Time to adopt strict vigilance on mobile security threats

Mobile security risks continue posing critical challenges to individual, companies and even government agencies. These risks include physical tracking of personnel and unlawful access to sensitive information.

Reports by Communications Authority of Kenya (CA) indicate that Kenya now boasts of close to 60 million mobile devices being connected to mobile phone networks. It is against this backdrop that mobile phone device security has become of paramount importance. Mobile phone security involves putting in place mechanisms to protect against cyber attack vectors that threaten the four pillars of security - confidentiality, integrity, availability and non-repudiation.

A mobile security threat is a means of cyber-attack that targets mobile devices like smartphones and tablets. A mobile security threat exploits vulnerabilities in mobile software, hardware, and network connections to enable malicious and unauthorised activities on the device.

As a result of the importance of mobile phones, cybercriminals have increased their focus on these devices and this has spiked cyber threats targeting these devices. The threats, according to Kenya Cyber Security Reports 2019/2020 include mobile phishing attacks which use texts and emails to trick recipients into clicking on malicious links, and App-based threats that entail installation of malicious Apps by unsuspecting users. These Apps can steal the user's data from the phone or spend the user's money with his/her tap and pay Apps.

Network threats are also rampant because users usually connect their devices to several networks such as cellular connection, Wifi, Global positioning system (GPS) and Bluetooth. Hence, hackers can easily exploit each of these points of connection to take over a device and cause havoc.

Mobile phones are also faced with the malicious software (malware) threat. Highly dangerous phone malware include Cabir and MetalGear. Jail breaking and rooting is another threat which entails gaining administrator access to iOS and Android mobile devices. This is risky since increased permissions can enable attackers to access data and therefore cause damage.

The common denominator is to put necessary mechanisms in place to guard against these threats. The mechanisms include using a virtual private network and setting up remote wipe capabilities since this will remove any data from your phone. Further, always lock your phone to avoid access to your personal information.

For those individuals who use smartphones for online shopping or banking, be advised to always log out of the relevant sites and do not store your login credentials (usernames and passwords) on your phone.

Beware that text messages are an easy target for mobile malware, hence avoid sending sensitive data such as credit card details. In the same vein, be cautious about text messages you receive. Keep your mobile phone's operating system up to date as this will protect your device from emerging cyber threats.

The writer lectures at Jaramogi Oginga Odinga University of Science and Technology