fbpx
Connect with us

Gadgets

Improve the Security of Your Mobile Applications

Izunna Okpala

Published

on

mobile securityThere are 2 main categories of mobile code security risks. The user thinks they are installing a game or utility and instead get hidden spyware, phishing UI, or unauthorized premium dialing.

mobile security

Mobile App and Mobile Code Security Risks
There are 2 main categories of mobile code security risks. The category of Malicious Functionality is a list of unwanted and dangerous mobile code behaviors that are stealthily placed in a Trojan app that the user is tricked into installing. The user thinks they are installing a game or utility and instead get hidden spyware, phishing UI, or unauthorized premium dialing.
Malicious Functionality

  1. Activity monitoring and data retrieval
  2. Unauthorized dialing, SMS, and payments
  3. Unauthorized network connectivity (exfiltration or command & control)
  4. UI Impersonation
  5. System modification (rootkit, APN proxy config)
  6. Logic or Time bomb

The category of mobile security vulnerabilities are errors in design or implementation that expose the mobile device data to interception and retrieval by attackers. Mobile code security Vulnerabilities can also expose the mobile device or the cloud applications used from the device to unauthorized access.

Vulnerabilities

  1. Sensitive data leakage (inadvertent or side channel)
  2. Unsafe sensitive data storage
  3. Unsafe sensitive data transmission
  4. Hardcoded password/keys

The Mobile Code Security Stack
Increasing smartphone adoption rates coupled with the rapid growth in smartphone application counts have created a scenario where private and sensitive information is being pushed to the new device perimeter at an alarming rate. The smartphone mobile device is quickly becoming ubiquitous. While there is much overlap with common operating system models, the mobile device code security model has some distinct points of differentiation.
The mobile code security stack can be broken up into four distinct layers. The lowest layer of the stack is the infrastructure layer, followed upward by the hardware, operating system and application layers. These security stack layers each define a separate section of the security model of a smartphone or mobile device.
Each layer of the Mobile Code Security model is responsible for the security of its defined components and nothing more. The upper layers of the stack rely on all lower layers to ensure that their components are appropriately safe. This abstraction based model allows the design of a particular mobile security mechanism to focus on a single specific area of concern without expending the resources required to analyze all layers that support its current location within the stack.

 

Mobile Security – Infrastructure Layer
The infrastructure layer is the lowest and thus most supportive layer of the mobile code security stack. This layer is the foundation that supports all of the other tiers of the model. The majority of the functional components at this layer are owned and operated by a mobile carrier or infrastructure provider; however integration into the handset occurs as data is transmitted from this tier upward.
Cellular voice and data carriers operate the infrastructure that carries all data and voice communications from end point to end point. The security of components at this level typically encompasses the protocols in use by the carriers and infrastructure providers themselves. Examples of such protocols include code division multiple access protocol (CDMA), global system for mobile communications (GSM), global positions systems (GPS), short messaging systems (SMS), and multimedia messaging systems (MMS). Due to the low foundational nature of this particular security tier, flaws or vulnerabilities discovered at this tier are generally effective across multiple platforms, multiple carriers, and multiple handset set providers.

Mobile Security – Hardware Layer
As we move up the stack to the second tier of the mobile code security stack, we are moving into the realm of a physical unit that is typically under the direct control of an end user. The hardware layer is identified by the individual end user premise equipment, generally in the form of a smartphone or tablet style mobile device. The hardware layer is accessible to the operating system allowing for direct control of the physical components of the unit. This hardware is generally called the “firmware” and is upgraded by the physical manufacturer of the handset and occasionally delivered by proxy through the phone carrier. Security flaws or vulnerabilities discovered at this layer typically affect all end users who use a particular piece of hardware or individual hardware component. If a hardware flaw is discovered in a single manufacturer’s device, it is more than likely that all hardware revisions using that similar design and/or chip will be effected as well.

Mobile Security – Operating System Layer
The third tier in the mobile code security stack is the operating system layer. This layer corresponds to the software running on a device that allows communications between the hardware and the application tiers. The operating system is periodically updated with feature enhancements, patches, and security fixes which may or may not coincide with patches made to the firmware by the physical handset manufacturer. The operating system provides access to its resources via the publishing of application programming interfaces. These resources are available to be consumed by the application layer as it is the only layer higher in the stack than the operating system itself. Simultaneously, the operating system communicates with the hardware/firmware to run processes and pass data to and from the device.
Operating system flaws are a very common flaw type and currently tend to be the target of choice for attackers that wish to have a high impact. If an operating flaw is discovered, the entire install base of that particular operating system revision will likely be vulnerable. It is at this layer, and above, where software is the overriding enforcement mechanism for security. Specifically due to the fact that software is relied upon, the operating system, and the application layer above, is the most common location where security flaws are discovered.

Mobile Security – Application Layer
The application tier resides at the top of the mobile security stack and is the layer that the end user directly interfaces with. The application layer is identified by running processes that utilize application programming interfaces provided by the operating system layer as an entry point into the rest of the stack.
Application layer security flaws generally result from coding flaws in applications that are either shipped with or installed onto a mobile device after deployment. These flaws come in classes that are similar to the personal computing area. Buffer overflows, insecure storage of sensitive data, improper cryptographic algorithms, hardcoded passwords, and backdoored applications are only a sample set of application layer flaw classes. The result of exploitation of application layer security flaws can range from elevated operating system privilege to exfiltration of sensitive data.

How to test for mobile code security
When analyzing an individual device for security implications, one should take into account each of the layers of the mobile code security stack and determine the effectiveness of the security mechanisms that are in place. At each layer determine what, if any, security mechanisms and mitigations the manufacturer has implemented and if those mechanisms are sufficient for the type of data you plan to store and access on the device.

 

Gadgets

Steps To Improve Your Google search results

Izunna Okpala

Published

on

GoogleLogo

Google is the biggest search engine in the world as it gives the best and most relevant results compared to other search engines. However, the question is does your business take advantage of Google to boost patronage? Also, do you like what you see when you Google your business?

Make sure your business’ name is your website’s domain name

This is one of the simplest ways to enhance the search results of your business. You do this by using your business name as your domain.

In addition, the domain name should be mentioned on the homepage rather than the logo. This is because search engines cannot read images. As a caveat, do not use a domain name that is different from what is appearing on the homepage. They must all correspond.

Mention your business’ name on the “About Us” page.

The About Us page should specifically state what the business is all about. it should clearly be stated in the summary of what the business does.

Also, do not omit the business name and keywords like hotels, and travel. They are the keywords that your clients or customers will search for.

Put the business’ name again on the “Contact Us” page.

When you visit some websites, the “Contact Us” page is usually missing or hidden in a place that makes it difficult to be noticed by visitors.

It worthwhile to have a different contact us page where you state your business name, the address as well as the contact phone number(s). This will help the search engine to link the website with business directory listings thus enhancing the search results.

Open a social media Page for the business.

If your business is not on social mediaInstagram, Facebook, Google plus and Twitter, then you are missing out on an opportunity to enhance your search results.

Aside from enhancing your social media presence, it is also a good communication tool that helps you bridge the gap between you and your customers. Uniformity is important if you want to really boost your search results.

Continue Reading

Gadgets

Secret way to dim iPhone screen for nighttime reading

Izunna Okpala

Published

on

iphone

Even at its lowest setting, an iPhone’s display can be too bright if you’re reading in bed at night or in an otherwise dark room. If you find you’re still blinded by the light even after moving the brightness slider all the way to the left in Control Center, there is a way to dim the screen past what the slider allows. In Settings, you can enable a low-light filter and then make it readily accessible from the home button.

1. Go to Settings > General > Accessibility > Zoom.

2. At the top of the Zoom page in settings, tap the toggle switch on for Zoom.

3. Scroll down on the Zoom page in settings and select Full Screen Zoom for Zoom Region and Low Light for Zoom Filter.

iphone low light filter

Now, with zoom enabled, you can double tap with three fingers to zoom in and out, keeping the low light filter in place either way. That is, if you are zoomed in, you can do a three-finger double tap to zoom out to the normal zoom level and read on an ultra-dim screen.

To make it easier than digging into settings each time you want to enable zoom’s low-light filter, head back to the Accessibility page in Settings and scroll all the way to the bottom. Tap on Accessibility Shortcut and choose Zoom. Now, you can triple-click the home button to turn zoom with its low-light filter on and off.

Continue Reading

Gadgets

5 Ways to Be More Productive With Your Smartphone

Izunna Okpala

Published

on

productivity apps

Apparently people are busy playing Temple Run and Candy Crush on their Smartphone 9 hours per day and that is not really what your Smartphone is meant for. As the name suggests, it is a gadget that makes you smarter and life easier. But i think we are not using it to add value to ourselves and be smarter as the name suggests.

5 Ways Your Smartphone Can Boost Your Own Productivity

Just playing games, attending calls and texting. Is that actually what a Smartphone is meant for?

Can that make you smarter? Some people might argue that playing games adds to your brain power, but am here to tell you, that deduction is meant for kids alone.

1. Find a Productivity App That Works for You

The number of productivity apps available are seemingly endless, ranging from industry-specific (such as Storyist for writers or Dossier for sales) to feature-specific (such as email or to-do lists). Choose the wrong one and you’ll end up wasting a lot of time (and money for paid apps).

Several mobile-friendly services can keep you attuned to what needs doing. The most useful ones can be accessed via the web on your computer, as well as a Smartphone app.

One good example is Toodledo. You can use this to accomplish, sorting tasks into folders, such as by client names or general categories such as banking. This App also lets you set priorities, due dates, reminders and more.

There’s also OmniFocus, Mac-only task management software that’s based on David Allen’s “Getting Things Done” methodology. It includes a complicated task review system that might be overkill for many smaller operations.

Also imagine you as an entrepreneur working with pieces of paper everywhere you find yourself, the thought of it alone is mind boggling. For example, you can be good at jotting quick notes on business cards or receipts to help you recall why you saved them. Remember that you have a smartphone. Ask yourself this question “why go through the stress of using pen and paper when you have digits and buttons to use on your phone?” You can use apps like ScanBizCard for iOS, Android and windows phone which allows you scan both sides of business card on the spot. Another spectacular App is JotNot Scanner, an iPhone app that lets you scan documents, optimize the file size for particular types of documents such as receipts, and organizes scans into a password-protected document that you can email to maybe a bookkeeper or any other person you wish to.

2. Limiting email responses.

While receiving email on your Smartphone is usually convenient, typing on a Smartphone can be tedious, time-consuming and, thanks to auto correct, notoriously error-prone. Instead, try reading email on your phone and flagging messages that you wish to respond to, but whenever possible, waiting until you’re on a computer to write responses. If you must answer an email immediately from your phone, consider making a quick phone call instead. Or master the art of writing extremely brief answers to pressing matters. You can add a line to your phone’s email signature file that says: “Sent from my phone, so please excuse the brevity. I’ll send a longer response later if warranted.”

3. Building Your Business Network

Facebook, LinkedIn and Twitter have become second-nature networking tools on mobile, but when it comes to important industry events, such as conferences and trade-shows, there are a few networking apps that can be especially helpful.

4. Get Out of the Office

A key benefit of being a mobile worker is being able to get out of the office and still get stuff done. Research even shows that for certain kinds of creative work, a change in ambiance, like working from a coffee shop, can actually enhance your productivity.

5. Take Advantage of Your Mobile Virtual Assistant

Mobile virtual assistants, like Siri for the iPhone and Google Now for Android, are growing in popularity. Designed respond to voice-activated commands, Siri and Google Now can provide a user with answers and information instantly.

Continue Reading

Trending