OCU C)OST B Discussion Lesson 10

Emerging vulnerabilities on mobile devices include malicious apps, phishing attacks, and unsecured Wi-Fi networks. Malicious apps can steal personal information or take control of the device, so users should only download apps from trusted sources and keep their apps and operating systems updated. Phishing attacks trick users into providing sensitive information; hence, users should be cautious of unsolicited messages and use filtering tools to block phishing attempts. Unsecured Wi-Fi networks expose devices to attacks like man-in-the-middle attacks, so users should avoid using public Wi-Fi for sensitive transactions and use a VPN to ensure secure connections.

For physical devices, vulnerabilities include unauthorized physical access, hardware tampering, and theft of devices. Unauthorized access can lead to data theft, so implementing access control measures such as biometric scanners or secure locks is essential. Hardware tampering can compromise device integrity, so using tamper-evident seals and regularly inspecting devices for tampering is crucial, along with securing hardware in locked enclosures. Theft of devices can result in data loss, so using security cables or locks to secure devices, and enabling device tracking and remote wipe capabilities, can help mitigate this risk.

Emerging vulnerabilities in both mobile and physical devices are increasingly common with each passing day that technology advances. Three important vulnerabilities and their respective countermeasures are as discussed here.

Mobile Device Malware and App-Based Threats

Mobile devices are being increasingly targeted by malware, which can be used to extract sensitive data, track users through GPS, or control the device functions remotely. Applications with poor design may allow malware and spyware to attack the users. Countermeasures include patching the latest updates in the operating system, installing only trusted applications, and multi-factor authentication to prevent unauthorized access. (ISACA, 2023).
Vulnerabilities of Firmware in Medical Devices

These are particularly hit by firmware vulnerabilities, up 437% this year. Such vulnerabilities could result in unauthorized access and, on the other side, theft of data or even putting life in danger when critical medical devices are compromised. The risk associated with all these can be minimized by periodic updating of firmware, software supply chain security, and periodic vulnerability assessments by the healthcare provider. Health-ISAC, 2023
Physical Device Tampering

Physical devices may include smartphone-attached credit card readers that are susceptible to tampering techniques, such as skimming, which will allow them to steal any paying information. Herein, various physical measures would be required to encrypt stored data, use tamper-resistant devices, and forms of physical locks or other barriers against unauthorized access to the device. ISACA, 2023.
These can be drastically cut down by updating the software with patches and enhanced firmware, deploying robust encryption, and multi-factor authentication. The users will consequently ensure that their sensitive information is secured.

References

Health Information Sharing and Analysis Center (Health-ISAC). (2023). Exploitable vulnerabilities that expose healthcare facilities surged nearly 60% since 2022. Retrieved from <https://h-isac.org&gt;
ISACA. (2023). Mobile computing device threats, vulnerabilities and risk are ubiquitous. Retrieved from <https://www.isaca.org&gt;

Some emerging vulnerabilities on mobile devices include the presence of mobile ransomware – a type of malicious software that encrypts files on a mobile device and then demands a ransom payment to decrypt them. Another concern is browser exploits, which capitalize on security flaws in a mobile browser or in other applications that interact with the browser, such as PDF readers. Furthermore, malicious apps can pose a threat by requesting more permissions than necessary, stealing sensitive information, or installing malware. They can also deceive users by masquerading as safe or well-known apps to gain permission to access sensitive data.

Mobile devices have vulnerabilities that can allow hackers access to sensitive information. Improper credential usage is a vulnerability that leaves user data accessible. This occurs when credentials are used incorrectly or are hardcoded. (Asee 2023) insufficient input and output validation is a vulnerability that does not validate data input from outside sources. When the incoming data is not validated, hackers can access sensitive data. Another vulnerability mobile devices face is inadequate privacy control. Inadequate privacy control correlates closely with personal identifiable information (PII). If users PII is leaked it leaves devices vulnerable to attacks. If hackers can access a person’s financial information this could result in unauthorized transactions that could be financially devastating. Ways to prevent these types of attacks are by keeping your mobile device updated, adding more security authentication.

Physical hardware is also susceptible to vulnerability. Outdated device firmware can lead to being plagued by bugs and security flaws. Wright (2023) Lack of encryption can also lead to attacks on physical hardware. When an organization grows it can sometimes add innovative technology that does not have a strong encryption. This leaves companies vulnerable to attacks. A way to prevent these types of vulnerability is to ensure you buy hardware from a reputable vendor, enforcing access control areas where hardware is placed, and adding weekly vulnerability scanning. Wright (2023)

Wright, K. (2023, January 13). Top 10 hardware vulnerabilities MSPs should watch out for. inSOC. https://in-soc.com/blog/top-10-hardware-vulnerabilities-msps-should-watch-out-for/