Security Fundamentals

Defensive Measures on Personal Digital Devices

BYOD

The preceding section examined some of the security features present on mobile or personal digital devices. Many of these features are also present on laptop and desktop devices but it was suggested that most users don't activate them on their personal device because they are unaware of the risks or because they don't know how to.

Increasingly though, people are using their own mobile devices (tablets, smart-phones) for work. So its becoming increasingly important to be aware of their particular vulnerabilities, especially to the company or organisation they work for. These vulnerabilities are mainly due to:-

  • Their mobility.
  • Their ownership.
  • Their interaction with other networks.
  • Exposure to unknown applications
  • Use of untrusted content.
  • Use of location services.
Bring your own device (BYOD)

1. Mobility

Mobile devices, are well um ... mobile, and so require additional protection because they are exposed to a higher degree of risk than other devices. Laptops and desktops are generally used in a restricted range of places, home and office. Mobile devices on the other hand are used everywhere, from offices, coffee shops to buses and walking. All these different environments can expose their device to being compromised.

Also by definition, mobile devices are light and small. This means they are easy to forget, leave around and be stolen, all providing potential hackers an opportunity to get in and recover sensitive data.

Being used out and about gives potential attackers to look over a teleworker's shoulder to see sensitive data on the screen. Additionally, they can potentially get a good view of PIN numbers being entered: user-names are generally not required because it is assumed one user per device, where are there might be multiple user account need on laptop or desktop machines.

While the threat of observation can appear overstated, the video opposite shows the sophistication of attacks and the speed at which people can obtain sensitive data.

BYOD Ownership

2. Ownership

Many personal devices which people take to work are personally owned, and so lack the security precautions that are taken on company owned machines.

Mobile devices are commonly jail-broken or rooted compromising the security features of the operating system, allowing them to be used as a gateway for hackers to use to gain access to company networks.

3. Interaction with other networks

Mobile devices will connect to a range of networks including networks at work, at home through cable and WiFi. This makes them susceptible to eavesdropping and 'man-in-the-middle' attacks to intercept or modify data being passed through the network. Companies can't guarantee the security of these other networks or that the data is encrypted before transmission.

Multiple network connections
Exposure to unknown apps

4. Exposure to unknown applications

Mobile devices are designed to make it easy to download and install third-party applications. With the devices owned by employees each downloading their own choice of apps, the organisation is going to be exposed to a wide range of unknown software. And it would only take one, to infect the entire organisational network.

5. Use of unknown content

Organisations have no control over the content that owners may view or use and mobile devices can encounter content not commonly available to other type of devices. For example, mobile device with the use of camera can use Quick Response (QR) codes that can take users to particular websites. It is possible to use a targeted attack and place QR codes to link to malicious website where people gather.

Unknown content
Plocation services

6.Use of location services

A lot of mobile users activate location services that work together with GPS allowing the user to plot their position on a map and to enable 'find my device' services. They also work with social media and 'find my friend' apps. From the organisations point of view this increases the risk of a targeted attack, as hackers can discover where their potential target and their device are.

Even if their GPS and location services are turned off, it is becoming increasingly common for websites and apps to determine a person's location, based upon their internet connection.

Tasks

Time for some answers. Create a page in your notebook titled Defensive Measures.

  1. Make a list of six features of mobile devices that place them at greater risk from hacking and malware than desktop or fixed devices.
  2. For each feature, explain why it increases the risk of hacking and malware infection.
  3. In each case, describe what you would do, to reduce the risk of a successful attack.
Mobility
You should be able to:-
  • Provide some characteristics of personal digital devices that make them at greater risk of attack.
  • Provide examples of defensive measures that could be taken to minimise the risks of successful attack on personal digital devices.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee