Browse Definitions :
Definition

mobile device attack

Contributor(s): Eric B. Parizo, Ivy Wigmore

A mobile device attack is an exploit targeting handheld communications devices, such as smartphones and tablets.

Ed Skoudis, founder and senior security consultant of InGuardians, a security consulting firm, describes one scenario: "Bad guys are going to the Android Marketplace, pulling down an app, building a backdoor into it and selling it in another Android app store for a lower price."

As with other types of device attacks, the ultimate target is usually a network rather than the device itself. If a corporate network is not secure, access can be simple. Errata Security CTO Dave Maynor described a potential exploit: An attacker mails an iPhone with a high-capacity battery to the target organization. If the corporate network allows ad-hoc connections for employee's wireless devices, the attacker can connect to the network and access any information available to authorized users.

To protect the corporate network from such attacks, Skoudis recommends that corporations develop mobile security policies and evaluate mobile apps before allowing them. Skoudis also recommended that businesses develop a robust, secure wireless infrastructure, with a segmented wireless network dedicated solely to any mobile devices not deployed by the enterprise.

 

This was last updated in August 2012

Continue Reading About mobile device attack

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...

SearchSecurity

  • identity provider

    An identity provider is a system component that is able to provide an end user or internet-connected device with a single set of ...

  • firewall

    A firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or leave a ...

  • encryption

    Encryption is the method by which information is converted into secret code that hides the information's true meaning. The ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

SearchStorage

Close