The purpose of this post is to provide fast answers to a reader who has one or few specific questions on Cybersecurity. You can quickly browse through the post until you got answer to your question. If your question is not included here, please post your question in the comment section and I will answer it.
Cybersecurity is a very complex problem. Any discussion on it requires use of some technical term, especially types of malwares. I have tried to minimize the use of technical terms. But it you are not familiar with various types of malware you want to read ‘Malwares: an Overview‘. That will not only make your reading this section easier, it also will expand your knowledge of malwares.
What is Cybesecurity?
Cybersecurity is security in cyberspace, including, but not limited to, security of (a) systems that make cyberspace, (b) systems that provide services to the users of cyberspace, (c) devices that are part of cyberspace, (d) devices that cyber-travelers (cyberspace users) use to get services from cyberspace, and (e) information of stored and streaming through cyber-highway.
From the answer above, cybersecurity seems to be a very complex problem. How such a complex problem can be to dealt with?
Cybersecurity is really a very complex problem. To solve this complex problem, it is divided into many smaller problems. Then, each smaller problem is addressed individually.
What are the smaller cybersecurity problems?
A four layer-architecture model of cyberspace divides it into (a) User layer, (b) App or application-layer software, (c) system software, and (d) physical layer. Then, security problems at each of these layers is addressed one at a time. For example, security of a device consists of physical security, firmware security, and software security problems; each of these security problems is considered as separately, and it is addressed individually.
What are the user-layer security problems?
Physical security of the user device, app or application software security, system-software security, and hardware security.
What is physical security of a device?
The device must be kept away from everyone except trusted users or maintenance personnels. When a device is not used, it must be kept in a place where others don’t have access. For example, a cell phone must be with its user and never left unattended in a public place.
What are app or application-software security?
App or application-layer software are used by the users for connecting to the Internet or receiving or delivering online services. For example, security of a banking app. It is important that the user have an original and most current version of the app from the bank and not a compromised app from other sources. A compromised app could be a modified version of the genuine or original version that the bank provides to its customers; the modified version may be Trojan horse with hidden spyware and keylogger.
How an app could be modified?
Malicious actors can modify app several ways. Let us consider two of them here.
Answer A: A malicious actor may get an original app, keep its user interface, but change the way it suppose to communicate with the bank. For example, during sign-on phase, the modified app may send a copy of your user-name and password to the malicious actor, who then can access your account.
Answer B: A malicious actor may create a counterfeit version of the app. Then he (the malicious actor) gain access to the end-user device and replace genuine app the end-user installed with the counterfeit app. Now the counterfeit app does what it was designed for — bypass security system and works as the malicious actor wanted it to.
How can a malicious actor get access privilege to a bank-customers device?
The user may not have good access control or password protection in his/her device. Even when the password and authentication mechanism is elaborate and complex, the device may have a backdoor, that may be exploited by the malicious actor.
What is a backdoor?
A backdoor is an entry point to software that bypass normal access control protocols, such as, authentication using username and password.
A backdoor seems to be a big problem. Why a backdoor is created or kept in a software?
Short answer is, convenience of software development and maintenance. During development, it is inconvenient, at best, to have a secure access mechanism for the programmer. So, backdoors are created for bypassing the security process. Intentionally backdoor is created for maintenance phase of the software. For example, if a software-system crash the maintenance team need fast and frequent access to the software-system to fix the bugs and test the patched software-system. Therefore, backdoor seems to be there to exists for a long while, if not forever.
Okay. It seems one must verify that the apps they load in their devices are authentic and keep a keen eye on potential alterations. Is all apps in the app stores and Google play are safe?
Very good question. Most likely, but no guarantee.
Because, no one can certify that a software (apps are software too) is bug free. Moreover, sometimes malicious actors may act like a third-party app developer and create an app that pass the basic security checks, and have hidden traps!
What is the best policy for protecting an end-user device from attacks through apps?
Easy answer, less is more and better! Have only those apps in your device that are absolutely necessary. Have an anti-malware to monitor your device. Yes, anti-malware will slow down your device, but you are paying this price for safety. Right!
Are iOS and Android apps?
No, they are mobile operating system that enables many mobile devices. Without operating system hardware would not be useful. All apps utilize operating system’s ability to access hardware for delivering services to the users. Operating system is one of the suit of softwares that a device need to provide services to the apps. Collectively they are called system softwares.
What are the security issues with system software?
System softwares, like any other large software, most likely have some unknown security vulnerabilities. Both software makers and malicious actors always looking for those weaknesses. When a malicious actor finds a vulnerability, he exploits it to infiltrate in devices to perform malicious acts. When a software maker fixes a security vulnerability, then it sends message to its users to upgrade the software. Inevitably, malicious actors come to know the location and type of security vulnerability and exploits it to their advantage. Thus it is very important to upgrade your softwares as soon as you get security upgrade messages.
What should I do when a software maker sends me a request to upgrade a software?
You should upgrade to the new version without delay. But be careful. Make sure it is a genuine request and more importantly, you are upgrading from an authentic source.