Tuesday, December 9, 2014

Security - Convergence of Mobility and Internet of Things


We all are aware of the fact that mobile technology is growing more disruptive and ubiquitous day-by-day and we rely on them for almost every aspect of our daily lives. Right from sharing content on social media to paying bills,performing banking transactions to taking selfies and from sharing locations to chatting with friends, we rely on our smartphones and tablets containing every type of personal data available.

With the advent of new paradigms like the Internet of Things, wearable data devices and smartphones are going to play a major role in our lives. All these devices will converge at one point which will make smartphones and tablets the nucleus in the landscape of our “connected world “.

Importance of Mobile Security :

Smartphones and wearable devices are to be given more importance when it comes to security for the following reasons :

  • They contain more personal data than desktops or laptops
  • The device itself can be easily stolen physically
  • The total number of devices is huge
  • Multiple interface options like bluetooth , GSM,IR,NFC,BLE,HTTP,USB , etc 
  • Smartphones are being used by enterprises for business related operations carrying sensitive enterprise data
  • For the above options they become attractive to the hacker



How much do we trust these mobile platforms to protect our personal and enterprise data? How secure is our data within these devices?
 Desktop platforms to mobile technologies are all prone to security vulnerabilities which can be categorized into the following areas:


  • Browser Level Attacks
    • Phishing
    • Click jacking
  • System Level Attacks
    • iOS jail breaking
    • Android rooting
    • OS data caching
  • Application Oriented Attacks
    • Sensitive data storage
    • Dynamic runtime injection
  • Network Based Attacks and Vulnerabilities
    • Packet sniffing
    • Session hijacking
    • DNS poisoning
  • Web Server Based Attacks 
    • Cross-side scripting
    • Cross-site request forgery
  • Database Based Attacks
    • SQL injection
    • Privilege escalation
    • Data dumping



Areas of Importance

When we are developing an enterprise application for a client who deals with sensitive data like that of mobile banking, healthcare, insurance, etc., we need to consider security attacks to tackle possible vulnerabilities.

In-App security

Covers security at the application level including data and resources by dealing with permissions, access privileges, code obfuscation, etc.

On-Device Security

Data inside the device is more important than the device itself. This deals with securing data stored on the device and data security in jail broken or rooted devices.

Transport Layer Security

Deals with securing the channel of communication between the mobile client and other nodes which can be middleware, backend, or any wearable device.

MEAP Area

Enabling security from a mobile middleware point of view. This deals with bringing in security to mobile enterprise application platforms.

Device/Handset Security

This area deals with security of the handset itself, what happens to the data when the device is lost, and how to prevent data theft after the device is in the wrong hands.

When a security architecture satisfies and covers all the above areas, then the application can be branded as highly secure and reliable. But for the modern days' device security one has to think and implement new paradigms and only then we can completely rely on the devices we use.

No comments: