Thoughts on Mobile Device Security

During the last weeks I have given Mobile Device Security a big thought. As you may know, especially mobile phones are one of the most widely spread sort of device in the world. Almost everyone living in the western world has at least one of them. It is obvious to think further and say that if it is possible to compromise the security of such devices that a big damage could occur. Think of someone hacking your phone and controlling it. Think of all the personal stuff you got on the storage/sim card. Think of all your contacts, the numbers dialed and maybe even pictures nobody else should see.

So mobile phones should be very secure, right? If someone would be able to take over control of such devices, it would be possible to track down many areas of our live. So the vendors should be making sure that every mobile phone is highly secure.

Insecure connections
Many mobile phones with Bluetooth abilities accept new incoming connections by default. This means that accessing data on these mobile phones is very easy (I have seen various live hacking demonstrations where the speaker simply hacked the smartphones of the audience without them knowing it).

Keyboard lock? Ehm yeah.
In most cases the keyboard lock of a cellular gets turned on when you don’t use it for a certain amount of time. Sadly this lock is of no use when you connect the mobile device to a computer and start a synchronisation tool. You still can access all the data without even having to enter a PIN or some sort of lock code. Furthermore some devices have a special way of unlocking the keyboard, e.g. by moving a bar from the left to the right. Very secure. If you left your phone let’s say at a restaurant, someone simply has to move the bar and then has access to the device.

Unencrypted data and connections
The files on mobile devices and storage cards are not encrypted in most cases. So are the connections to other phones.

Those are only three points concerning security issues, but at the same time this is already enough to state that the devices which we use daily are not secure enough.