Security of Web-Enabled Small Devices - Essay Example

Security of web-enabled small devices entails striking a balance between end-user productivity and internet risks. Producers and managers of these devices (smartphones and tablets) should develop a user protection strategy aimed at protecting sensitive data stored on these devices, their apps and inbuild storage devices such as flash drives (Dutton, 2013). The vulnerability of small devices to attackers and hackers is on the rise which calls for device security and management, device application administration and data protection to secure users and productivity.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Current Trend

The social matrix has become an environment in which a lot of business is conducted extending beyond co-creation of products and networks. Users like of individual products have facilitated new levels of engagement in commercial activities (Williams, 2015). A large proportion of people is switching to iPhones which have not been experienced in the previous cycles. Secondly, iPad endures a longer upgrade cycle than iPhone because users are not interested in replacing their device often. Also, an iPad sale continues to decline year-over-year even after launching two new models in the market. Despite China being the fastest growing market for Apples, Americas continues to dominate in revenue collection. Besides, Tablets continue to register a decline in their sales whereas Smartphone continues to record an impressive increase in growth (Cunningham, 2015).

Security Issues

Close to three million devices are vulnerable to attack due to unencrypted communications via the channel of a responsible binary (Nearly 3,18,000 Android users hacked via Google AdSense vulnerability, 2016). This exposes the user confidential information and could allow the hacker to update configurations, install applications, use or steal sensitive information on such devices.

Google Chrome bug exploitation by some attackers/ hackers with intent to steal bank cards, gain access to user-specific information such as call log and contacts. The attackers had discovered a way of bypassing Androids Google chrome key security features and gaining access of users personal data without his/her consent (Alsaid, 2007).

Cyber criminals have also developed mobile malicious programs such as Zbot that can bypass measures such as one-time passwords and e-tokens designed to attack mobile phone of various users (Seals, 2016). Also, other malware programs can develop false charges to a cell phone bill or spam texts with intent to defraud the user.

Brook (2016) argues that attackers have also developed an Adware program that automatically creates adverts in users account with the intention of generating income for its creator. Such malicious program can also be used to gather marketing information from the user without his/her consent and forward such requests to insecure advertising sites.

Encryption

Currently, the internet community and other sorts of networks provide a large platform on which third-party sites can share or store sensitive data/information. Due to its sensitivity, its essential to encrypt the information/data stored or saved in these locations to prevent unauthorized users from viewing it. Encryption is a concept that relates to the process of transforming, translating, or converting data into a code/form that's unreadable to unauthorized parties when they access it. Encryption plays a role of protecting data or message content in transit that can be intercepted. This includes data transferred via wireless networks such as Bluetooth devices, storage devices, wireless microphones, mobile phones and automatic teller machines (bank ATM).

Wireless Communications Encryption

Wireless encryption is important in preventing unknown users from accessing your networks. Protection of data involves encrypting messages on transit between a wireless network adapter of the senders computer and a wireless router (Tyson & Crawford, 2011). Different encryption methods such as Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are helpful in encrypting the signal to prevent unauthorized parties from accessing your sensitive information. WEP encrypts data transmitted via wireless local area network (WLAN) which protects the vulnerability of the wireless link between end-users and access points. WPA encrypts data using a Temporal Key Integrity Protocol that contains a function for per-packet mixing, a check for message integrity, a vector for extended initialization and a mechanism for re-keying. WPAII is more advanced than WPA and data encryption is based on Advanced Encryption Standard Algorithm that's obligatory.

Virtual Private Networks Encryption

According to Rosado (2013), Virtual Private Network encryption works to protect data from any interruption or alteration by an attacker while in the channel or prevent it from being visible to unauthorized parties while traveling through a public network (internet) and from attempting to capture it and make use of it. Data entering and leaving the tunnel is encrypted and decrypted respectively by computers at both ends. Tyson & Crawford (2011) argues that application of encryption involves either generic routing encapsulation (GRE) or internet protocol security (IPSec) protocol. Data encryption between various networked devices such as router to router, desktop to server and firewall to a router can be done using IPSec whereas packaging a passenger protocol for transportation via the internet is provided for by the GRE (Rosado, 2013).

Encryption of Financial Transactions on the Internet

According to Hurry (2016), the evolution of financial services requires organizations and firms to ensure that solutions to their information security are capable of protecting the sensitivity of data in transit via the internet. Encryption of financial data received or transmitted enhances confidentiality and integrity of clients information via the internet (Hurry, 2016). Encryption is necessary when securely issuing customers/clients pins as well as managing them over the internet. Secondly, it helps in securing electronic invoices over digital signatures. Thirdly, it assists in the protection of the Secure Socket Layer (SSL) certificates which in turn ensure confidentiality of online transactions. Lastly, point-to-point encryption is essential in protecting cardholder data during its entire wheel of life.

References

(2016). Nearly 3,18,000 Android users hacked via Google's AdSense vulnerability. Hindustan Times. Retrieved from http://www.hindustantimes.com/tech/nearly-3-18-000-android-users-hacked-via-google-s-adsense-vulnerability/story-3C34wx8nwOIXxRr9kwwVAN.html

Alsaid, A. (2007). Enhancing End User Security: Attacks and Solutions. The University of London.

Brook, C. (2016). Backdoor found in Firmware of some Android Devices. Retrieved from https://threatpost.com/backdoor-found-in-firmware-of-some-android-devices/122075/

Cunningham, A. (2015). Apples Q1 2015: Ridiculously high iPhone sales, 18% drop in iPad sales. Retrieved from http://arstechnica.com/apple/2015/01/apples-q1-2015-ridiculously-high-iphone-sales-18-drop-in-ipad-sales/

Dutton, W. H. (2013). The Oxford handbook of internet studies.Oxford University Press.

Hurry, S. J. (2016). U.S. Patent No. 9,280,775. U.S Patent and Trademark Office.

Rosado, J. J. A. (2013). U.S. Patent No. 8,544,080. U.S Patent and Trademark Office.

Seals, T. (2016). Android Vulnerability Affects 2.8 Million Devices. Info Security Retrieved fromhttp://www.infosecurity-magazine.com/news/android-vulnerability-affects-28/

Tyson, J., & Crawford, S. (2011). How VPNs Work. Retrieved from http://computer.howstuffworks.com/vpn7.htm

Williams, O. (2015). Apple sold a whopping 61 million iPhones in Q2 2015, disappoints with 12 million iPads. Retrieved from http://thenextweb.com/apple/2015/04/27/apple-sells-tons-of-iphones/