How Mobile Security Works

Mobile security is as critical as the PIN number on your ATM card or the lock on your front door. The sad truth is that there are people in this world who will exploit any security vulnerability if there's money behind the door. As mobile devices become mobile wallets, we are already seeing the rise of virtual pickpockets.

The good news is that, at least for the moment, mobile security is staying ahead of the hackers. The Internet has been widely used for 15 years, and over that time, computer security researchers and companies have devised a set of strong standards for locking out attackers. Most of these same standards have already been applied to mobile devices and data networks.

Even with mobile security standards like encryption and passcodes, mobile device users need to be aware of common mobile security threats and how to defend themselves. Keep reading for a rundown of the major mobile security threats and alerts.

Malware continues to be the most dangerous threat to mobile device users. As we discussed on the previous page, malware is malicious software code that can steal sensitive information like passwords and account numbers, rack up charges on your phone bill, or spread itself through your address book like a virus. According to Web security firm Juniper Networks, malware attacks on mobile devices rose 250 percent from 2009 to 2010 and 400 percent from 2010 to 2011 [source: Juniper Networks].

Loss and theft are two serious security threats to mobile devices. As devices get smaller, they become easier and easier to lose. And the more we rely on these devices to send and store messages, access our bank accounts and conduct business, the greater the consequences if they fall into the wrong hands. Two of the most effective mobile security measures are remote lock and remote wipe. Enterprise mobile security systems invariably include this feature, which allows a user or an IT administrator to lock the phone if lost, and even to wipe its entire memory remotely. Many devices also include GPS tracking features to locate the phone or even activate "screaming" alarms that can be heard from the bottom of a user's laundry basket.

Network security is less of a threat, since most communications over cellular data networks are strongly encrypted. One remaining threat is communicating over an unencrypted WiFi network. Be careful when sending e-mails or texts over a public WiFi network at the local café. It's possible that a WiFi "sniffer" could be listening in on the traffic and trolling for useful information.

Other security threats are common to anyone who uses e-mail or the Web. In a phishing scam, for example, a hacker will send an email posing as a legitimate bank or business and ask for the user to enter his password or some other piece of sensitive account information. As more people access their e-mail from mobile devices, they need to use the same caution they would at home or the office.

Now let's look at one of the most potentially lucrative targets for malicious hackers: mobile banking.

It seems that Americans will do just about anything to avoid going to the bank. The proof lies in the overwhelming popularity of mobile banking. According to a September 2011 survey by the American Bankers Association, 62 percent of Americans prefer to do all of their banking online, up from 36 percent a year earlier [source: ABA]. And now most banks offer mobile apps to access the same services -- balance inquiries, transfers, bill pay -- on a smart phone or tablet. A few years ago, USAA became the first bank to offer mobile deposits, in which a customer snaps a picture of the front and back of a check with his or her phone and the funds are immediately credited to the account [source: Stellin].

SMS banking is a popular method of mobile banking, but can be less secure than using a mobile banking app. Incoming and outgoing SMS messages are stored on your phone, and a thief could potentially piece together your old messages to access your account. Banking apps, on the other hand, don't store any account information or passwords on the device itself. Also, banking apps communicate with the bank's servers using the institution's own encryption algorithms, protecting the integrity of data from device to bank account and back [source: Howard].

For the safest mobile banking experience, smartphone and tablet users should never save their passwords to online bank accounts in the device's browser. You should also refrain from conducting online banking sessions over public WiFi networks or any WiFi connection that may not be encrypted. Lastly, make sure to close all browsers and banking apps when your session is ended.

The good news is that banks like Wells Fargo and Bank of America have online banking guarantees that extend to their mobile users. These guarantees offer 100 percent fraud coverage as long as you don't do something silly like e-mail your Social Security number to a stranger from the Ukraine.

For more information on Web security and mobile devices, follow the related links on the next page.