Describe any specific security measures for databases in mobile applications and devices.

What will be an ideal response?

Many of the security problems discussed in this chapter apply to mobile applications and
devices, such as:
? Mobile malware – Smartphones and tablets are susceptible to worms, viruses, Trojans and
spyware similarly to desktops. Mobile malware can steal sensitive data, rack up long
distance phone charges and collect user data. High-profile mobile malware infections are
few, but that is likely to change. In addition, attackers can use mobile malware to carry
out targeted attacks against mobile device users.
? Eavesdropping – Carrier-based wireless networks have good link-level security but lack
end-to-end upper-layer security. Data sent from the client to an enterprise server is often
unencrypted, allowing intruders to eavesdrop on users’ sensitive communications.
? Unauthorized access – Users often store login credentials for applications on their mobile
devices, making access to corporate resources only a click or tap away. In this manner
unauthorized users can easily access corporate email accounts and applications, social
media networks and more.
? Theft and loss – Couple mobile devices’ small form factor with PC-grade processing
power and storage, and you have a high risk for data loss. Users store a significant amount
of sensitive corporate data–such as business email, customer databases, corporate
presentations and business plans–on their mobile devices. It only takes one hurried user to
leave their iPhone in a taxicab for a significant data loss incident to occur.
? Unlicensed and unmanaged applications – Unlicensed applications can cost your
company in legal costs. But whether or not applications are licensed, they must be
updated regularly to fix vulnerabilities that could be exploited to gain unauthorized access
or steal data. Without visibility into end users’ mobile devices, there is no guarantee that
they are being updated.