Mobile Device Insecurity : Need for us to be at alert!!

The growth of mobile devices in Nigeria has increased astronomically. According to statistics from www.martins.com.ng, Nigeria has 93 million mobile subscribers, representing 16% of Africa total of 620 million mobile phone connections as of September 2011. This is huge, and it places a lot of challenges on the shoulders of IT and Telecommunication practitioners in the country.  In the area of IT security, we have recorded a sharp increase in vulnerabilities risk level since we have these devices around. Mobile devices are transforming quickly into a solid and viable candidate to replace our current and typical computing platforms—including the PC and laptop. Many of these new tablets have microprocessor speed of up to 1.6GHZ Quad core, 2 GB RAM, with highly enhanced graphics.Following Moore’s Law, chip makers are now on the path to deliver 32nm system-on-a-chip (SoC) technology, which will enable more powerful computing capacity in a new breed of smaller devices. These devices will offer users an enriched experience when accessing the Internet and a whole new set of multimedia applications like 3D games and video. The features are promising in terms of the applications and solutions that people think their lives are a lot easier with these more powerful and energy-saving technology.

  A lot of owners of these sophisticated gadgets work in enterprise organization and also have their corporate office information like email, client data, mounted on their devices. Because the Internet is becoming increasingly open to hackers, crackers,phishers and ransom wares, there is need for us to be careful in the way we use these devices, especially in the work places. In most cases, we have these devices permanently connected to unsecured wireless networks which are potential sources of vulnerabilities, most of such WiFi connections open our personal information to the dangers of being hacked and exposed. With the advent of CBN cashless society in some part of the country, many transactions are going to be done electronically. There is need for a more robust identity management for mobile devices when using them to make electronic transactions and other e-commerce activities. A recent research conducted by one of the BIG 4 professional services firms, affirms that 70% of WIFI in Lagos metropolitan are running on very weak security platform. With many of them implementing clearly weak 128-bit wep key security code. Certainly, this calls for caution on the part of users and the operators/security experts need to develop solutions at Application layer for these mobile devices to secure sensitive information such as emails, personal information, debit card data, or access financial services.

To minimize these risks, it is necessary to protect the user’s identity to avoid fraud against their financial assets. 3G and Network measures are already deployed for smartphones, relying on several methods to protect data in transit. Unfortunately, these standards only work at the data-link and network layers, not at the application layer, which is most commonly used by individuals to conduct e-commerce transactions.

Some possible remediation:-

1. Tokenization, this technology has being implemented by some banks within the country for inter-bank fund transactions. It's based on multi-factor authentication method. For safe mobile banking transactions, users are encouraged to sign-up for multiple-authentication factor (Password and Hard token) to access their mobile banking platform. Even when mobile devices are stolen or accessed by unauthorized user, one is assured that access to banking profile will be minimal and safe.

2. Another viable option is to encrypt external data storage cards (SD cards), where most of personal and corporate information are kept. This will surely go a long way in securing data, as access to it will be highly restricted- the data can only be viewed on the mobile device used for the encryption.

3. Mobile Antivirus/Intrusion detection, there are several mobile antivirus apps that can be downloaded to prevent data leakages on our mobile devices.These free mobile security applications prevents the devices from being infected by virus and malware and also provide the much needed alerts when anomalies are noticed on our devices. Examples are Avast and McAfee mobile security apps to mention few.

On a closing note, mobile device owners have responsibility of protecting the 'data-ware' residing on their phones and in line with the current practice in advanced countries, IT and Telecommunication security practitioners in Nigeria to step up their games in ensuring we have an intrusion-free mobile service platforms.

Thank you

Engr. Oluseyi Basorun mnse,cissp