By end of 2017, there will be approximately 4.77 Billion mobile users around the world. Not just humans, tangible devices like cars, TVs, Remote controls, Refrigerators, etc. will also be connected to the smartphones. Infact, according to a report by CISCO, there will be more than 50 Billion connected devices by 2020. Even enterprises are not shying away from adopting this trend with 725 of them already permitting BYOD. While this does ensure that the world will be a truly connected network, but then this increase in adoption of mobility also has its own downsides in the form of privacy and security threats.
With growing hacking and phishing attacks, mobile devices have become an easy target for security breach, which is an alarming threat for the enterprises. Corporate data and technical information are at risk as they can be easily attacked. Enterprises need to identify these threats and implement policies to deal with them at the earliest. Today we outline 7 such threats that can prove to be headache for the IT departments in the enterprises.
Download Whitepaper: Security Testing Guidelines for Mobile Apps
1. Data Leakage
The most important risk, and a critical one too, that enterprises generally face is the safety of their data. It is a well-known fact that all the private, confidential and technical data and information is stored on private servers, which are accessed by the employees on a regular basis. Attackers therefore have an easy target as they can employ some illegitimate strategies that will allow them to enter into the server and copy all the saved data. They can also employ codes to erase the data after having saved them on another server, which becomes an even more concerning problem to the enterprise.
According to StaySafeOnline.org, the first step is STOP. THINK. CONNECT. “Today’s mobile devices are as powerful and connected as any PC or laptop. Take the same precautions on your mobile device as you do on your computer with regard to messaging and online safety” reads one of their reports.
According to a 2014 cybersecurity report, Malware infections affect nearly one-fifth of businesses. Malware can be referred to as any malicious program that causes harm to your smartphones. Malware can be a piece of code, an application or a virus package that causes damage to both data and device. These disrupt operations, allow illegal data mining and in some cases give access to your device on a whole to the attackers. All your private data, key passwords and corporate mails may be at risk because of the malware. This can have ruinous results and harm the company and its servers on a large.
Spyware is a yet another familiar technique that is used to obtain personal and organizational information from mobile devices. Trojans, adware, and cookies are different resources from which such information is gathered and sent to another entity without having any legal consent from the user. When these spyware applications send information over smart phone networks, they actually open a large information gap that is challenging and tricky to overcome in a corporate environment.
5 Mobile Application Testing Goof ups
Download this checklist
4. Unsecured Connection
It is a known fact that Wi-Fi setups provide better speed and connectivity when compared to mobile data services and hence it is the most preferred choice by many. But then not many are aware that unsecured Wi-Fi networks are potent threatsthat can steal information and data from your device. These free Wi-Fi networks attack your device by gathering all your registered cookies and saved personal information on various sites and accounts. To avoid such problems, always connect to only known Wi-Fi networks and also ensure that they are well protected by employing different security checks.
5. Illegitimate Permissions
Many-a-times users simply give away all the permissions that are requested by the app without questioning the need for some unrelated permissions. They do not realize that all their personal and corporate data may be at risk because of risky permissions that shouldn’t even have existed in the first place. Enterprises can choose to highlight some of the data hungry apps and intimate their employees to avoid installing and using such apps on their smart phones.
6. Phishing attacks
85% of organizations have faced phishing attacks at least once. Mobile devices connected to data services and Wi-Fi setups are always under the scanner, especially while entering details like server passwords, bank accounts, and other such confidential information. Mobile security for such services is not as strong and reliable as for desktops and hence they can be easily targeted by phishing agents. Enterprises should make sure that they do not promote using mobile apps while carrying out financial transactions or for transferring sensitive data.
Source - Wombat Security
7. Improper Session Handling
In order to facilitate ease of access on mobile for transactions, many apps use “tokens” for simpler and faster processing. Tokens aid users in such transactions by allowing them to avoid multiple authenticity checks that may be requested by the service to confirm their identity. All the gathered data is stored in the form of “session-data” and is temporarily saved on the server. If sessions aren’t closed properly or if there is any issue during the transaction then this may provide a chance to the attackers to plagiarize data for their own needs.
We at gomadeindia are committed to creating secure mobile solutions that can help enterprises in adopting mobility sustainable. At gomadeindia, we provide in-depth security testing of mobile applications and devices to identify the potential vulnerabilities. Get in touch with one of our testing experts to arrange for a free consultation.