseeming emails and take the bait.
Email monitoring is crucial. Never click on unfamiliar email links. On a smaller mobile screen, they can be even harder to verify. Always enter URLs manually to be as safe as possible.
Spyware
According to eWeek, while many mobile users worry about malware sending data streams back to foreign powers or international cybercriminals, there’s a key threat closer to home: Spyware
it’s not malware that users should be worried about, but rather spyware installed by spouses, coworkers or employers to keep track of their whereabouts and use patterns
Broken Cryptography
According to Infosec Institute training materials, broken cryptography can happen when app developers use weak encryption algorithms, or strong encryption without proper implementation.
. For example, it may not be possible for hackers to crack the passwords, but if developers leave flaws in the code that allow attackers to modify high-level app functions (such as sending or receiving text messages), they may not need passwords to cause problems.
Improper Session Handling
To facilitate ease-of-access for mobile device transactions, many apps make use of “tokens,” which allow users to perform multiple actions without being forced to re-authenticate their identity.
Secure apps generate new tokens with each access attempt, or “session,” and should remain confidential