Q1) Do a research on threats to security of our

smartphones and computer. Also enumerate way to

protect these devices.

Ans: 1) Data Leakage: Mobile apps are often the cause of

unintentional data leakage. For example, “riskware” apps pose a real
problem for mobile users who grant them broad permissions, but
don’t always check security. These are typically free apps found in
official app stores that perform as advertised, but also send personal
—and potentially corporate—data to a remote server, where it is
mined by advertisers, and sometimes, by cybercriminals. Data
leakage can also happen through hostile enterprise-signed mobile
apps. These mobile malware programs use distribution code native
to popular mobile operating systems like iOS and Android to move
valuable data across corporate networks without raising red flags.
To avoid these problems, only give apps the permissions that they
absolutely need in order to properly function. And steer clear of any
apps that asks for more than necessary. The September 2019
updates for Android and Apple iOS both added protocols to make
users more aware of it and why apps collect users’ location data.

2) Unsecured Wi-Fi:
No one wants to burn through their cellular data when wireless hot
spots are available—but free Wi-Fi networks are usually unsecured.
According to V3, in fact, three British politicians who agreed to be
part of a free wireless security experiment were easily hacked by
technology experts. Their social media, PayPal and even their VoIP
conversations were compromised. To be safe, use free Wi-Fi
sparingly on your mobile device. And never use it to access
confidential or personal services, like banking or credit card
information.

3) Network Spoofing:
Network spoofing is when hackers set up fake access points—
connections that look like Wi-Fi networks, but are actually traps—in
high-traffic public locations such as coffee shops, libraries and
airports. Cybercriminals give the access points common names like
“Free Airport Wi-Fi” or “Coffeehouse” to encourage users to connect.
In some cases, attackers require users to create an “account” to
access these free services, complete with a password. Because many
users employ the same email and password combination for multiple
services, hackers are then able to compromise users’ email, e-
commerce and other secure information. In addition to using caution
when connecting to any free Wi-Fi, never provide personal
information. And whenever you are asked to create a login, whether
for Wi-Fi or any application, always create a unique password.

4) Phishing Attacks:
Because mobile devices are always powered-on, they are the front
lines of most phishing attack. According to CSO, mobile users are
more vulnerable because they are often monitor their email in real-
time, opening and reading emails when they are received. Mobile
device users are also more susceptible because email apps display
less information to accommodate the smaller screen sizes. For
example, even when opened, an email may only display the sender’s
name unless you expand the header information bar. Never click on
unfamiliar email links. And if the matter isn’t urgent, then let the
response or action items wait until you’re at your computer.

5) Spyware:
Although many mobile users worry about malware sending data
streams back to cybercriminals, there’s a key threat closer to home:
Spyware. In many cases, it’s not malware from unknown attackers
that users should be worried about, but rather spyware installed by
spouses, co-workers or employers to keep track of their
whereabouts and activity. Also known as stalker ware, many of these
apps are designed to be loaded on the target’s device without their
consent or knowledge. A comprehensive antivirus and malware
detection suite should use specialized scanning techniques for this
type of program, which requires slightly different handling than does
other malware owing to how it gets onto your device and its
purpose.

6) Broken Cryptography:
Training materials, broken cryptography can happen when app
developers use weak encryption algorithms, or fail to properly
implement strong encryption. In the first case, developers may use
familiar encryption algorithms despite their known vulnerabilities to
speed up the app development process. As a result, any motivated
attacker can exploit the vulnerabilities to crack passwords and gain
access. In the second example, developers use highly secure
algorithms, but leave other “back doors” open that limit their
effectiveness. For example, it may not be possible for hackers to
crack the passwords, but if developers leave flaws in the code that
allow attackers to modify high-level app functions—such as sending
or receiving text messages—they may not need passwords to cause
problems. Here, the onus is on developers and organizations to
enforce encryption standards before apps are deployed.

7) Improper Session Handling:

To facilitate ease-of-access for mobile device transactions, many
apps make use of “tokens,” which allow users to perform multiple
actions without being forced to re-authenticate their identity. Like
passwords for users, tokens are generated by apps to identify and
validate devices. Secure apps generate new tokens with each access
attempt, or “session,” and should remain confidential. According
to The Manifest, improper session handling occurs when apps
unintentionally share session tokens, for example with malicious
actors, allowing them to impersonate legitimate users. Often this is
the result of a session that remains open after the user has navigated
away from the app or website. For example, if you logged into a
company intranet site from your tablet and neglected to log out
when you finished the task, by remaining open, a cybercriminal
would be free to explore the website and other connected parts of
your employer’s network.

What’s Next in Mobile Security Threats?

According to Harvard Business Review (HBR), despite becoming a
preferred target for hackers, mobile security is not prioritized
relative to network and computer security. Even within the mobile
ecosystem, HBR reported that security spending was chronically
underfunded relative to mobile app development. As our reliance on
mobile devices grows, so does the value of data, and thus, the
motivation for cybercriminals. In addition to the mobile security
threats we’ve just discussed, be alert for new threats focused on the
following three key impact areas:

Smising: Like phishing scams, cybercriminals attempt to trick people

into downloading malware, clicking on malicious links or disclosing
sensitive information. A Smising attack is launched through text
messages instead of email.

BYOD: As business users are granted high-level access from personal

mobile devices , smartphones and tablets are effectively replacing
desktops for many business tasks. However, personal mobile devices
don’t offer the same level of built-in security or control as the
organization-owned desktop computers they are replacing.

The Internet of Things (IoT): With the number of types of smart

devices—from RFID chips to thermostats and even kitchen
appliances—growing so quickly, they can’t always be monitored by
users or antivirus solutions. This makes IoT devices an attractive
target for hackers who use them as entry points to the larger
network.

What Can You Do to Safeguard Against Mobile Security Threats?

Mobile device security threats are both increasing in number and
evolving in scope. To protect devices and data, users must both
understand common threat vectors and prepare for the next
generation of malicious activity. A robust internet security
solution should provide comprehensive coverage that extends
beyond desktops and laptops, to protect mobile devices, IoT devices
and other internet connection points. Furthermore, your personal
network and devices need to be protecting during use when you are
not at home.