Mobile Security
Mobile Threats and Safety Risks
Mobile security, or more precisely the security of mobile devices, has become increasingly important in mobile computing. Of particular concern is the security of personal and business information now stored on smartphones.
More and more users and businesses rely on smartphones to communicate, but also to plan and organize their work, as well as their private life. Within companies, these technologies are leading to profound changes in the organization of information systems and have therefore become the source of new risks. Indeed, smartphones collect and compile an increasing amount of sensitive information, access to which must be controlled in order to protect the user’s privacy and the company’s intellectual property.
All smartphones, like computers, are prime targets for attacks. Such attacks exploit the inherent weaknesses of smartphones that can come from the communication mode – such as SMS, MMS, WiFi, Bluetooth, Private message exchange apps, etc. There are also techniques that address software vulnerabilities in the browser or operating system. Some malware even relies on the limited knowledge of the average user to compromise their device.
Security countermeasures have been developed and applied to smartphones, from security in the various software layers to the delivery of information to end users. They consist in the best practices to be observed at all levels, from design to use, through the development of operating systems, software layers and downloadable applications.
And what if your smartphone had been compromised?
- The attacker can manipulate the smartphone like a zombie machine, i.e. a machine with which he can communicate and send commands to that will be used to send unsolicited messages (spam) via sms or e-mail
- The attacker can easily force the smartphone to make phone calls to paid services that would increase the owner’s bill or even call emergency services to disrupt them.
- A compromised smartphone can record conversations between the user and others and send them to a third party. This can lead to user privacy breaches and industrial security issues;
- An attacker can also steal a user’s identity to impersonate him (with a copy of his sim card or even the phone itself). This raises security concerns in countries where smartphones are used to place orders, consult bank accounts or serve as identity cards;
- The attacker can prevent the smartphone from working and/or starting. This attack can either delete the startup scripts, resulting in a phone without a functioning operating system, or modify some files to make it unusable (for example a script that is launched at startup and forces the smartphone to reboot) or even integrate a startup application that would empty the battery;
- The attacker can delete all user’s personal data (photos, music, videos, etc.) or professional data (contacts, calendars, notes).
Certification defines the best mobile devices protection
Cell phone markets are becoming increasingly mature in terms of security. This security is based on the best practices of market players and on compliance with high-level security standards. Currently, this compliance is determined by the use of smartphones:
- FIDO certification for user authentication,
- EMVCo or equivalent for payment/banking,
- Protection of premium content or equivalent for the use of videos.
In addition, some mobile chip vendors provide CC EAL4+ (with AVA_VAN.5) certified products. This certification indicates a very high level of security, equivalent to smart cards.
How does Secure-IC help secure mobile devices?
To reach these certifications and build a secure solution, smartphone chip manufacturers are increasingly integrating security features into their products:
- Operating system with security features such as process isolation, file permissions or memory protection
- Resource monitoring (battery, memory usage, etc.)
- But also very low level security devices such as Secure Enclave or Secure Element (SE) with an extensive set of security features such as secure boot, key and certificate management, secure storage, security monitoring against tampering.
- As SIM cards become smaller and smaller, it has come to a point that they will be integrated directly into the device itself, but as they needed to be protected when in card form, so will they when integrated to the device. Secure-IC works hand in hand with Low-level OS providers in order to protect mobile devices.
Secure-IC’s SecuryzrTM solutions meets all security requirements for certifications and more generally for smartphones. For more than 10 years, Secure-IC has supported its smartphone chip manufacturer customers in defining the security architecture of their systems, validating their security level and providing security solutions ranging from IP cryptographic algorithms to integrated Secure Element through anti-tampering solutions
Do you have questions on this topic and on our protection solutions? We are here to help.