Mobile Device Security | Homeland Security (2024)

Mobile devices have revolutionized the way we do work, enabling on-demand access to services and information anytime from anywhere. In the United States, there are an estimated 200 million smart mobile devices and two billion such devices worldwide.Within DHS, more than 38 percent of employees have government-issued mobile devices, totaling approximately 90,000 devices in use. To promote the safe and secure adoption of mobile technology in DHS and across the federal government, the DHS Science and Technology Directorate (S&T) created the Mobile Device Security (MDS) project.

Motivation

Mobile technology promotes lower costs, geographic flexibility and other advantages to government services such as public safety, health, education and finance. However, as government services grow more dependent on mobile technology, mobile devices become bigger targets for cybercriminals. As a result, the cyber threats the government faces include physical tracking of government personnel, unauthorized access to sensitive information and denying or degrading government services. Government mobile users need assurances that the apps on their devices execute securely on a “safe” device. A verifiable, trusted execution environment is needed to detect when the mobile device’s system has been maliciously modified. Additionally, one-time validation schemes that rely on passwords and tokens are PC-centric security approaches that are insufficient for mobile device security. New approaches are needed to leverage the unique capabilities and functions of mobile devices.

Approach

Several DHS mobility working groups and federal interagency working groups gathered requirements for the MDS project. This interaction enabled a prioritization of mobile security capability gaps that are impeding mobile implementations both at the federal level and across the Homeland Security Enterprise. Several of the high-priority target areas addressed by the project include mobile device management, trust implementation for executables, and identity management and authentication. The project has established three overarching objectives to accelerate the adoption of secure mobile technologies by the government.

To address these gaps, the MDS project has established several R&D initiatives that encompass projects related to:

Mobile Device Security | Homeland Security (1)Mobile software roots-of-trust -- Developing tamper-evident modules that continuously measure and verify a chain of cryptographically strong evidence to prove the trustworthiness of the device’s environment prior to executing software.

Continuous authentication -- Developing capabilities to do continuous, multi-factor verification that leverages contextual attributes on a mobile device to make real-time security decisions within the device and when accessing remote systems; leveraging a device’s innate functionality (e.g., application sandboxing, camera, GPS, etc.) to sense and measure the environment, user interaction and app interaction to ascertain risk.

Virtual mobile infrastructure extensions -- Developing mobile access control functionalities that leverage cloud-based technology to secure access to critical data without the need for resident data on the mobile device.

Performers

BlueRisc: Software-only Roots of Trust for Mobile Devices
Mobile roots-of -trust (MobileRoT) technology, which is based on software that measures and verifies a mobile device’s static and runtime state, was created to enable trust and overall device security.

HRL Laboratories, LLC: Continuous Behavior-Based Authentication for Mobile Devices
The Continuous Behavior-Based Authentication for Mobile Devices effort developed an anomaly-detection system for mobile devices based on HRL’s neuromorphic chip. It includes algorithms for continuous, behavior-based authentication for mobile devices.

Kryptowire LLC: Quo Vandis: A Framework for Mobile Device and User Authentication
The Quo Vandis effort created a framework for continuous device and user-behavioral authentication to prevent unauthorized access to mobile app functionality and sensitive enterprise data.

Rutgers University: Dynamic Data Protection via Virtual Micro Security Perimeters
For this effort, the primary output was a data-protection architecture for mobile operating systems using dynamic information flow tracking and cryptographic policy enforcement technologies to isolate data, instead of isolating the information processing environment.

University of North Carolina at Charlotte (UNCC): Theseus: A Mobile Security Management Tool for Mitigating Attacks in Mobile Networks
The Theseus effort developed a mobile device security management tool that monitors user activities, detects threats and provides situational awareness tailored to emerging first responder mobile networks.

Intelligent Automation, Inc.: TrustMS: Trusted Monitor and Protection for Mobile Systems
The TrustMS effort consists of two processor-level components: an offline instrumentation engine and a runtime multi-core security monitor. The instrumentation engine inserts security check code into target vulnerable programs and optimizes the instrumented code through static analysis. The runtime security monitor dedicates a central processing unit (CPU) core to monitor instrumented programs executed by other CPU cores to reduce processing overhead.

Hypori Federal: Process Level Security for Mobile System Assurance
The Process Level Security for Mobile System Assurance has developed and currently is piloting secure mobile infrastructure in virtualized environments.

Resources

For the latest information about , visit the S&T Cybersecurity News, Publications, Videos and Events pages.

Publications & Fact Sheet

  • DHS Study on Mobile Device Security
  • Mobile Device Security Fact Sheet

Contact

Email:SandT.PCS@hq.dhs.gov

Mobile Device Security | Homeland Security (2024)

FAQs

How do I secure my mobile devices? ›

Mobile Device Security Best Practices
  1. Enable user authentication.
  2. Use a password manager.
  3. Always run updates.
  4. Avoid public wi-fi.
  5. Enable remote lock.
  6. Cloud backups.
  7. Use MDM/MAM.
Jan 3, 2024

What is mobile device security in cyber security? ›

Mobile security is the strategy, infrastructure, and software used to protect any device that travels with users, including smartphones, tablets, and laptops. Cybersecurity for mobile devices includes protecting data on the local device and the device-connected endpoints and networking equipment.

What security setting should you use on your mobile device? ›

Encrypt Your Data

To protect your mobile phone data, make sure the data is encrypted. Encrypted data is stored in an unreadable form so it can't be used by a bad actor. Fortunately, most phones have encryption settings you can enable in the security menu, and these are often enabled by default.

What is the most common security risk of a mobile device? ›

Phishing attacks, including voice phishing (vishing) and SMS phishing (smishing), along with compromised apps, pose serious threats to mobile security. Cybercriminals increasingly use these methods to deceive users into divulging personal information or downloading malicious software.

Do you really need mobile security? ›

Installing Android antivirus could help protect against hackers and other threats. Prone to lost or stolen devices: If you frequently lose devices or are afraid of someone stealing yours, invest in additional protection. Some antivirus softwares can help locate devices or remotely wipe any confidential data.

What is the most secure mobile device? ›

Top 10 Most Secure Phone in the World of 2024
  • K-iPhone. ...
  • Sirin Labs Finney U1. ...
  • Bittium Tough Mobile 2. ...
  • Solarin by Sirin Labs. ...
  • Blackphone 2. ...
  • Bittium Tough Mobile 2C. ...
  • Katim R01. ...
  • Black phone PRIVy 2.0. Blackphone Privy 2.0 is for those looking for an individual yet most secure phone.
May 25, 2024

What security precautions should you take with your mobile devices? ›

General Security

Mobile devices should be password protected, and auto lockout should be enabled. The password should block all access to the device until a valid password is enabled. The password used should be as strong a password as your device will support. Learn more about “creating strong passwords.”

What is the best practice for protecting data on a mobile device? ›

Consider using Biometrics (e.g., fingerprint, face) authentication for convenience to protect data of minimal sensitivity. Use strong lock-screen pins/passwords: a 6-digit PIN is sufficient if the device wipes itself after 10 incorrect password attempts. Set the device to lock automatically after 5 minutes.

How can you safeguard your mobile device from malware? ›

Preventing Mobile Malware Attacks
  1. Protect your device as if it were a computer. ...
  2. Pay attention to the security of WI-FI networks you use to access data. ...
  3. Establish and enforce bring-your-own-device (BYOD) policies. ...
  4. Keep your device's operating systems up to date. ...
  5. Encrypt your devices.

Are mobile phones more secure than laptops? ›

One of the most prevalent mobile security myths is that mobile devices are inherently more secure than traditional endpoints like desktops and laptops. But this is a dangerous misconception — mobile devices simply have a different set of vulnerabilities that leave them open to a variety of cybersecurity risks.

What is an example of mobile security? ›

At a very basic level, even a password, fingerprint sensor or facial recognition software is a type of security feature for mobile devices because it protects others from gaining access to your content.

What is the best security you can put on a mobile device? ›

Two-Factor Authentication (2FA)

The second factor could be something you have, such as a mobile device or a smart card, or something you are – a biometric feature like a fingerprint or face recognition. 2FA provides an extra layer of security, making it harder for potential intruders to gain access to your data.

How do I make sure my device is secure? ›

Here are seven ways to help them maintain computer security:
  1. Install security software. ...
  2. Never skip an update. ...
  3. Give the browser a boost. ...
  4. Customize browser security settings. ...
  5. Clear the cache and browsing history. ...
  6. Watch what you download. ...
  7. Use a passphrase or complex password.

How to make your mobile phone secure? ›

Secure my mobile devices
  1. Use a good password or PIN and make sure your device locks automatically when not in use.
  2. Only install apps from locations you trust and apply security updates.
  3. Set up a 'remote wipe' feature if available, in case your device gets lost or stolen.

Which antivirus is best for mobile? ›

  • The Best Antivirus for Android of 2024.
  • Bitdefender.
  • Malwarebytes.
  • Avast.
  • Microsoft Defender.
  • AVG.
  • Webroot.
  • McAfee.

Which is better for security iOS or Android? ›

iOS security focuses more on software-based protection, while Android uses a mixture of software and hardware-based protection. Ultimately, a device is only secure up to a point unless you take your own precautions.

What is the most secure screen lock for a mobile device? ›

PIN, password, and pattern locks remain the safest now, but make sure nobody can see them while you unlock the phone.

Top Articles
Latest Posts
Article information

Author: Terence Hammes MD

Last Updated:

Views: 5963

Rating: 4.9 / 5 (49 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Terence Hammes MD

Birthday: 1992-04-11

Address: Suite 408 9446 Mercy Mews, West Roxie, CT 04904

Phone: +50312511349175

Job: Product Consulting Liaison

Hobby: Jogging, Motor sports, Nordic skating, Jigsaw puzzles, Bird watching, Nordic skating, Sculpting

Introduction: My name is Terence Hammes MD, I am a inexpensive, energetic, jolly, faithful, cheerful, proud, rich person who loves writing and wants to share my knowledge and understanding with you.