Easy, fast and convenient: these are attributes commonly associated with mobile computing. All
too frequently, however, they disguise the many dangers created by this common practice. Performing seemingly simple tasks from a remote device, such as checking email, working on business documents, or even discussing sensitive issues via VOIP (Voice Over Internet Protocol), can enable attackers to monitor and access everything accessed, if the mobile computing device and the remote systems are not properly secured. This can enable almost anyone: business competitors, restrictive governments, hackers, and others, to build a profile of the user’s activities, and possibly even their identities. Alternatively, attackers can perform DOS (Denial Of Service) attacks, in an effort to disconnect legitimate users from working remotely altogether.
Although these attacks are used by many malicious users, they can be avoided by using mobile computing securely. A common fallacy is that encryption is the solution to all problems, and that, when using it, the user is invulnerable to these types of attacks. This could not be further from the truth. Although today’s headlines are increasingly filled with businesses losing data to criminals due to not using any encryption whatsoever, it is becoming more and more evident that encryption alone is not enough. If not properly implemented, encryption can be easily bypassed, cracked or breached by using tactics such as: keylogging, physical media analysis, social engineering, wireless monitoring, electromagnetic interception, use of trojans, among numerous other tactics. It should be evident that encryption, although extremely helpful when correctly implemented, cannot be relied upon solely to solve all the problems created by mobile computing. In order to combat these vulnerabilities, a complete approach must be adopted. This should include an educational approach as well as a technological one. The true degree of security is the users’ ability to recognize and thwart malicious attacks, and this can only be accomplished via a combination of both knowledge as well as technological tools. Infosecwriters.com