Mobile Security: Mobile operating system comes in four flavors: Blackberry, Windows Mobile, Google Android, and Apple iOS. Of these, the Apple iOS and Google Android operating systems are by far the ones most commonly found on modern devices.
In order to simplify the examination of mobile operating system and devices in this post, the discussion will consider only iOS and Android.
NOTE: Of the mobile operating system available, the Android operating system dominates with about 83 percent of the market share.
Second place in the market is Apple’s iOS with about 14 percent and Windows and Blackberry owning 2.6 percent and .3 percent, respectively.
An estimated 1.5 billion devices are running the Android OS worldwide, and this trend is showing no signs of slowing down anytime soon.
Both of these operating systems have been designed to address some of the most basic threats and risks right out of the box, such as the following:
- Web-Based Attacks.
- Network-Based Attacks.
- Social Engineering Attacks.
- Resource and Service Availability Abuse.
- Malicious and Unintentional Data Loss.
- Attacks on the Integrity of Data.
Before analyzing the security models of these two operating systems, a brief recap of each of these attacks as they relate to mobile devices might be helpful:
Web and Network Attacks: These are typically launched by malicious websites or compromised legitimate websites.
The attacking website sends malformed network content to the victim’s browser, causing the browser to run malicious logic of the attackers choosing.
Malware: Malware can be broken into three high-level categories: traditional computer viruses, computer worms, and Trojan horse programs.
Much like traditional systems, malware does plague mobile systems, and in fact there are pieces of malware designed exclusively for mobile devices.
Social Engineering Attacks: Social engineering attacks such as phishing attempt to trick the user into disclosing sensitive information.
Social engineering attacks can also be used to entice a user to install malware on a mobile device.
In many cases social engineering attacks are easier to accomplish on mobile devices largely because of their personal nature and the fact that they are already used to share information on social media and other similar services.
Data Loss: Data loss occurs when a device used to store sensitive data is either carried away by a malicious person or is lost.
While many of these situations can be mitigated through encryption and remote wipes, the problem is still very serious.
Data Theft: This is one of the bigger problems that have emerged with mobile devices because criminals target them for the information they contain.
Malware has been observed on mobile devices that steals sensitive information.