NIST Unveils New Mobile Security Resources; Joshua Franklin Comments

mobile securityThe National Institute of Standards and Technology has introduced new resources intended to help organizations protect their mobile devices and computer systems from malware threats.

NIST said Wednesday the draft Mobile Threat Catalogue and the draft Assessing Threats to Mobile Devices and Infrastructure seek to respond to the public and private organizations’ request for information on threats and how to mitigate the attacks.

The draft catalogue details the various mobile threats in authentication, supply chains, physical access, payment, ecosystem and network protocols, technologies and infrastructure.

MTC also raises security concerns over the Global Positioning System, WiFi, Bluetooth and mobile payments; and advocates the implementation of mobile security tools and best practices to help secure an organization’s information technology system.

“Often IT shops or security managers will address or secure the apps on a phone and protect the operating system from potential threats,” said Joshua Franklin, an NIST cybersecurity engineer.

“But there is a much wider range of threats that need to be addressed… Enterprise security teams often don’t focus on the cellular radios in smartphones, which, if not secured, can allow someone to eavesdrop on your CEO’s calls.”

The second draft provides background information on mobile device threats and recommends that security perspectives be expanded to include threats that occur through cellular networks, cloud infrastructure and application stores.

NIST collaborated with the Department of Homeland Security’s science and technology directorate to develop the resources with data obtained from responses to a 2015 request for information on mobile threats and defenses and interviews with security professionals.

Check Also


FireEye to Provide Cybersecurity Defenses to Texas DIR; Pat Sheridan Quoted

FireEye, Inc. has announced that it will offer cyber security defenses to Texas public sector agencies, under Texas Department of Information Resources (DIR), the company reported on Thursday. Through the end of 2020, FireEye security products and Mandiant Solutions services will be available to all Texas agencies, county governments, cities and school districts through DIR’s Bulk Purchase Initiative for Endpoint Detection and Response (EDR) solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *