in

How Safe is Your Smartphone? ENISA Report Analyzes Security Risks

How Safe is Your Smartphone? ENISA Report Analyzes Security Risks - top government contractors - best government contracting event
Image: Elnur

How Safe is Your Smartphone? ENISA Report Analyzes Security Risks - top government contractors - best government contracting event
Image: Elnur

ENISA announced the publications of a report, Smartphones: Information security risks, opportunities and recommendations for users, designed to give an informed assessment of the information security and privacy risks of using smartphones.

Eighty million smartphones were sold worldwide in the third quarter of 2010. The report’s objective is to allow users to take advantage of smartphones, while minimizing the information security risks. The report also makes practical recommendations on how to address these risks. The report analyzes 10 information security risks for smartphone users and seven information security opportunities.

The smartphone risks:

1)  Data leakage: A stolen or lost phone with unprotected memory allows an attacker to access the data on it.

2) Improper decommissioning: The phone is disposed of or transferred to another user without removing sensitive data.

3) Unintentional data disclosure: Most apps have privacy settings, but many users are unaware (or do not recall) that the data is being transmitted, let alone know of the existence of the settings to prevent this.

4) Phishing: An attacker collects user credentials, using fake apps or messages (text messages or email) that seem genuine.

5)  Spyware: The smartphone has spyware installed, allowing an attacker to access or infer personal data. NB spyware includes any software requesting and abusing excessive privilege requests. It does not include targeted surveillance software.

6)  Network spoofing attacks: An attacker deploys a rogue network access point and users connect to it. The attacker subsequently intercepts the user communication to carry out further attacks such as phishing.

7)  Surveillance: Spying on an individual with a targeted user's smartphone.

8)  Diallerware: An attacker steals money from the user by means of malware that makes hidden use of premium text messaging services or numbers.

9)  Financial malware: Malware specifically designed for stealing credit card numbers, online banking credentials or subverting online banking or e-commerce transactions.

10)  Network congestion: Network resource overload due to smartphone use leading to network unavailability for the end-user.

The authors of the report are Dr. Giles Hogben and Dr. Marnix Dekker of ENISA. The full report can be found on ENISA’s website.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Government Technology

mm

Written by Neel Mehta

USIS Picks Michael Roberts to Head Training, Law Enforcement Division - top government contractors - best government contracting event
USIS Picks Michael Roberts to Head Training, Law Enforcement Division
Anonymous: An Online Gathering 'Fed Up' with Injustice - top government contractors - best government contracting event
Anonymous: An Online Gathering 'Fed Up' with Injustice