The Mission Is Critical blog

Your ABC guide to smartphone security terms

Written by Christophe Calvez | 30 Jun 2017

Do you sometimes get lost in the world of acronyms and abbreviations? It seems like every day there is a new TLA, or Three Letter Acronym, to wrap our heads around. Even the terms that are not abbreviated may be confusing. This blog post explains13 terms related to smartphone security.

The IT and communications world is full of acronyms, abbreviations and new terms that people just seem to assume everybody knows. This is partly because a lot of new things are being created and they need names and partly because there is a desire to build excitement around a new idea.

It’s no surprise that the world of secure smartphones for professional users is a rich source of new terms and abbreviations. With new threats rearing their heads weekly, developers are fighting to keep networks and terminals secure, producing a stream of new techniques and definitions in the process.

Here are 13 terms from the area of device related security – see if you know your roots of trust from your bootloader!

What is a bootloader?

At its most basic level, the storage on Android smartphones is like a hard drive with several partitions. One holds the Android system files, another holds all the app data, and there are others to do more behind-the scenes stuff.

Think of the bootloader as a security checkpoint and manager for all those partitions. Most bootloaders are locked and encrypted, meaning the right security token is needed to unlock them.

What is a crypto module?

A hardware security module is a device that safeguards and manages digital keys or cryptographic algorithms for authentication or encryption purposes.

What does jailbreaking mean? 

Jailbreaking involves removing software restrictions, allowing users to download and install applications and themes unavailable through the official App Store.

What is malware or malicious software?

Any program or file harmful to a mobile device. It can steal, encrypt or delete sensitive data, altering or hijacking core computing functions and monitoring users' computer activity without their permission.

What is phishing?

A form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.

What does roots of trust mean?

Roots of Trust (RoT) is a set of functions in the trusted computing module. The computer's operating system will always trust these functions. The RoT serves as a separate computing engine controlling the cryptographic processor on the PC or mobile device it is embedded in. 

What is sandboxing?

When a program is set aside from other programs in a separate environment so that if errors or security issues occur, they will not spread to other areas on the computer.

What is spyware?

Malware designed to collect information and data on users and observe their activity without their knowledge.

What does social engineering mean?

In security terms, this is psychological manipulation of people – basically conning them into performing actions or divulging confidential information. It is often one of many steps in a more complex fraud scheme.

What is a TETRA stack?

A group of TETRA protocols used to implement a network protocol suite. To become a stack, the protocols must be interoperable, able to connect both vertically between the layers of the network and horizontally between the end-points of each transmission segment.

Handpicked related content:

Security is something you need to think about when you use a smart device at work. Minimize your worries and choose Tactilon Dabat, a secure, hybrid device. It checks the right security boxes for you!

Not sure what "hybrid device" means? Check this blog post for explanations: "This is what professionals really want to know about hybrid devices". 

What is a threat?

Threat is something that one can identify but that is beyond one’s control. For example, if an operation takes place in an area of seismic activity, the threat of an earthquake is always present. It cannot be controlled.

What is VPN (Virtual Private Network)?

A virtualized extension of a private network across a public network, such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across the VPN may therefore benefit from the functionality, security, and management of the private network.

What does zero-day vulnerability mean?

A hole in software that is unknown to the vendor, but is known to hackers. This hole is then exploited by the hackers in a zero day attack, which could involve infiltrating malware, spyware or allowing unwanted access to user information. Once the vulnerability becomes known, a race begins for the developer, who must fix the issue and protect users.

For more on threats to smartphones and how to defeat them, download our white paper - How to manage smartphone risks for professional users

____
Sources include:
www.amtelnet.com
www.androidcentral.com
www.bluetooth.com
www.boingboing.net
www.businessdictionary.com
www.digitalguardian.com
www.lifewire.com
www.mi5.gov.uk
www.oxforddictionaries.com
www.pctools.com
www.pinkerton.com
www.searchsecurity.techtarget.com
www.securelist.com
www.technologyadvice.com
www.techopedia.com
www.techtarget.com
www.thebalance.com
www.wikipedia.org