AT&T Developer
  • Products
  • Resources
  • Blog
  • Sign In

Technical Library

    Device Technologies
    • Biometrics
    • Device Detection
    • HTML5
    • Mobile Web Fundamentals
    • Mobile Web Standards
    • Multi Core Coding in Dalvik
    • Multi Thread Coding in Android
    • Near Field Communication
    • NFC Forum
    • NFC Use Cases
    • NFC Case Studies
    • NFC Tags
    • GlobalPlatform and NFC
    • User Identification
    • Native Code
    Security and Privacy
    • Application Privacy Guidelines
    • Downloading DRM Content in Android
    • IPv6
    • Likelihood of a Successful Attack
    • Messaging Privacy
    • Mobile Web Security
    • Network Security
    • Security Policy
    • Security at AT&T
    • Types of Security Threats
    • Wireless Application Security
    • Security Policy Enforcement
    UI Elements
    • Slider Controls for Android
    • Check Box for Android
    • Dropdown for Android
    • Image Button for Android
    • Toggle Button for Android
    • Radio Button for Android
    • Segmented Text Toggle Button for Android
    • Static Text Toggle Button for Android
    • Switch for Android
    • Text Fields for Android
    • Getting Started with AT&T UI
    • HTML5 UI Elements
    • HTML5 Checkboxes
    • HTML5 Dropdown
    • HTML5 Image Button
    • HTML5 Image Toggle Button
    • HTML5 Radio Button
    • HTML5 Segmented Toggle Button
    • HTML5 Slider
    • HTML5 Static Text Toggle Button
    • HTML5 Switch Control
    • HTML5 Text Fields
    Network Technologies
    • IP Addresses
    • Long Term Evolution (LTE)
    • Network Timers
    • Wi-Fi
  • Other AT&T Websites
    • Best Practices
    • Hackathon Best Practices
    • Mobile Best Practices
    • Seven Common Errors Around Creating Mobile User Experiences
toggle menu

Likelihood of a Successful Attack

 

In addition to looking at security from the perspective of the most common types of threats, enterprises need to consider the main potential targets of attack—the mobile device and the mobile infrastructure—which overlap in several areas.

 

Attacks on Mobile Devices

 

Attacks against a device can be made using any of the following three methods:

  • Physical attacks involve stealing a wireless device and getting access to confidential information stored there, or using the device to access confidential data in the enterprise's network.

    This is the easiest attack to launch because wireless devices are small and easily stolen or lost. For this reason, this method of attack poses, by far, the greatest security risk. An enterprise should secure any device that connects to its network and should fully understand the carrier¿s high-level security policies and practices.
  • Attacks on the airlink (also called over-the-air interception) require highly specialized equipment and a high level of cryptoanalytical skill and computing power. The penalty for illegally intercepting a wireless transmission is up to $250,000 and five years in prison. The cost, difficulty, and risk make this method of attack uncommon, but it is potentially very dangerous.
  • Peripheral-interface attacks involve attacking a mobile device using communications other than the cellular signal, such as Bluetooth, infrared (IR), or Wi-Fi. Accessing a device through these interfaces presents risks of intrusion (from both humans and malware) and of compromising confidentiality and data integrity.

    Peripheral-interface (or peripheral-port) attacks are becoming more common and are a growing concern among enterprise security experts. Users should be taught to turn on Bluetooth (and especially to make their devices Bluetooth "discoverable") only when the feature is needed. They should also change the default name in their Bluetooth settings.

 

Attacks on the Infrastructure

 

Infrastructure attacks are directed against the wireless network or the carrier's internal IT systems. Two broad categories of infrastructure attacks are denial-of-service and attempts to obtain or alter confidential information. This latter category is what the general public thinks of as "hacking."

Motivation for infrastructure attacks can be malicious or financial. Examples include stealing credit card or other financial information and modifying billing records.

An enterprise's well-run security regime can make it difficult for these attacks to succeed, but they are much more common and more likely to cause damage than are attempts at over-the-air interception.

Back To Top
  • APIS & TOOLS
    • AT&T Video Optimizer
  • APIS & TOOLS
    • Futurist Reports
    • Technical Library
  • SUPPORT
    • Contact Us
    • FAQs
    • Twitter
  • AT&T Developer Program on Github
  • AT&T Developer Program on Facebook
  • AT&T Developer Program on Twitter
AT&T Logo

Terms of Use   Privacy Policy   Your Privacy Choices California Consumer Privacy Act (CCPA) Opt-Out Icon
©2024 AT&T Intellectual Property. All rights reserved

AT&T, the AT&T logo and all other AT&T marks contained herein are trademark of AT&T Intellectual Property and/or AT&T affiliated companies.

14100000
Session Expiring

Your session is about to expire in !

Stay Signed In
Session Expired

Sorry! Your session has expired.

Skip to content