skip to main content
10.1145/1940941.1940971acmotherconferencesArticle/Chapter ViewAbstractPublication PagesinfoseccdConference Proceedingsconference-collections
research-article

Managing smart phone security risks

Published: 01 October 2010 Publication History

Abstract

Smart phones, their operating systems and security characteristics have rapidly evolved as has the reliance upon them by organizations to conduct business. The unusual mix of personal and business use for smart phones as well as their unique combination of capabilities creates a number of challenges to managing their risk. This paper explores the types and nature of threats to the organization from the use of smart phones along with controls, available security software and tools. The current state of corporate smart phone security programs and policies is examined. Smart phone security policy considerations are discussed and recommendations are made for building a smart phone security program.

References

[1]
Banks, L. 2010, May 13. Mobile devices pose security dilemma for CIOs. CIO.com. Retreived June 7, 2010 from http://www.cio.com.au/article/346474/mobile_devices_pose_security_dilemma_cios/
[2]
Bickford, J., O'Hare, R., Baliga, A., Ganapathy, V., and Iftode, L. 2010, Rootkits on Smart Phones: Attacks, Implications and Opportunities. In Proceedings of the Eleventh Workshop on Mobile Computing Systems and Applications (Annapolis, Maryland, Feb 22--23, 2010) Hotmobile '10. ACM, New York, NY, 49--54. DOI= http://doi.acm.org/10.1145/1734583.1734596.
[3]
Botha, R. A., Furnell, S. M., and Clarke, N. L. 2009. From desktop to mobile: Examining the security experience. Computers & Security, 28, 130--137.
[4]
Cox, J. 2009, November 9. Smartphones on Wi-Fi vulnerable to security attack. NetworkWorld Asia. Retreived June 7, 2010 from http://www.networksasia.net/content/smartphones-wi-fi-vulnerable-security-attack?src=related
[5]
Cox, J. 2009, March. Mobile browsers do security no favors. Network World, 26(10), 1,32.
[6]
Davis, A. 2006. Information security can enable mobile working. Infosecurity Today, 3(4), 42.
[7]
Dreger, R., and Moerschel, G. 2008, October. Inside Smartphone Security. InformationWeek, (Oct. 6, 2008) 34, 37--39.
[8]
Dunning, J. P. 2010. Taming the blue beast a survey of Bluetooth based threats. IEEE Security & Privacy, 8(2), 20--27.
[9]
Emm, D. 2006. Mobile malware -- new avenues. Network Security, 2006(11), 4--6.
[10]
Ernest-Jones, T. 2006 Pinning down a security policy for mobile data. Network Security, 2006(6), 8--12.
[11]
Friedman, J., and Hoffman, D. V. 2008. Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses. Information Knowledge Systems Management, 7, 159--180.
[12]
Fitzgerald, J. 2009. Managing mobile devices. Computer Fraud & Security, 2009(4), 18--19.
[13]
Gold, S. 2010. Why WPA standards won't protect your network. Infosecurity, 7(1), 28--31.
[14]
Goodchild, J. 2009, July 15. Network managers beware: more infected devices are coming to connect. NetworkWorld Asia. Retreived June 7, 2010 from http://www.networksasia.net/content/network-managers-beware-more-infected-devices-are-coming-connect?src=related
[15]
Goode, A. 2010. Managing mobile security: How are we doing? Network Security, 2010(2), 12--15.
[16]
Jacobsson, S. 2010, June 7. iPhone security flaw: Using a PIN won't help you. NetworkWorld Asia. Retreived June 7, 2010 from http://www.networksasia.net/content/iphone-security-flaw-using-pin-wont-help-you.
[17]
Janson, W. and Scarfone, K. (2008). Guidelines on cellphone and PDA security: Recommendations of the National Institute of Standards and Technology NIST Special Publication 800-124. Gaithersburg, MD.
[18]
Messmer, E. 2010, March. Cisco outlines new plan for securing mobile, cloud apps: Cisco AnyConnect promises advancements over current VPNs. Network World (Online), Retrieved June 19, 2010, from ProQuest Computing. (Document ID: 1978009891).
[19]
Nemati, H. 2008. Information Security and Ethics: Concepts, Methodologies, Tools, and Applications. Information Science Reference, Hershey, PA.
[20]
Oberheide, J. and Farnam, J. 2010. When Mobile is Harder Than Fixed (and Vice Versa): Demystifying Security Challenges in Mobile Environments. In Proceedings of the Eleventh Workshop on Mobile Computing Systems and Application (Annapolis, Maryland, Feb 22--23, 2010). Hotmobile '10. ACM, New York, NY, 43--48. DOI= http://doi.acm.org/10.1145/1734583.1734595.
[21]
Potter, B. 2007. Mobile security risks: ever evolving. Network Security, 2007(8), 19--20.
[22]
Prince, B. 2010, June 7. Malware Hidden in Windows Mobile Applications. Eweek. Retrieved June 17, 2010 from http://www.eweek.com/c/a/Security/Malware-Hidden-in-Windows-Mobile-Applications-424076/
[23]
Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., and Glezer, C. 2010. Google Android: A Comprehensive Security Assessment. IEEE Security & Privacy, 8(2), 35--44.
[24]
Tabourin, P. 2010. Security, control and management: Mobile data in a multi-agency/jurisdiction environment. Law Enforcement Technology, 37(2), 72, 74--76.
[25]
Tarasewich, P., Gong, J., Fiona Fui-Hoon, N., and DeWester, D. 2008. Mobile interaction design: Integrating individual and organizational perspectives. Information Knowledge Systems Management, 7, 121--144.
[26]
Viega, J. and Michael, B. 2010. Guest Editors' introduction: Mobile device security. IEEE Security & Privacy, 8(2), 11--12.
[27]
Weippl, E. R. and Riedl, B. 2009. Security, Trust, and Privacy on Mobile Devices and Multimedia Applications. In I. K. Ibrahim (Ed.), Handbook of Research on Mobile Multimedia Second Edition, Information Science Reference, Hershey, PA, 115--131.

Cited By

View all
  • (2024)Mobile Technologies at Risk: A Literature Review on the Evolving Challenges and Solutions in Mobile Technology SecurityScientific Bulletin10.2478/bsaft-2024-001629:1(151-162)Online publication date: 7-Jun-2024
  • (2021)Systematic Literature Review on Organizational Cyber Security Deficiency in Mitigating Mobile Device Risk2021 International Conference on Computer Science and Engineering (IC2SE)10.1109/IC2SE52832.2021.9791959(1-9)Online publication date: 16-Nov-2021
  • (2020)The security of mobile business applications based on mCRMProceedings of the 18th International Conference on Advances in Mobile Computing & Multimedia10.1145/3428690.3429155(179-186)Online publication date: 30-Nov-2020
  • Show More Cited By

Recommendations

Reviews

Brad D. Reid

This excellent paper provides a wake-up call to managers and security professionals. Smartphones are handheld computers with unique security challenges. As the author notes, "The greatest danger lies in inappropriate user behavior fed by the mixing of personal and business use." For this reason, managers and security professionals must educate as well as regulate. Smartphones are becoming more powerful and adaptable. Consequently, they are increasingly at risk of being targeted by hackers and malware. This paper gives several examples of attacking viruses, including Cabir and Duts. Smartphones can be compromised in a variety of ways, including direct hacker attacks, communications interception, theft, and loss. In a six-month period in 2010, over 31,000 smartphones were left in New York City taxis. In addition, careless or intentional employee behavior compromises smartphones. A brief but well-written overview of controlling access to smartphones reviews the major protocols for preventing intrusion or data compromise. For example, sandboxing applications restrict the code's access to system files and services rather than verifying the code's integrity. The overview of securing communications defines and briefly reviews major encryption and privacy methodologies. This paper defines these well in a very brief treatment. The paper also reviews the state of mobility security planning and the 2008 recommended National Institute of Standards (NIST) recommendations for mobile handheld device security. It provides a very good discussion of the security characteristics of smartphones, and outlines the steps for building a smartphone security program. These steps include risk assessment and analysis, documenting policies and training end users, adopting a smartphone management system, setting base-level security software requirements, and giving special consideration to those phones at highest risk. Developing a smartphone security program begins with changing attitudes. This is a fine introduction, with references to additional papers that address this unfolding issue. The paper is an excellent tool to raise awareness and inspire smartphone security consideration. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
InfoSecCD '10: 2010 Information Security Curriculum Development Conference
October 2010
187 pages
ISBN:9781450302029
DOI:10.1145/1940941
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • KSU - CISE: KSU Center for InfoSec Education
  • ISSA: The Metro Atlanta Information Systems Security Association

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. security policies
  2. smart phones

Qualifiers

  • Research-article

Conference

InfoSecCD '10
Sponsor:
  • KSU - CISE
  • ISSA

Acceptance Rates

Overall Acceptance Rate 18 of 23 submissions, 78%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)24
  • Downloads (Last 6 weeks)4
Reflects downloads up to 11 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Mobile Technologies at Risk: A Literature Review on the Evolving Challenges and Solutions in Mobile Technology SecurityScientific Bulletin10.2478/bsaft-2024-001629:1(151-162)Online publication date: 7-Jun-2024
  • (2021)Systematic Literature Review on Organizational Cyber Security Deficiency in Mitigating Mobile Device Risk2021 International Conference on Computer Science and Engineering (IC2SE)10.1109/IC2SE52832.2021.9791959(1-9)Online publication date: 16-Nov-2021
  • (2020)The security of mobile business applications based on mCRMProceedings of the 18th International Conference on Advances in Mobile Computing & Multimedia10.1145/3428690.3429155(179-186)Online publication date: 30-Nov-2020
  • (2020)Exploring the human factor in cyber-enabled and cyber-dependent crime victimisation: a lifestyle routine activities approachInternet Research10.1108/INTR-10-2019-0400ahead-of-print:ahead-of-printOnline publication date: 23-Jun-2020
  • (2019)Information communication technology-enabled instrumental activities of daily living: a paradigm shift in functional assessmentDisability and Rehabilitation: Assistive Technology10.1080/17483107.2019.165029815:7(746-753)Online publication date: 16-Aug-2019
  • (2018)Security Aspect in Instant Mobile Messaging Applications2018 Recent Advances on Engineering, Technology and Computational Sciences (RAETCS)10.1109/RAETCS.2018.8443844(1-5)Online publication date: Feb-2018
  • (2017)I Like It, but I Hate ItProceedings of the 33rd Annual Computer Security Applications Conference10.1145/3134600.3134629(212-224)Online publication date: 4-Dec-2017
  • (2016)Leakage Detection and Risk Assessment on Privacy for Android Applications: LRPdroidIEEE Systems Journal10.1109/JSYST.2014.236420210:4(1361-1369)Online publication date: Dec-2016
  • (2016)A Framework for Third Party Android Marketplaces to Identify Repackaged Apps2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech)10.1109/DASC-PICom-DataCom-CyberSciTec.2016.93(475-482)Online publication date: Aug-2016
  • (2015)Security awareness and adoption of security controls by smartphone users2015 Second International Conference on Information Security and Cyber Forensics (InfoSec)10.1109/InfoSec.2015.7435513(99-104)Online publication date: Nov-2015
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media