Professional Documents
Culture Documents
By
Jim Palazzolo
Abstract
development language and other languages that allow for network application development, an
individual or an organization has the ability to connect anywhere on the globe with a mobile
device. Mobile devices have become common among individuals and organizations. Smart
phones and Personal Data Assistants now have the ability to interface with multiple networks;
and take advantage of cloud computing. The robust features allowed through these devices also
come with inherent risks as well. As new devices are created, new vulnerabilities arise to be
exploited. This essay covers the overview of mobile devices, new security standards, and
applications that help to mitigate the risks involved with mobile computing.
OVERVIEW AND ASSESSMENT OF MOBILE SECURITY
3
As computers move from a Local Area Network based systems to a Wireless based
network system, the use of mobile computing has been on the rise. In response to this growth,
cellular devices that were originally designed to only handle voice data streams, now have the
ability to handle complex network protocols. One example is smart phones developed with the
Many of these devices are Java language capable, a language that is widely used in many internet
applications. All of the devices have some form of keyboard integrated with the device allowing
the user text input. The reality is that the laptop computer is slowly being replaced by smaller
cellular devices or more robust Personal Data Assistants (PDAs). This transition reduces the
costs for the consumer to enter into this powerful technology, as well as increase the overall
Some mobile device manufacturers have also offered the source code to the device for
public use. This has generated a second industry for the development of applications that can be
directly downloaded to the mobile device. Private and commercial users now have the ability
through third party application development to tailor their mobile device to their needs.
However, not all mobile devices have the ability to customize their application base. As a result,
the devices that do not have application customization are slowly being phased out of the market
Due to the wide spread dissemination of this technology to the common user, the attack
surface for malicious behavior grows exponentially. It is common knowledge within the
information technology security community, that more attacks will target systems with a larger
number of systems at its base as opposed to architecture with a smaller number of systems at its
base. Therefore with this common body of knowledge it is the researcher’s opinion that mobile
devices will become a viable attack surface for malicious behavior. In 2006 writer Joseph C.
Panettieri stated:
“More than 100 viruses now target smart phones running mobile operating systems from
Research in Motion Ltd. (www.rim.com), to name a few. Imagine if those viruses could
infiltrate a WiFi Connection and crawl from students’ smart phones onto your school’s
servers, desktops, and notebooks, contaminating your districts most critical data”
(Panettieri, 2006).
It is the researcher’s opinion that recent innovations have made this concept a reality. By
empowering individuals to develop applications with open source technology, the dissemination
of such information has helped to grow the number of malicious applications targeting mobile
devices.
“This is a particular problem because wireless devices, including smart cellular phones and
personal digital assistants (PDAs) with Internet access, were not originally designed with
It is the researcher’s opinion that the above statement reinforces the idea that: those who wish to
do harm will look for areas with lower risk of being caught. Typically such areas are those with
Although the risks to security in mobile devices are increasing, other innovations have lead
to the use of mobile devices as security tools. The National Institute of Standards and
Technology has recently recognized the use of Intrusion Detection Systems as software agents
on mobile devices (Jansen, Mell, Karygiannis, & Marks, 1999). There are several IDS agents of
various performance levels being developed. The following is a list provided through the NIST
Hummingbird:
While the system uses some agent technology, the agents are not autonomous,
nor are they mobile. Only the data collection is distributed and control remains
having different security domains (Jansen, Mell, Karygiannis, & Marks, 1999). \
Marks, 1999).
o “AAFID employs a hierarchy of agents. At the root of the hierarch are monitors,
which provide global command and control and perform analysis of information
flowing from lover level nodes. At the leaves are agents that collect event
Both the Hummingbird and AAFID systems have the ability to detect anomalies within a
network. As more mobile devices are attached to networks via VPN, satellite, and the internet
there are growing demands to monitor this traffic for malicious behavior. These applications can
also be distributed to mobile devices as a client application connecting them to the host
application. Through this connectivity entities have the ability to monitor their mobile traffic.
Recent developments in mobile security have also lead to the creation of guidelines
distributed by the National Institute of Standards and Technology. Special Publication 800-124
address security issues revolving around mobile devices, and provides a rough outline on how to
develop a security framework for such devices (Jansen, & Scarfone, 2008). However, Special
Publication 800-124 does not elaborate on any specific software agent or device platform.
Conclusion
The use of mobile computing is on a steady incline, as mobile devices become more
powerful and robust. The attraction of mobile computing and cost reduction make these devices
and obvious choice for both individuals and organizations. However, like any new
developments there are inherent risks involved. In the case of mobile computing it can be seen
that their initial developments did not include security as a top priority. Therefore exploits of
OVERVIEW AND ASSESSMENT OF MOBILE SECURITY
7
known vulnerabilities began to rise to public attention. However, the developers of mobile
devices are not entirely to fault for the number of malicious attacks targeting their devices. The
ability for individuals to connect to the internet has left a large portion of the fault on the
consumer as well. With common public knowledge of social engineering, and warnings about
the safe use of social networks, individuals as well as organizations still participate in behavior
that exposes them to increased amounts of risk. However, misuse and lack of security
development in initial products will not stop the flow of mobile devices into the public and
private sectors of the economy. Conversely the dilemma of security regarding mobile devices
allows for the natural creation of an industry centered on mobile devices. It is the writer’s
opinion that the initial lack of security has created both positive and negative effect on the
consumer. It is also the writers opinion that both of these effects have created increased
awareness on the proper handling of mobile devices, as well as industry revenues in the creation
References
Panettieri, J. (2006). Don't be out'smarted: the new breed of smart mobile phones will soon pose
the biggest danger to your data security. software companies are gearing up to nullify the
Miller, K. (2001). Facing the callenge of wireless security. The IEEE Computer Society, 34(7),
16-18, doi:10.1109/2.933495.
Technology, (1999). Applying mobile agents to intrusion dection and response (NIST
Technology.
Jansen, W, & Scarfone, K. National Institute of Standards and Technology, U.S. Department of
Commerce. (2008). Guidelines on cell phone and pda security (Special Publication 800-