So mobile devices are commonplace, and we know that just by opening our eyes and
However, a lot of common problems also occur that could be easy ways for an attacker to cause you harm:
One of the more common problems with mobile devices is that they quite often do not have passwords set, or else the passwords are incredibly weak. While some devices do offer simple-to-use and effective biometric systems for authentication instead of passwords, they are far from being the norm.
Although most devices support passwords, PIN codes, and gesture-based authentication, many people do not use these mechanisms, which means if the device is lost or stolen, their data can be easily accessed.
Unprotected wireless connections are also a known issue with many devices and seem to be worse on mobile devices.
This is more than likely due to owners of these devices being out and about and then finding an open access point and connecting without regard to whether it is protected or not.
Malware problems seem to be more of an issue with mobile devices than they are with other devices. This is due to owners downloading apps from the Internet with little concern that they may contain malware and not having an antimalware scanner on the device.
Users neglect to install security software on mobile devices even though such software is readily available from major vendors without restriction and is free. Many owners of these devices may even believe that malware doesn’t exist for mobile devices or that they are immune.
Unmaintained and out-of-date operating system software is a big problem. Similarly to desktop systems, patches and fixes for mobile OS software are also released from time to time.
These patches may not get applied for a number of reasons.
One of the bigger ones tends to be a provider such as AT&T tweaking stock Android into something that includes their applications and bloatware, not to mention adjustments.
When this happens, the patches and updates that Google releases may not work on those tweaked versions. In this case you would have to wait for some update to be made for your device by your provider before you can apply the patch. This process could take months or even a year and in some cases never.
Much like the OS, there may be software on the device that is not patched and is out of date. Internet connections may be on and insecure, which can lead to someone getting on the system in the same ways we discussed in earlier chapters on scanning, enumeration, and system hacking.
Mobile devices may be rooted or jailbroken, meaning that if that device is connected to your network, it could be an easy way to introduce malware into your environment. Fragmentation is common with Android devices. Specifically, this refers to the fact that unlike iOS there are a vast number of versions of the Android OS with different
features, interfaces, capabilities, and more.
This can lead to support problems for the enterprise due to the amount of variation and inconsistency. While these are some of the known problems that exist with mobile devices, they don’t necessarily represent the current state of threats, and you must do due diligence if you will be managing an environment that allows these devices.
One way to help you get a snapshot of the known problems in the mobile area is to use the Open Web Application Security Project (OWASP). OWASP is an organization that keeps track of various issues such as web application concerns, and it also happens to maintain top 10 lists of various issues including mobile device problems. You may want to check their site, www.owasp.org, periodically to learn the latest issues that may be appearing and that you could use in your testing process.