By Dr. Brett Miller, Faculty Member, Intelligence Studies, at American Military University
While sitting at the airport recently, it dawned on me just how attached people are to their mobile devices. Nearly every passenger sat fixated on a mobile device, not engaging with anyone.
It’s clear that technology has provided an incredible advantage in terms of efficiency in our day-to-day lives. However, such increased access and efficiency comes at a major price, specifically when it comes to the security of our personal information.
It is well known that security is only as strong as the weakest point. An organization can take great strides in providing security, but one misstep, loophole, or unaddressed vulnerability is often all it takes for an adversary to gain access. While gazing around the airport, I was reminded just how many weak points we have in our connected world.
This June, the mobile industry experienced a wake-up call when Swiftkey software, which is preloaded on Samsung devices, was found to be vulnerable to hijacking exploits. This one vulnerability put more than 600 million Samsung phones at risk.
According to NowSecure, a leader in mobile security, the exploit could allow hackers to do significant damage such as access GPS coordinates, install malicious apps without the user’s knowledge, and intercept text messages and voice calls.
How to Minimize Your Vulnerability
As we continue to become more ingrained in the digital world, individuals must be aware that each and every app has the potential to be the next Swiftkey. The security of a mobile device is only as strong as the app with the weakest security. This is extremely important for one reason: apps for mobile devices can be, and often are, developed by those who have no concept or interest in security.
While traditional software developers for PCs have come a long way in terms of providing integrated security, apps are often developed by individuals and/or small teams without the resources of a large software developer. Security is often the last consideration, if it is a consideration at all.
That is why it’s more imperative than ever for individuals to be cautious about the apps they install on their mobile devices. While I often have the urge to download an app that sounds enticing, I only download apps from reputable developers and that have been downloaded or are strongly recommended by a significant number of individuals. Obviously, there is no guarantee of total security. However, if you take a cautious approach to downloading apps, you can significantly reduce potential threats.
If taking a cautious approach is not enough for you, use Zscaler Application Profiler (ZAP). ZAP is a tool that analyzes traffic for both iOS and Android devices and calculates an overall risk score based on authentication, device metadata leakage, personally identifiable information leakage, and exposed content.
About the Author: Dr. Brett Miller is an intelligence professional having spent 20+ years within the national intelligence apparatus supporting mission-critical initiatives impacting national and international security. Additionally, Dr. Miller spent 8+ years as an educator teaching university-level courses in National Security, Homeland Security, Intelligence, Cyber, and Information Assurance. Dr. Miller holds a PhD in Business Administration, Masters of Strategic Studies, M.S. in Telecommunications and Computers, M.S. in Information Technology Systems Management, and a B.S. in Computer Science from Park University. He is a certified Intelligence Community Officer and a graduate of two of the Department of Defense’s most prestigious leadership programs: The U.S. Army War College and the Defense Leadership and Management Program (DLAMP). You can follow Dr. Miller on Twitter: @DrBrettAMiller