Smartphones are particularly vulnerable to a myriad of security threats. Many of these threats are unknown to most consumers and often go unnoticed by the security community.
This leaves many mobile platforms with security holes that are not patched by vendors before being released. Mobile application security assessments and mobile application security testing are two sectors of IT security that need to be utilized in order to improve the security posture of mobile applications before being released to the end user.
Many security threats are related to the transmission of data to and from mobile devices and encryption strength. Smartphones can operate along multiple bands of cellular frequencies, including 1G, 2G, 3G, and 4G.
Matthew Green (2013) notes that each of the older telecommunication protocols utilize the GSM digital protocol for call encryption between the caller and the local tower, using an outdated symmetric key cryptosystem. This system does not use mutual authentication and uses a broken algorithm that is easily compromised.
In contrast to outdated telecommunication standards, more recent cellular protocols, such as 3G/4G/LTE, utilize the newer 3G/LTE standards which provide mutual authentication between the caller and the local tower (based on the authentication and key agreement protocol), along with using more advanced encryption algorithms, such as KASUMI, a symmetric block cipher.
In addition to cellular data transmission, smartphones allow one to connect to Wi-Fi hotspots in order to connect to the internet. Regardless of the type of authentication protocol used, connections to public hotspots create a myriad of security problems when the system is not managed correctly. The following list highlights some of these issues.
- Many public Wi-Fi hotspots do not properly encrypt data, and many more make it easy for hackers to use packet sniffers to capture and view wireless plaintext data.
- Most carriers configure and ship smartphones to connect automatically to the carrier’s Wi-Fi hotspot-network when in range, and also configure mobile devices to automatically reconnect to hotspots that have been utilized in the past. These situations allow a malicious person to mimic a Wi-Fi hotspot by using an identical SSID, which results in mobile devices automatically connecting to the fake hotspot without authentication and without any warning to the end-user. Plaintext data is then sniffed.
- Malicious people can create “evil twins,” fraudulent Wi-Fi access points that are often named with an SSID identical to popular public hotspot SSIDs. That tricks unsuspecting consumers into connecting to a false access point, where plaintext data is sniffed.
Astonishingly, as stated by NowSecure (2016), roughly 40 percent of mobile users routinely connect to public hotspots which are often unencrypted and not secure.
It is important to note that even when using an trusted Wi-Fi hotspot, both leaky background apps and the opening of certain apps (that send data over the 4G/LTE band) allow for cellular interception. Just like phone calls can be intercepted via GSM interceptors and IMSI catchers, so radio scanners can sniff unencrypted traffic.