Page 621 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 621

notebook computers as well as the transfer of files, documents, music,
               video, and so on.

               Additionally, mobile devices aren’t immune to eavesdropping. With

               the right type of sophisticated equipment, most mobile phone
               conversations can be tapped into—not to mention the fact that anyone
               within 15 feet can hear you talking. Be careful what you discuss over a
               mobile phone, especially when you’re in a public place.

               A wide range of security features are available on mobile devices.
               However, support for a feature isn’t the same thing as having a feature
               properly configured and enabled. A security benefit is gained only

               when the security function is in force. Be sure to check that all desired
               security features are operating as expected on your device.



                  Android


                  Android is a mobile device OS based on Linux, which was acquired
                  by Google in 2005. In 2008, the first devices hosting Android were

                  made available to the public. The Android source code is made
                  open source through the Apache license, but most devices also
                  include proprietary software. Although it’s mostly intended for use
                  on phones and tablets, Android is being used on a wide range of
                  devices, including televisions, game consoles, digital cameras,
                  microwaves, watches, e-readers, cordless phones, and ski goggles.

                  The use of Android in phones and tablets allows for a wide range of

                  user customization: you can install both Google Play Store apps as
                  well as apps from unknown external sources (such as Amazon’s
                  App Store), and many devices support the replacement of the
                  default version of Android with a customized or alternate version.
                  However, when Android is used on other devices, it can be

                  implemented as something closer to a static system.
                  Whether static or not, Android has numerous security

                  vulnerabilities. These include exposure to malicious apps, running
                  scripts from malicious websites, and allowing insecure data
                  transmissions. Android devices can often be rooted (breaking their
                  security and access limitations) in order to grant the user full root-
   616   617   618   619   620   621   622   623   624   625   626