Class: NCS 320 Information Assurance Fundamentals
A Window into Mobile Device Security by “Carey Nachenberg & VP, Fellow”
The article had discussed the security weaknesses related to the two most widely used OS’s: Android and iOS along with the possible risks associated with those weaknesses. Nowadays, phones became more than just a mean of communication, now they serve more as portable computer that can be used to access corporate services, view data and conduct various transactions. Most of these devices have no administrative control over them, thus leaving sensitive data vulnerable.
Both Operating systems have their own security flaws. Each OS was tested to determine their resistance ...view middle of the document...
Each app is then tested by the Apple for various malicious activities. If the app is found to be clean of any threats, only then it will be released to app store. Registration process ensures that in case if an attacker decides to release a piece of software with malware attached to it, his plans will be uncovered and the attacker will be identified and prosecuted. Such approach proves to be effective against malware attacks, data loss/integrity attacks, and denial of service.
The exception will be “jailbroken devices”, these devices have their provenance system disabled, and therefore can install software from any source.
Encryption: The iOS offer high degree of protection with its encryption techniques. However, it has its own flaw. IOS needs to keep a copy of the encryption key around at all times to provide data to the background applications. The majority of the data on each device is encrypted in such a manner that it can decrypted without the need for the user to input the device’s master passcode. This means that an attacker with physical access to the device and with a functional jailbreak attack can potentially read most of the device’s data without knowing the device’s passcode.
Isolation: Another strong feature of the iOS. The iOS operating system isolates each application on the system from viewing or modifying another apps data, logic, phone’s SMS and email in/out boxes. Such isolation system totally prevents traditional types of computer viruses and worms and limits the data that spyware can access. On the negative side, iOS apps are given unrestricted access to the internet.
None of the iOS protection techniques addresses the weakest link in any device, the user. This leaves iOS very vulnerable to Social Engineering...