Since the start of the Smartphone revolution five years ago – maybe it is fair to say it was started by apple when they introduced their first generation iPhone- consumers outsourced many tasks from their PC’s to their smartphones and tablets. Many things that we normally did on our PC’s can be done now on our smartphones such as emails, internet browsing, searching and many more.

Who wouldn’t prefer to read an email in a snap using a smartphone that startup in seconds and not wait for the lengthy startup process of the Personal Computer especially windows based computers just to read an email and perform simple internet browsing. Moreover, smartphones are small, convenient and with capabilities that are comparable with some PC’s. We are not suggesting that personal computers are becoming obsolete yet, there are tasks that require bigger screens and larger processing power that can only be done on the computer especially at the work place.

If we look back at the start of the PC revolution, safety and security wasn’t the priority of those who pioneered the business of the personal computing and the companies who shaped that business such as Microsoft. The nature of the business and competition required them to concentrate on providing consumers with better and faster software and hardware before the next guy can. In the mixed of that, bad guys decided that they deserve a piece of the pie and they started to look for ways to exploit the system to hack it and score some gains. As a result of that software security and later cyber security fields were born and companies started to catch up to secure their products and their consumers. Smartphones are no different, as more consumers moving to smartphones and many software applications are being produced, security vulnerability will increase. Security become a major issue for smartphone users, service providers and manufacturers which will lead us to discuss the security vulnerabilities that faces smartphones and the possible fixes.

Smartphones Security Vulnerabilities

• The major security risks come form consumers habits and the way they use their devices. Users often don’t deploy the built in passwords system to authenticate and control access to data stored on their devices. Additionally, if users do use a password or PIN they often choose very weak passwords that can be easily determined or bypassed, such as 1234. In the event that those mobile devices are lost or stolen without passwords or PINs to lock the device, unauthorized users could view sensitive information and misuse the mobile devices.

• Have you wondered how secure were your online banking transactions when you accessed your bank account from your smartphone? Luckily almost all banking institutions use strong encrypted mechanism to transfer banking data from and to clients. However, wireless transmissions are not always encrypted and many applications do not encrypt data they transmit over the cellular and wireless networks such as emails.

• Malwares also can infect smartphones the same way they infect PC’s. Malwars are a security challenge for computer users as well as smartphone users when they download applications that contain malwares. When a user download an application such as a game, security patch and utility, the malware can be hidden within those applications . It is difficult for users to tell the difference between a legitimate application and one containing malware.

• What about a security and antivirus software for your smartphone? Mobile devices often do not use security software. Unlike personal computers smartphones don’t come with preinstalled security software that protect against viruses, malwares and spywares.

• Operating systems for smartphones don’t get regular security patches or fixes. It can take weeks to months before security updates are provided to consumers’ devices. For example, Google develops updates to fix security vulnerabilities in the Android OS, but it is up to device manufacturers to produce a device-specific update incorporating the vulnerability fix, which can take time if there are proprietary modifications to the device’s software. Once a manufacturer produces an update, it is up to each carrier to test it and transmit the updates to consumers’ devices.

• Internet connections mostly open for mobile devices without firewalls. Many mobile devices do not have firewalls to limit connections. Without a firewall, the mobile device may be open to intrusion through an unsecured communications port.

• The method of modifying the smartphone by jailbreaking or rooting with which users can remove the limitations on the device placed by the carrier to install new applications can cause a security risk. If the device is rooted it will lose the warranty from the carrier and will not receive security updates.

• Bluetooth can be unsecured communication if it left open or in discovery mode. A hacker could use the open channel to install malwares and trojans on the smartphone.

• Unsecured public wireless Internet networks or WiFi spots could allow an attacker to act as the man in the middle and intercept the transmitted data or connect to the device and view sensitive information.

What steps can we take to secure our smartphones?

• Try to enable the security access and authentication mechanism by placing a stronger PIN. Devices can be configured to require passwords or PINs to gain access.

• Download verified application only and from trusted sources who provide digital signatures.

• Install security software on your smartphone to scan applications and remove unwanted malwares and viruses.

• Install a firewall: A personal firewall can protect against unauthorized connections by intercepting both incoming and outgoing connection attempts and blocking or permitting them based on a list of rules.

• Install security updates: Software updates can be automatically transferred from the manufacturer or carrier directly to a mobile device.

• Enable a service to remotely disable lost or stolen devices. There are applications that can be purchased if they are not freely available that can remotely disable or lock your smartphone if it gets lost or stolen. In addition to locking the device the remote service can erase all data stored on the memory of the phone once that option requested by the smartphone owner.

• Use encryption to encrypt the data stored on the device and on the memory card.