The National Institute of Standards and Technology has introduced new resources intended to help organizations protect their mobile devices and computer systems from malware threats.
NIST said Wednesday the draft Mobile Threat Catalogue and the draft Assessing Threats to Mobile Devices and Infrastructure seek to respond to the public and private organizations’ request for information on threats and how to mitigate the attacks.
The draft catalogue details the various mobile threats in authentication, supply chains, physical access, payment, ecosystem and network protocols, technologies and infrastructure.
MTC also raises security concerns over the Global Positioning System, WiFi, Bluetooth and mobile payments; and advocates the implementation of mobile security tools and best practices to help secure an organization’s information technology system.
“Often IT shops or security managers will address or secure the apps on a phone and protect the operating system from potential threats,†said Joshua Franklin, an NIST cybersecurity engineer.
“But there is a much wider range of threats that need to be addressed… Enterprise security teams often don’t focus on the cellular radios in smartphones, which, if not secured, can allow someone to eavesdrop on your CEO’s calls.â€
The second draft provides background information on mobile device threats and recommends that security perspectives be expanded to include threats that occur through cellular networks, cloud infrastructure and application stores.
NIST collaborated with the Department of Homeland Security’s science and technology directorate to develop the resources with data obtained from responses to a 2015 request for information on mobile threats and defenses and interviews with security professionals.
