Securing Mobile Devices – CompTIA A+ 220-1002 – 2.8

We rely on our mobile devices to securely store our personal information. In this video, you’ll learn about the security technologies that are used in our mobile phones and tablet devices.

<< Previous Video: Workstation Security Best Practices Next: Data Destruction and Disposal >>

If you set down your phone, you don’t want to give someone else the opportunity to gain access to that mobile device. For that reason is very common to use screen locks. Screen locks may require a fingerprint for someone to gain access to the system, which means you would have to physically touch the device for that device to unlock.

These days, our mobile devices can even look at our faces and recognize that we are really the owner and to unlock the system when they happen to identify our face. Some mobile operating systems will even allow you to set a swipe pattern on the screen. So as long as you can repeat that pattern, you would gain access to the phone. There might also be a passcode involved, for example a personal identification number, or it may be a complex password you have to enter before gaining access.

Normally, a device is configured to only allow a certain number of unsuccessful attempts at unlocking the screen. For example, in iOS, after 10 failed attempts it will simply erase everything on the phone. And in Android, it will lock the device and require you to log into your Google account to regain access to that mobile device.

Our mobile phones are small devices and it can be very easy to lose track of them. Fortunately, our phones have built-in capabilities that allow us to find out exactly where they may be located. This is done through global positioning system radios, and it may also use 802.11 to help triangulate where it may be. This will allow you to find your phone and even endpoint the location on a map.

You can also have your phone make a sound which will allow you to listen for where that phone may be located. And if you aren’t able to gain physical access to the phone again, you could also wipe everything on the phone. By deleting all that data you know that no one else would gain access to it.

If you’re in a situation where you lose your phone or you have to delete all of the data on that phone, it’s important that you have a backup. These mobile devices are constantly moving, and so it becomes difficult to be able to get a backup from that particular device.

Fortunately, there is remote backup capabilities built into most of our mobile devices that allow us to backup constantly to the cloud. This isn’t something that you would have to manually start or even think about during the day. It’s an automatic process that keeps your system backed up wherever it may be. This isn’t using any wires. We don’t have to plug it into our computer. It’s simply using the 802.11 network that we’re connected to or it’s using the carrier network. This means if we lose our phone or we perform a remote wipe of the phone, we can purchase a new phone, put in our username and password for our cloud-based credentials, and then simply wait as all of our backed up information is restored to the new device.

As with our desktop systems, we have to be very concerned about viruses and malware for our mobile systems. For an operating system like Apple’s iOS, the environment is very closed. The operating system itself is tightly regulated, and it’s difficult for applications to be able to circumvent the security controls built into iOS. If malware wants to install itself on an iOS device, then it needs to find some vulnerability that Apple doesn’t already know about.

The Android operating system is a bit more open and allows you to install applications from any third party. Because of this, it might be a bit easier for malware to find its way into that operating system. Fortunately, the applications that run on these mobile operating systems run in a sandbox. That means the application only has access to the data that you allow it to have access to. An application won’t be able to access your contact list or go through your browsing history unless you specifically allow the application that level of access.

Although these mobile operating systems are relatively safe, it’s still important to maintain the updates and patches for these operating systems. There are still vulnerabilities that can be found, so security updates are an important thing to stay on top of. You want to be sure that your system is up to date with the latest version of software.

Your operating system will also have updates that make the operating system more stable and may provide additional features. And there are features built into the operating system that could automatically install these updates when they’re available.

On many mobile devices you can use a PIN code and gain access to the device, but we’re also combining different types of authentication factors. For example, you may use a face scan, a fingerprint scan, and a personal identification number to increase the security of these authentication methods. We tend to have our mobile device with us wherever we might go, so using biometrics as a way to authenticate makes perfect sense. But biometrics aren’t perfect, and people have found ways to circumvent the biometric readers that are on some of these mobile devices. So you want to be sure to use the right type of security, depending on what you want to secure on that mobile device.

Your phone can also act as an authentication factor for a third-party login. This is a pseudo random token generator that will create a code on your screen that you can then type in during the login process to confirm that you really do have that phone with you, and therefore you must be the right person to log into that account. We used to accomplish this by carrying around a physical token generator that we would connect to our keychain or have with us. But since we already have our phone with us, we can perform the same function in software on the phone and not have to carry around an additional hardware token generator.

We keep a lot of personal information on our mobile devices, so it’s important that we keep that data safe. And one way to keep it safe is to encrypt all of the data on these mobile phones. In iOS, all of your information is encrypted using your passcode as the encryption key. If someone doesn’t have the encryption key, then they don’t have access to any of your data.

A similar functionality can also be turned on in the Android operating system, where you can encrypt all of the data and make sure everything is safe no matter where your mobile device might be. If you’re running the Android operating system, you want to be very careful about the applications that you’re installing. These APK files can be downloaded from any third party, so it’s important to trust the person that you’re downloading and installing these files from.

In iOS, all of the files that you would install are curated first by Apple. They’ve examined the application, and they feel that the application is safe enough for all of their users to install. In Android, files can be installed directly from the Google Play Store or they can be installed from a third party. This is a process called side loading, and that’s usually where viruses and malware will find their way onto a mobile device.

When we think about security, very often we think of a firewall. But most mobile phones don’t include any type of firewall capability. Most of the activity on this mobile device initiates on the mobile device, so all of this is outbound traffic. There aren’t any services running on the mobile device that anyone would need to access from the outside.

There are a number of third-party applications that you can install on both iOS and Android, but very few of them seem to be very mainstream. Where you see a lot of firewalling occur for mobile devices is once the mobile device is in the enterprise, you’re able to filter out what mobile applications can go through your enterprise firewall and thereby protect the mobile devices that you have on the inside of your company.

Instead of having one mobile device that you use for personal use and a completely separate mobile device that’s used for business use, it’s very common for an organization to piggy back their data onto your personal device. This is called BYOD, or Bring Your Own Device, where your personal device is also used for work. This obviously brings up a number of challenges for the organization.

How do you allow a user to maintain the privacy and safety of their data while at the same time maintaining the safety of the company’s data? Often this is done using a third-party device which is called a Mobile Device Manager, or an MDM. This allows for centralized management of the mobile device, so that not only can you specify where data is stored on that device and how it’s protected, but you can also control different aspects of the device. For example, you can require that a passcode is used for the lock screen. Or you may be able to enable or disable the camera on the mobile device. This means that you only have to carry around a single device for both home and work use, and it also makes sure that the company is able to keep all of its data protected.