Mobile Device Security – CompTIA A+ 220-1102 – 2.7

Our mobile devices include extensive security features. In this video, you’ll learn about screen locks, remote wiping, full device encryption, IoT security, and more.

If you use a mobile device, then you probably use some type of screen lock to limit someone from gaining access to the information contained within your mobile device. Depending on your mobile device, you may have a number of options available for unlocking that screen. You might be using facial recognition so you would use the cameras that are built into your mobile device to be able to look at your face confirm that’s you and unlock the device.

Or you might choose to use a personal identification number that only you yourself know. Some mobile devices also support the use of a fingerprint so that you can use something that’s part of you to be able to unlock the device. You can also use a swipe pattern to unlock the phone and that would obviously be something that only you knew. If someone does try to gain access to your mobile device through this lock screen and they try over and over with one failed attempt after another, eventually the system will react.

For example with iOS, everything on that device is erased after 10 failed attempts. If this is an Android device, it will lock itself by default and prompt you for your Google credentials. If you don’t provide those credentials, it will wipe everything on the phone. Many of our mobile devices include some type of locator application so that we can find our device if we happen to lose it or leave it at another location.

This is using the built in GPS capabilities on this device to bring up a map and show you exactly where that device may be located. Once you find the device, you can choose to play a sound get directions to where the device might be or display a message on the screen. And if you feel that you can’t retrieve this device, you can mark this device as lost and you can remotely erase everything that’s on that device. This will ensure that your personal data and everything else on that phone or tablet will not be accessible by anyone else.

In our discussion of Windows, Linux, and Mac OS, we constantly reminded you to keep those operating systems up to date with the latest versions. This same best practice applies to all of your mobile devices. So you want to be sure that your phones and tablets are also constantly updated. These patches will include security fixes so you can be assured that your systems will be as safe as possible. And they might also include enhancements or changes to the operating system itself.

On most of these mobile devices, the update process is turned on by default, so your system will automatically download the update and install it at a time that’s convenient for you. If you’re familiar with using BitLocker for full disk encryption on a Windows operating system, then you’re probably familiar with the full disk encryption options available for mobile devices. This encrypts all data on a mobile device, ensuring that a third party would not have some way to gain access to the data if they happen to physically be in control of your phone.

In iOS, this full device encryption capability is encrypted using the passcode associated with your account. In both iOS and Android, this full device encryption is already integrated into the operating system, and in most cases, is turned on by default. These mobile devices we use can be damaged or lost very easily so it’s always a good idea to have a backup of all of your data.

Fortunately, most of our mobile operating systems are designed to automatically provide an ongoing backup of all of your data. This means that you don’t have to start an application manually or remember to backup everything. Instead, your device is constantly backing up all of your data. This uses the wireless and mobile networks that you’re already connected to so you don’t even have to think about the process. It’s something that is automatically going to use whatever resources are available to back up your data.

This means if you lose the device or it becomes damaged, you can simply purchase a new device, log back into the new device, and all of this information that has been backed to the cloud is now brought down into the device and restored on your new system. Attackers know that you keep personal data on these mobile devices and they’re constantly trying to find ways to get into that device by using some type of malware or other vulnerability.

The closed environment that’s used by Apple’s iOS makes this process of finding vulnerabilities and having malware installed onto an iOS device difficult to manage. An attacker would need to find some type of vulnerability that hasn’t already been discovered to gain access to an iOS device. The Android operating system is a bit more open. You can install applications from any website you’d like, which means that an attacker could potentially have you download a Trojan Horse and install it onto your Android device.

In both of these cases applications run in a sandbox that’s inside of the operating system, which means they don’t have full access to all of the data or resources available on that mobile device. There are antivirus and anti-malware options available for both iOS and Android, so check your favorite App Store to see what may be available for your device. On most of our mobile devices, we are initiating data flows outbound from the device.

Very rarely would an application need to have inbound access to one of our mobile phones or tablets. That’s one of the reasons why running a firewall on a phone or tablet is not the default, and usually a firewall is not included with those operating systems. However, you may be able to find a firewall available in your favorite App Store. Most of these are available on the Android operating system, but none of them seem to be widely used across the board.

Where you might especially want to control these data flows is inside of an enterprise environment. And usually a mobile Device Manager can set policies on what type of access should be inbound or outbound from that device. Most companies will insist on this type of control for mobile devices, whether it’s a mobile device that was purchased by the company, or it’s one that is a user’s mobile device that they bring to work through a BYOD, which is bring your own device.

This brings up some challenges for maintaining security, especially on a single device that not only has a user’s personal data, but also an organization’s corporate data. As we’ve already mentioned, many organizations will use an MDM, or Mobile Device Manager, to provide security policies that run on that device. Policies can be configured for the type of apps that run on the device where the data is stored on that device, and what resources might be available depending on where you happen to be.

For example, if you are in the office, you may find that your camera doesn’t work. But when you leave the building, your camera works normally. In many cases, the system administrator can set up a partition or separation of data within your mobile device so that if you leave the organization they can delete the company’s data but leave all of your personal data intact.

This is also a great way to ensure that these systems will be secure because the administrator can set policies to always require screen locks and to require a personal identification number to gain access to the device. We are connecting more devices to the network than ever before. And if you’re at home or at work, you’ve probably seen IoT devices, that stands for internet of things.

An IoT device might be something like a sensor that’s in a room that’s used by your heating or cooling system, or perhaps the lighting that you use is controlled through network connections. You might also have other home automation features like doorbells or garage doors that are connected to the network, and you can raise or lower the garage door through an app that’s on your mobile phone.

Many of us use wearable devices that are constantly connected to us and to the network, and there might be other sensors connected to cooling systems or temperature controls within your building. All of these different and varied IoT systems are usually made by different manufacturers and work in different ways. This also means that each one of these devices could potentially contain vulnerabilities that might allow someone else to gain access to our network.

These organizations are very good at making video doorbells and temperature monitors, but they may not be well versed in the intricacies of IT security. For that reason, you might want to consider segmenting all of your IoT devices onto their own segment, which would have limited access to the rest of your network.