How Mobile Security Works


You'd protect your computer from hackers and other online predators, and it may be time to consider the security of your smart phone.
You'd protect your computer from hackers and other online predators, and it may be time to consider the security of your smart phone.
Yagi Studio/Getty Images

Unfortunately, consumers aren't the only ones making the shift to mobile devices. Malicious hackers and identity thieves are following close behind. As more and more people use their smartphones and other mobile devices to do online banking, pay bills, and store critical personal and business information, more and more bad guys are trying to crack into this mobile gold mine.

Mobile security will be the key to winning the war against this new generation of cyber thieves. Mobile security can come in many shapes and forms. Some protections are built directly into the device you're using. For example, the iPhone ships with a default Autolock feature that requires the user to enter a password after a few minutes of inactivity [source: Sacco]. Other mobile security protections are built into the network, such as strong encryption standards for data travelling across cellular networks. But perhaps no mobile security device is as powerful as an educated consumer who keeps his or her personal information protected and avoids downloading suspicious applications or clicking on booby-trapped links.

Advertisement

Keep reading to learn more about the magnitude of the mobile security threat and what you can do to protect your gadgets and your money.

Is Mobile Security Necessary?

Mobile security is as critical as the PIN number on your ATM card or the lock on your front door. The sad truth is that there are people in this world who will exploit any security vulnerability if there's money behind the door. As mobile devices become mobile wallets, we are already seeing the rise of virtual pickpockets.

The good news is that, at least for the moment, mobile security is staying ahead of the hackers. The Internet has been widely used for 15 years, and over that time, computer security researchers and companies have devised a set of strong standards for locking out attackers. Most of these same standards have already been applied to mobile devices and data networks.

Advertisement

Even with mobile security standards like encryption and passcodes, mobile device users need to be aware of common mobile security threats and how to defend themselves. Keep reading for a rundown of the major mobile security threats and alerts.

Mobile Security Risks and Alerts

Malware is a constant threat to mobile devices.
Malware is a constant threat to mobile devices.
Yuji Sakai/Getty Images

Malware continues to be the most dangerous threat to mobile device users. As we discussed on the previous page, malware is malicious software code that can steal sensitive information like passwords and account numbers, rack up charges on your phone bill, or spread itself through your address book like a virus. According to Web security firm Juniper Networks, malware attacks on mobile devices rose 250 percent from 2009 to 2010 and 400 percent from 2010 to 2011 [source: Juniper Networks].

Loss and theft are two serious security threats to mobile devices. As devices get smaller, they become easier and easier to lose. And the more we rely on these devices to send and store messages, access our bank accounts and conduct business, the greater the consequences if they fall into the wrong hands. Two of the most effective mobile security measures are remote lock and remote wipe. Enterprise mobile security systems invariably include this feature, which allows a user or an IT administrator to lock the phone if lost, and even to wipe its entire memory remotely. Many devices also include GPS tracking features to locate the phone or even activate "screaming" alarms that can be heard from the bottom of a user's laundry basket.

Advertisement

Network security is less of a threat, since most communications over cellular data networks are strongly encrypted. One remaining threat is communicating over an unencrypted WiFi network. Be careful when sending e-mails or texts over a public WiFi network at the local café. It's possible that a WiFi "sniffer" could be listening in on the traffic and trolling for useful information.

Other security threats are common to anyone who uses e-mail or the Web. In a phishing scam, for example, a hacker will send an email posing as a legitimate bank or business and ask for the user to enter his password or some other piece of sensitive account information. As more people access their e-mail from mobile devices, they need to use the same caution they would at home or the office.

Now let's look at one of the most potentially lucrative targets for malicious hackers: mobile banking.

Mobile Banking Security and Safety

It seems that Americans will do just about anything to avoid going to the bank. The proof lies in the overwhelming popularity of mobile banking. According to a September 2011 survey by the American Bankers Association, 62 percent of Americans prefer to do all of their banking online, up from 36 percent a year earlier [source: ABA]. And now most banks offer mobile apps to access the same services -- balance inquiries, transfers, bill pay -- on a smart phone or tablet. A few years ago, USAA became the first bank to offer mobile deposits, in which a customer snaps a picture of the front and back of a check with his or her phone and the funds are immediately credited to the account [source: Stellin].

SMS banking is a popular method of mobile banking, but can be less secure than using a mobile banking app. Incoming and outgoing SMS messages are stored on your phone, and a thief could potentially piece together your old messages to access your account. Banking apps, on the other hand, don't store any account information or passwords on the device itself. Also, banking apps communicate with the bank's servers using the institution's own encryption algorithms, protecting the integrity of data from device to bank account and back [source: Howard].

Advertisement

For the safest mobile banking experience, smartphone and tablet users should never save their passwords to online bank accounts in the device's browser. You should also refrain from conducting online banking sessions over public WiFi networks or any WiFi connection that may not be encrypted. Lastly, make sure to close all browsers and banking apps when your session is ended.

The good news is that banks like Wells Fargo and Bank of America have online banking guarantees that extend to their mobile users. These guarantees offer 100 percent fraud coverage as long as you don't do something silly like e-mail your Social Security number to a stranger from the Ukraine.

For more information on Web security and mobile devices, follow the related links on the next page.

Related Articles

More Great Links

Sources

  • American Bankers Association. "ABA Survey: Popularity of Online Banking Explodes." September 8, 2011 (Accessed Oct. 6, 2011) http://www.aba.com/Press+Room/090811ConsumerPreferencesSurvey.htm
  • Hildenbrand, Jerry. Android Central. "New GGTracker Trojan imitates Android Market to lure you in." June 20, 2011 (Accessed Oct. 6, 2011) http://www.androidcentral.com/new-ggtracker-trojan-imitates-android-market-lure-you
  • Howard, Niles. Bankrate.com. "Is it safe to bank by cell phone?" July 2, 2009 (Accessed Oct. 6, 2011) http://articles.moneycentral.msn.com/Banking/FinancialPrivacy/is-it-safe-to-bank-by-cell-phone.aspx
  • Juniper Networks. "Mobile Device Security  — Emerging Threats, Essential Strategies." 2011 (Accessed Oct. 6, 2011) http://www.juniper.net/us/en/local/pdf/whitepapers/2000372-en.pdf
  • Lookout Mobile Security. "Mobile Threat Report." 2011 (Accessed Oct. 5, 2011) https://www.mylookout.com/mobile-threat-report
  • Miller, Claire Cain. The New York Times. "For Hackers, the Next Lock to Pick." September 27, 2011 (Accessed Oct. 6, 2011) http://www.nytimes.com/2011/09/28/technology/companies-see-opportunity-in-stopping-cellphone-hackers.html?scp=1&sq=mobile security&st=cse
  • National Institute of Standards and Technology. "Announcing the Advanced Encryption Standard." November 26, 2001 (Accessed Oct. 6, 2011) http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
  • Newark-French, Charles. Flurry. "Mobile Apps Put the Web in Their Rear-view Mirror." June 20, 2011 (Accessed Oct. 5, 2011) http://blog.flurry.com/bid/63907/Mobile-Apps-Put-the-Web-in-Their-Rear-view-Mirror
  • Sacco, Al. PC World. "Six Essential iPhone Security Tips." October 12, 2008 (Accessed Oct. 6, 2011) http://www.pcworld.com/businesscenter/article/152128/six_essential_apple_iphone_security_tips.html
  • Stellin, Susan. "USAA Bank Will Let Customers Deposit Checks by iPhone." New York Times, August 9, 2009. (Accessed Oct. 10, 2011) http://www.nytimes.com/2009/08/10/technology/10check.html?_r=1&partner=rss&emc=rss