Shoring Up Your Mobile Application Security

  • Although mobile security's vulnerabilities are under scrutiny, new attacks continue.
  • AT&T Security Consulting helps safeguard businesses with security assessments and reviews.

With the explosive growth of the mobile market, security of enterprise mobile platforms and applications has gained greater attention than ever before. New mobile vulnerabilities are constantly emerging, and new attacks are being developed to subvert existing security mechanisms, making it difficult for IT professionals to follow these developments. Some examples of the recently emerged attacks are discussed below.

Attacks on smartphone users

Most of today’s smartphones do not have a physical keyboard. The user is instead provided with an on-screen software-based keyboard implemented as a graphical user interface. When a user taps on the screen, the smartphone uses its motion sensors, such as accelerometers, to calculate the coordinates of the position where the user tapped. The user input is then mapped to the corresponding letter or number using the extracted coordinates and knowledge of the keyboard layout being displayed on the screen. By parsing raw motion sensor data, a malicious application could infer what letter or number was tapped by a user to extract sensitive information, such as a password [1].

Attacks on applications

Smartphone cameras are most often used for taking photos and videos but can also be useful for other purposes, such as text translation, comparison of product prices, or navigation. The question often arises as to whether the video stream received by a mobile application from its camera can be trusted. Camera trustworthiness constitutes a particularly important issue when the camera is used as a trusted device in cases like mobile authentication. A malicious user could subvert a mobile application by copying and uploading a video taken by another user, pointing the camera to a replay of a video or manipulating the camera using a static photo [2].

Attacks on services

Smartphone users are accustomed to accessing networking services on the go. By querying the smartphone for its GPS coordinates, location-based services (LBS) providers furnish information relevant to users at their current location or allow users to willingly share their current geographic location with their contacts. By frequently announcing their location to the user community, users win LBS awards. While such positive incentives motivate users to share information, they can also lead to deceptive behavior, such as announcements of fake locations in various places of the world without changing the actual physical location [3].

Protect your organization

Mobility expands the workplace beyond the office walls, creating new challenges to protect sensitive data and intellectual property against targeted attacks. Many organizations find themselves stepping into uncharted waters. To help businesses overcome these growing challenges, AT&T Security Consulting offers Security and Risk Assessment services to validate the mobile security strategy and framework used by an enterprise to combat cyber security threats, as well as Mobile Application Security Assessments and Mobile Application Code Reviews [4,5]. These security assessments are ideal for organizations that develop or deploy mobile applications, whether used by customers, employees or business partners.



[1] //

[2] //

[3] //

[4] //

[5] //

Jennia Hizver Consulting Practice Security Researcher and Consultant AT&T About Jennia