Home Organization Conferences and Events Collaborators Consultancy Contact Español
News Legislation OFAC Interviews Cases Documents Resources Risks Prevention and Control Typologies Organizations Videos

Mobile devices: the new target for data theft

Millions of people now own mobile devices, so it's no surprise that cyber criminals have ramped up their efforts to steal data from them.

Cellphones, smartphones and tablets can hold personal data, including location, home or work address, contacts, email correspondence, SMS or text messages, passwords and other sensitive or risky information.

These devices are relatively easy to lose or steal, since we carry them in our pockets and bags. But that's not the only concern: data can be stolen even as you use your device.

Threats to data on mobile devices

There are multiple threats to mobile devices, but the two main ones are man-in-the-middle attacks and malware*. They can capture a device's data in various ways and as a result threaten your identity and privacy — or carry out a scam.

Essential best practices

An aware user is a secure user. Regardless of the make or model of a device, or whether it's your own or one provided by an employer, keeping data secure comes down to how you use and maintain the device. Here are best practices for keeping your data safe:

  1. Install vetted applications. Before downloading an app, read the reviews. Don't allow applications from unofficial sources. Stick with legitimate sources such as the iTunes App Store, Google Play, or Amazon App Store. When installing software, always check the requested permissions on Android or read the pop-up notification on iOS, which may prompt you to share your location or contacts. This lets you know what the application is looking to do with the data it collects.

  2. Enable encryption. Lock your device with a passcode that encrypts the hardware and prevents a thief from being able to access the data when hooking it up to a computer. This option is only available on iOS 4.x and later (on the iPhone 3GS and later), and Android 3.x and later.

  3. Use tracking. You may be able to recover a lost device using mobile locating and tracking. Find out in advance if your device has this option.

  4. Enable remote wiping. Turn on your device's remote wipe service, if available. Then, if the device is lost or stolen, you can send a command remotely to erase the data on it.

  5. Use trusted WiFi. To protect against man-in-the-middle attacks, make sure you are using a trusted wireless connection. The most risky spots are hotels, coffee shops, and airports. Networks that are WPA2-encrypted are safe; this information usually displays in the Network connections window.

Need some pointers?

For more advice on playing it safe or for steps to lock, wipe, or track your device, visit theMobile Device Ninja page within the Knowledge Base. Be sure to check out the new Mobile Device Security handout.

*Man-in-the-Middle Attacks

This type of attack occurs when data from your device is rerouted via a snooping third party (the man-in-the-middle) before it is sent on to its destination. The attacker intercepts sensitive information by listening to your calls, reading your text messages, following your Internet browsing activity, and pinpointing your geographic location.

Such attacks are easy when insecure (unencrypted) WiFi networks are used. Some applications use a client login protocol over http rather than https (the "s" stands for secure). Let's say you enter your login information into a mobile application to access your bank, Google, or Facebook account. To eliminate the need to enter your login information more than once in a session, the device retrieves an authentication token, which passes the data via an http connection. The tokens, however, are sometimes sent in plain text, which means that anyone looking in on an insecure WiFi connection could collect and use them, gaining unauthorized access to the accounts.


Thieves install malware on devices by taking advantage of vulnerabilities in applications. Last year (2011) malware on mobile platforms increased by 155% compared to the previous year.

Malware is often found in third-party app stores masquerading as a legitimate app. They can trick users into sending costly text messages or contain spyware, which captures keystrokes and transfers data from your device.

In addition, there are apps designed to carry out unethical or unsafe practices, such as getting a user's location, sending text messages, or initiating phone calls without the user's consent.


Institute for Professional Studies INC: Calle 50, Torre Global Bank, Piso 33, Oficina 03, Ciudad de Panamá, Panamá.
Phone: (507) 832-52.47

© 2007 Insitute for Professional Studies. All rights reserved