Improve Mobile Security

What is the single biggest threat to mobility in the workplace?  There isn’t one single threat, rather there are multiple threat categories that pose serious issue.  These range from Fake WiFi Networks, Malware Infections, Malicious Apps and Phishing Attacks. 

As more businesses embrace mobility to improve business processes, increase workplace productivity and enhance employee satisfaction, the risk transfers from traditionally IT managed infrastructure to consumer grade, largely unmanaged, mobility devices.  Add in mobile devices are used to access the multi-factor option of choice, because people are addicted to their smartphones, it’s easy to see why these devices are so desirable as an attack vector for Cyber Criminals.

Sources of Mobile Based Attack

What Cyber Criminals used to target via the desktop they are now targeting via mobile devices.  There are more vulnerabilities exposed in mobile endpoints compared to well managed IT infrastructure.  Over the last three years the number of major vulnerabilities and malware threats for mobile devices have almost tripled.  This results in increased credential theft, data leakage and fraudulent transactions.

A survey run by Enterprise Mobility Exchange reported that Fake WiFi networks were the predominate threat, followed by Malware Infections of mobile devices, Malicious Mobile Apps and Phishing Attacks.

Fake WiFi networks, often called honeypots, allow Cyber Criminals to steal credentials, browser history and perform Man-In-The-Middle attacks when users connect to them.  This is typically done by spoofing the web traffic for the websites the user visits.  Malware is often installed allowing the contents of the device to be read and enabling future theft of credentials and data.

Malware infections are typically a result of having downloaded a malicious app, downloading and opening message attachments from an email or SMS, downloading content from a website and having unpatched vulnerabilities.  Android smartphones are more vulnerable, as Google allows downloading of Apps from sources other than the official Google Play app store, and the core Operating System code is open-source. Even though Apple is a closed ecosystem they aren’t immune as the App store reviews have missed apps that were infected with Malware in the past.

Malicious Mobile Apps can be either outright malicious or introduce risk of compromise through adware, excessive permissions, or a dangerous combination of permissions.  They typically attempt to harvest account credentials or information that can be used in future attacks.  Excessive permissions can be used to intercept multi-factor authentication or send spam and phishing campaigns from your device.

Phishing attacks typically simulate well-known brands such as Banks, Retailers and Webmail, offering login portals that seek to capture specific service credentials or simply obtain email logins that are used in future credential stuffing attacks.

Make it Harder for Cyber Criminal to Exploit Your Mobile Devices

Encryption of your mobile device is critical.  Most zero-day threats require some form of jailbreak or root detection.  When your device is encrypted it acts as an additional layer of security that can help prevent zero-day threats.  By enforcing the use of a Passcode, you turn on encryption in iOS.  With Android there are some additional steps that need to be taken to ensure your device is encrypted.

Best Practices for Mobile Device Security

The following are recommended points to consider for protecting mobile devices, the sensitive credentials used from, and data contained on them:

  1. Be Clear in Your Policies, Procedures and Processes
  2. Make Strong Passwords Mandatory and conform to your Password Policies
  3. Incorporate Biometrics at the OS and Application Levels
  4. Block known Malicious Apps
  5. Encrypt Mobile Devices
  6. Prevent Public WiFi Use
  7. Budget for Mobile Security (it shouldn’t be an afterthought)

So, does Click Studios now Provide Mobile Security?

Well….no.  The point of this blog is to point out that Cyber Criminals are increasingly targeting selected users’ mobile devices.  The security on these devices tends to be less stringent than on business managed desktops and the majority of users still don’t associate the use of mobile devices with an increased risk of targeted attacks.

With the release of Passwordstate V9 we are providing native iOS and Android Apps that allow access to your Passwordstate credentials.  While these apps are secure, and have been application penetration tested, only you know the state of your mobile device cyber hygiene.  We highly recommend following Cybersecurity Practices to maintain good cyber hygiene and the use of a Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) solution for protection and management of your mobility devices.

And don’t forget, when it comes to generating strong passwords that meet your Password Policies, storing them securely and sharing them amongst your team, you can rely on Passwordstate,   the web-based solution for Enterprise Password Management used by more than 29,000 Customers and 370,000 Security & IT Professionals globally.

As always, we welcome your feedback via