Drastic increase of security vulnerabilities and exploits in operating systems for mobile devices, e.g., Android, iOS, Windows Mobile, Symbian, has been reported since 2009.
Attacks, especially those using viruses, worms and similar malware, have been relatively confined to desktop PCs, laptops and servers but are now more and more spreading into mobile platforms.
The main reason for this trend, according to the Co-founder/COO, Digital Encode Limited, Dr. Adewale Peter Obadare, is their widely adopted usage and the fact that mobile devices are starting to become more and more similar to classic PC-like computers in terms of performance as well as field of application.
Dr. Obadare, was represented by the Senior Consultant, Digital Encode, Mr. Oluwafemi Obadare, at the Mobile and Disruptive Technology Forum (#MoDiTECH2019), organised by TechEconomy.ng.
Speaking on the topic: “Securing Your Mobile Devices Against Cyber Attacks”, he said that a side-effect is the increased probability of being exposed by malware, stressing that with every new generation of mobile devices, especially in the smartphone and tablet sector, the performance regarding CPU, memory and network bandwidth is increased. “This makes mobile devices an attractive target for attackers”, Obadare said.
Mobile phone fraud is not a new topic and today’s mobile security reflects the industry’s experience of fighting against fraud.
He further listed that Nigerians and other mobile devices users across the globe face today. These are; Mobile Devices Cyber Threats, Mobile Ransomware, Botnets, Malicious Apps, Data leakage, Unsecured WiFi, Network spoofing, Phishing and Broken cryptography.
Obadare warned that any digital asset can be digitally invaded if there is an issue with any of the factors: “ADIO” an acronym for Architecture, Design, Implementation and Operation.
With particular reference to Mobile Payment, he said that mobile payment services need a complex architecture involving many players with different roles. Thus, “In order to make a complete risk assessment it’s important to analyze the entire mobile payment ecosystem.
He enumerated some Mobile Payment Attacks:
“Man-in-the-middle attacks – applications may use higher-layer cryptographic protocols such as SSL to establish a secure channel on top of the NFC standard.
“Eaves dropping – by interception of the communication; Take over – is related to the impersonation attack. The take over of what is expected from a customer perspective but dealing with a different entity and Data modification – it is relatively easy to alter data as a lot of mobile applications are doing client side validation instead of server side validation”.
Obadare also offered urged stakeholders on Counter Measures to adopt.
According to him, the Governance has a major role to ensure Mobile Payment Solution Providers (MPSPs) implement a formal security policy for mobile payment services which is subject to periodic review, monitoring and challenge.
“Risk assessment is important. Mobile Payment Solution Providers (MPSPs) should identify and assess risks on an ongoing basis (supported by a formal policy and strategy) in order to ensure the security of mobile payments and ancillary services, but also prior to establishing the service(s). Security incident monitoring and reporting
“The MPSPs should also ensure the consistent and integrated monitoring, handling and follow-up of security incidents, including security-related customer complaints, amongst others.
Offering other Mobile Devices Security tips, he said,
“Set a password on your mobile device so that if it is lost or stolen, your data is more difficult to access. One of the biggest security risks is old fashioned carelessness. Data is most often taken from mobile phones when they’re lost or stolen and aren’t protected by a password. It’s an open invitation for thieves to go rummaging around.
“Download from trusted sources: Before downloading an app, conduct research to make sure the app is legit. This includes checking reviews, confirming the legitimacy of the app store and comparing the app sponsor’s official website with the app store link to confirm consistency. Many apps from untrusted sources contain malware that once installed – can steal information, install viruses, and cause harm to your phone’s contents.
“Install antivirus and anti-malware on your phone and be careful of free wifi.
No doubt, Digital Encode as a ‘Centre for Information Security Intelligence (CISI)’ in close to two decades of operations, has reached various milestones in information security, risk management and other consulting prowess in Nigeria, Africa and indeed the world.
The Company is part of sponsors of #MoDiTECH2019.