A survey by NQ Mobile and National Cyber Security Alliance (2012) highlights that mobile phones ’ have shown rapid growth across the world. Economic Intelligence Survey (2011), in its report adds that today about 4 billion people use different makes. Among these, 3 billion uses phones for texting and making calls, 1 billion uses smart phones for different internet activities. However, studies show infancy in the smartphone usage growth. Cybercrimes continue to present a lot of challenges to the lawmakers because they lack geographical boundaries, are easy to commit, they illegality is never crystal clear, they are constantly emerging, and the crimes can be committed with no physical evidence (Ruggiero & Foote, 2011). The nature of cybercrime makes challenging to lawmakers, international legal institutions, and law enforcement agencies.
Cybercrime trends on portable devices are on the increase. With the growth of 4G and 5G wireless networks, internet attacks are expected to increase. This will be enhanced by the fast pace of growth in the industry and constantly falling prices. Researches have shown a fast shift of technological application behavior from desktops to laptops and towards smartphones (Economic Intelligence Survey, 2011), Mostly, the influence of internet usage has been the change in the workplace behavior. Internet has made workplace to become embedded and pervasive on computation power. Smartphones ascendancy in the organizations is associated with work productivity, easy mobility and even increase in home offices due to cyber mobility. Cyber mobility will increase work capacity and competitiveness, however, it will attract numerous challenges to the users and organizations (NQ Mobile and National Cyber Security Alliance, 2012). Despite its first growth, there still no policies or legal frameworks particularly for this crimes as most states still categorise them under computer crime.
Delegate your assignment to our experts and they will do the rest.
NIST (2013), indicated that cyber systems create destructions at self-levels, and importantly at organization levels. Most organizations are fighting to centralize their information, which is a valuable organization asset. Reports have cited organization cyber threats at 62 per cent (NIST, 2013). This is because organizations financial, supply chain and communication system has been rendered under technological management. People, however, have not developed effective measures to manage challenges associated with cyber destruction. Policy developers such as Sarbanes-Oxley, and PCI and HIPAA, still face numerous data breaches (NIST, 2013). Most companies have heavily relied on internal policies than external ones to deal with cybercrimes.
Smartphones with advanced features have become personal belongings. Their popularity and lax security measures have made them more vulnerable to cyber threats as compared to computers. In the market, smartphones have outsold notebooks and PCs increasing chances of attacks, “from 2009 to 2010, the number of new vulnerabilities in mobile operating systems jumped 42 per cent. The numbers and sophistication of attacks on mobile phones is increasing, and countermeasures are slow to catch up” (Ruggiero & Foote, 2011). The crimes committed against unsuspecting victims often lacks legal definitions and can only be defined by such elements as extorting, altering, deleting, deceiving, damaging, or defrauding. They also include wrongfully obtaining, controlling money, data, or property on computers without permission, assisting other individuals access computer, computer service disruption, or contaminating a network or system. The legal approach fails to meet the cyber trends rather specific segments, such as mobile device crimes.
The OMB researchers (2006), documented that personal digital assistants and smart phones enable users to access internet, email, PS navigation, and other online applications. Unlike the traditional security systems, smart phone security has never kept pace with the increasing cybernetic demands. Technical security assistants including antivirus, firewalls, and encryption, are very uncommon applications in mobile phones. Additionally, unlike PCs mobile phones Operating Systems lack frequent updates to keep pace with the recurring nature of threats. The worst part is that most mobile users have no knowledge of the security threats. Most users give little attention to security aids such as antiviruses, and they strongly believe that unlike computers internet surfing through phone offer no threats as compared to PCs (OMB, 2006). Often, this is because of legal failures to identify the devices as unique targets.
The enhanced purpose of smart phones has not only improved individual satisfaction in surfing, data storage for activities such as email passwords, calendars reminders, contact information, and bank details. Corporates sector also uses these portable materials to store data, send vital information and send vital management and marketing information. Essentially, some organizations use these gadgets to make online payments (National Institute of Standards and Technology, 2010). There are strong laws protecting money frauds but when it is undertaken through cyber network, it is challenging not only to trace the attackers but only to define the legal aspect of the crime.
According to the National Institute of Standards and Technology (2010), PCs face numerous security challenges, while mobile phones attributes of portability, usage, and comparability enhances their risk. Portability nature of mobile phones makes them easy to steal. Such owners lose data, which include vital personal and corporate information. An attacker can gain access to the stored data and retrieved vital information. Smartphones are at risk of numerous apps, which are presented to be legitimate for given Operating System. Some unregulated apps can create accesses locked information. According to the report by National Institute of Standards and Technology (2010), “some users “root” or “jailbreak” their devices, bypassing operating system lockout features to install these apps” (National Institute of Standards and Technology, 2010, p.1). The slow process of amending laws makes it hard for lawmakers to keep pace with the fast changing trends of cybernetic world that allows for the proliferation of new modes of attack.
Based on Lookout Mobile Security findings, (2011), just like the PCs, mobile phone software can easily be exploited when exposed to untrusted sites or under through attacker ’s vulnerability. Attacks have been attempted to crash given application software, eaves drop, or simply to destroy the system. Since users are unaware, such attacks can be triggered by simple clicks to enable a given app (Wood, 2012). Passive attacks are received by installation of a device that exposes a phone to vulnerability or through background networks. Phishers entices mobile uses to give some vital information or install malwares (Based on Lookout Mobile Security, 2010). Phishers that targets emails collects valuable information from PCs, which have better firewall as compared to smart phones. Phones exposures risks are also higher than PCs due to vishing and smishing (malicious voice calls) and MMS and SMS messages respectively. Mostly they attack phones with no advance network and wireless securities (Lookout Mobile Security, 2010). Phishers also trick smart phone users to respond to some ghost charges such as bills and other standing charges. In some cases, they convince the mobile phone users to respond to donations or charity quests.
Wood (2012) notes that the worst misconception mobile phone users apply is that PCs are more vulnerable to attacks as compared to mobile phones. In fact, people draw a lot of attention to protect their PCs from attacks and other malware than they do to their phones. Just like PCs, malicious programs set a phone into attacker line of manipulation (a “botnet”). Some malware sends critical device information that gives attacker full control of the cell phone. Consequently, phones, once infected can spread virus to either phones or PCs it has connection to. Normally, a phone loss result into lose in call histories, photos, text messages, contact information. However, with smart phones, “this can endanger important information such as usernames and passwords used to access apps and online services, financial information stored on the device in banking and payment apps” (Ruggiero & Foote, 2011, p.3). The trends are dynamic to the extends they become obsolete as soon as criminal detectives master how they work, sending them off balance.
The document report by Ruggiero and Foote (2011) also shows that mobile devices have other numerous vulnerability challenges based on their developers. Depending on the smart phone developer, the most cited vulnerabilities affecting mobile devices are failure in creation of password protection, lack of ability to intercept different malwares, and having operating systems that lacks the latest security patches. Evolvement of cyber-attacks has been pointed towards corporate weakness and poorly developed smart phone brands. For example, a United Kingdom regulatory body, in 2012 fined an organization for distribution of gaming apps, which sent very expensive messages without the authority of the users (Ruggiero & Foote, 2011). In 2012, Symantec Corporation did report of malware infecting androids in China and creating botnet connections. The attackers controlled the androids by manipulating their texting system to some given premium numbers and connecting to pay view videos. Such thefts affected between 10 and 30 individuals and generated millions of dollars annually to the attackers. On the other hand, an antivirus organization identified that hackers were subverted searches for top popular domain to illegal sites that prompted users to download fake antiviruses. FTC in 2011, settled unfair practice case after with an one company when the consumers personal files were disclosed unwittingly including videos and pictured that were stored in the tablets and smartphones. It was realized that the company did configure its apps to public view default such that videos, documents and photos were automatically viewed publicly (Ruggiero & Foote, 2011). Evidently, most mobile counter attacks are individual responsibility rather than legal interventions.
A research carried out by Economic Intelligence Survey (2011), indicated that mobile devices have numerous varieties of threats. They range from intentional to none intentional cyber challenges. Usually, unintentional threats come from defective equipment or poor software upgrades the erroneously courses harm to the device data. “Intentional threats include both targeted and untargeted attacks from a variety of sources, including botnet operators, cyber criminals, hackers, and foreign nations engaged in espionage and terrorists” (Economic Intelligence Survey, 2011, p.1). Several factors influence attack capacity such as the actors’ capabilities, their motives i.e. political and monetary gain, and their readiness to act. Given example, cyber criminals use several attack various attack methods to gain access to sensitive data transmitted or stored in mobile devices.
Apps stores have contributed significantly to the issues affecting mobile threats. The Information Security Agency (ENISA), 2011 report shows that involving the apps stores. The report indicates that malicious apps harm mobiles by mining important information from the users. According to the report, the biggest threats in this area has been “various versions of Zeus MitMo, a malware that hides in the background of mobile apps and allows the perpetrators to gather information from unsuspecting users” (Economic Intelligence Survey, 2011, p.1). currently, there are no regulation in place on how apps should operate. It is individual’s responsibility to identify which apps they should download and the ones they should be careful about.
Mobile phones back up system unlike for PCs are much undeveloped. The mobile recovery system is inefficient such that once data has been infected, it cannot be recovered. According to Robison of ENISA, once the nature of data changes in the devices due to malicious attempts, it always difficult to restore the information. He says, "But nowadays cyber mobility is hard to separate from cloud computing. A s a result, mobile security has to be closely tied to cloud security” (EIS, 2011, p.1). The surest way of ensuring mobile information safety is creating an environment where all inference material is adequately achieved. However, this has turned out to be complex as attacker too uses the same platform. Based on study results, 66 per cent cases of mobile phones insecurity comes from losses while 55 are attributed to poor backups. The major source of cyber insecurity originates from downloads, resulting into 51 per cent of noted threats. 52 per cent of sources of threats emanate from insecure networks sources. Many scholars have also noted remote connections to be a constantly source of threats. The worst part is that mobile users have limited knowledge over the harmful apps and the best ways of managing mobile security issues (Economic Intelligence Survey, 2011). Education and sensitization remains the best approach of dealing with the current wave of mobile attack rather than dependency on the legal frameworks.
According to CSRIC (2011), at organization level smart phones are a major source of insider information theft. Just like Wikileaks, most valuable information is infiltrated beyond the organizational walls that are normally used by computer or groups with vested interest in internal affairs. The portability nature of the phones makes them more vulnerable to leaking information as stealing them from top managers is never difficult.
The reports show that most organizations lack corporate policies that man smart phones usage. At the national level, there are no up-to-date legal provisions to curb the constantly changing cyber world. Remote sharing in the organization exposes the organization to a lot of threats since some devices may be under attack. Poor implementation of cybernetic security procedures has been pointed as a serious threat to organizations since the entire organization data and communication system can be under attack. At the same time, small loopholes can be detrimental once attackers identify them. Several companies have lost data, financial information and security passwords to vital accounts (CSRIC, 2011). IT experts have a duty to educate, create awareness, and sensitize users on secure use of mobile applications. The current laws regulate the developers’ environment but has limited provision for the users because of the highly dynamic attackers space.
References
CSRIC. (2011). Working Group 2A Cyber Security Best Practices , Final Report. Washington D.C.
Economic Intelligence Survey (EIS). (2011). Cyber security in the age of mobility: Building a Mobile Infrastructure that Promotes Productivity.
Lookout Mobile Security. (2011). Lookout Mobile Threat Report. California: San Francisco.
NQ Mobile and National Cyber Security Alliance. (2012). Report on Consumer Behaviours and Perceptions of Mobile Security . Retrieved; http://docs.nq.com/NQ_Mobile_Security_Survey_Jan2012.pdf.
National Institute of Standards and Technology. (2010). Guidelines on Cell Phone and PDA Security (SP 800-124). http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf
OMB. (2006). Memorandum for the Heads of Departments and Agencies: Protection of Sensitive Agency Information M-06-16 (Washington, D.C.: June 23, 2006).
Ruggiero, P. & Foote, J. (2011). Cyber Threats to Mobile Phones. United States Computer Emergency Readiness Team. Carnegie Mellon University.
NIST. (2013). Guidelines for Managing the Security of Mobile Devices in the Enterprise. Retrieved from: https://csrc.nist.gov/csrc/media/publications/sp/800-124/rev- 1/final/documents/draft_sp800-124-rev1.pdf.
Wood, Paul. (2012). Internet Security Threat Report, 2011 Trends. Symantec Corporation, Vol.17.