Home

Assess and Mitigate Vulnerabilities in Mobile Systems

|
|  Updated:  
2018-08-02 0:12:56
|   From The Book:  
CISSP For Dummies
Explore Book
Buy On Amazon
Mobile systems include the operating systems and applications on smartphones, tablets, phablets, smart watches, and wearables. The most popular operating system platforms for mobile systems are Apple iOS, Android, and Windows 10.

The vulnerabilities that are found on mobile systems include

  • Lack of robust resource access controls. History has shown us that some mobile OSs lack robust controls that govern which apps are permitted to access resources on the mobile device, including:
    • Locally stored data
    • Contact list
    • Camera roll
    • Email messages
    • Location services
    • Camera
    • Microphone
  • Insufficient security screening of applications. Some mobile platform environments are quite good at screening out applications that contain security flaws or outright break the rules, but other platforms have more of an “anything goes” policy, apparently. The result is buyer beware: Your mobile app may be doing more than advertised.
  • Security settings defaults too lax. Many mobile platforms lack enforcement of basic security and, for example, don't require devices to automatically lock or have lock codes.
In a managed corporate environment, the use of a mobile device management (MDM) system can mitigate many or all of these risks. For individual users, mitigation is up to individual users to do the right thing and use strong security settings.

About This Article

This article is from the book: 

About the book author:

Peter H. Gregory, CISSP, is a security, risk, and technology director with experience in SAAS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond. Larry and Peter have been coauthors of CISSP For Dummies for more than 20 years.

Lawrence C. Miller, CISSP, is a veteran information security professional. He has served as a consultant for multinational corporations and holds many networking certifications.