Assess and Mitigate Vulnerabilities in Mobile Systems

By Lawrence C. Miller, Peter H. Gregory

Mobile systems include the operating systems and applications on smartphones, tablets, phablets, smart watches, and wearables. The most popular operating system platforms for mobile systems are Apple iOS, Android, and Windows 10.

The vulnerabilities that are found on mobile systems include

  • Lack of robust resource access controls. History has shown us that some mobile OSs lack robust controls that govern which apps are permitted to access resources on the mobile device, including:
    • Locally stored data
    • Contact list
    • Camera roll
    • Email messages
    • Location services
    • Camera
    • Microphone
  • Insufficient security screening of applications. Some mobile platform environments are quite good at screening out applications that contain security flaws or outright break the rules, but other platforms have more of an “anything goes” policy, apparently. The result is buyer beware: Your mobile app may be doing more than advertised.
  • Security settings defaults too lax. Many mobile platforms lack enforcement of basic security and, for example, don’t require devices to automatically lock or have lock codes.

In a managed corporate environment, the use of a mobile device management (MDM) system can mitigate many or all of these risks. For individual users, mitigation is up to individual users to do the right thing and use strong security settings.