AT&T Developer
  • Products
  • Resources
  • Blog
  • Sign In

Technical Library

    Device Technologies
    • Biometrics
    • Device Detection
    • HTML5
    • Mobile Web Fundamentals
    • Mobile Web Standards
    • Multi Core Coding in Dalvik
    • Multi Thread Coding in Android
    • Near Field Communication
    • NFC Forum
    • NFC Use Cases
    • NFC Case Studies
    • NFC Tags
    • GlobalPlatform and NFC
    • User Identification
    • Native Code
    Security and Privacy
    • Application Privacy Guidelines
    • Downloading DRM Content in Android
    • IPv6
    • Likelihood of a Successful Attack
    • Messaging Privacy
    • Mobile Web Security
    • Network Security
    • Security Policy
    • Security at AT&T
    • Types of Security Threats
    • Wireless Application Security
    • Security Policy Enforcement
    UI Elements
    • Slider Controls for Android
    • Check Box for Android
    • Dropdown for Android
    • Image Button for Android
    • Toggle Button for Android
    • Radio Button for Android
    • Segmented Text Toggle Button for Android
    • Static Text Toggle Button for Android
    • Switch for Android
    • Text Fields for Android
    • Getting Started with AT&T UI
    • HTML5 UI Elements
    • HTML5 Checkboxes
    • HTML5 Dropdown
    • HTML5 Image Button
    • HTML5 Image Toggle Button
    • HTML5 Radio Button
    • HTML5 Segmented Toggle Button
    • HTML5 Slider
    • HTML5 Static Text Toggle Button
    • HTML5 Switch Control
    • HTML5 Text Fields
    Network Technologies
    • IP Addresses
    • Long Term Evolution (LTE)
    • Network Timers
    • Wi-Fi
  • Other AT&T Websites
    • Best Practices
    • Hackathon Best Practices
    • Mobile Best Practices
    • Seven Common Errors Around Creating Mobile User Experiences
toggle menu

Types of Security Threats

 

As you design security into your enterprise wireless applications, make sure to take into account the most common types of threats:

  • Threats to identity
  • Threats to confidentiality
  • Threats to data integrity
  • Threats from intrusion
  • Threats to continuity of service

The next sections describe each of these types of threats in detail.

 

Threats to Identity

 

Identity refers to the association between a specific user and a unique identifier. The most common identifiers are as follows:

In Global System for Mobile Communications (GSM) environments, identifiers include the International Mobile Equipment Identity (IMEI) and Subscriber Identity Module (SIM). This system of identifiers is the wireless standard used by AT&T and most carriers worldwide.

In Code Division Multiple Access environments, the primary identifier is the Electronic Serial Number.

Secure authentication ensures that all parties in a communication are who they claim to be and that they have the proper access rights to participate in the communication.

If an attacker successfully impersonates a user, the attacker can, for example, fraudulently make calls and conduct data sessions through the user's device. Securing identity is a critical first step in minimizing the risk of other types of security attacks.

 

Threats to Confidentiality

 

Confidentiality in wireless communications means that only the sender and the intended recipient of a message will be able to read the message's contents. This requires taking measures to prevent unauthorized access to data on the wireless device, to data in transit over the network, and to customer data stored on the carrier network.

Compromises of confidentiality are often highly visible and tend to draw a lot of negative press attention. News accounts of compromised voice mail and email as well as of credit card data stolen from financial institutions and Web businesses have made the public aware of this type of threat, so it¿s important to implement measures that assure users about the confidentiality of their communications.

 

Threats to Data Integrity

 

Data integrity is closely related to confidentiality, but instead of protecting a message from being read or overheard, the challenge is to prevent an attacker from changing a message while it is in transit between the sender and receiver. Although less common than confidentiality threats, attacks that involve changing a message open a wider range of criminal and fraudulent activities.

 

Threats from Intrusion

 

Intrusion is the unauthorized access to data or devices, whether by a human attacker or by malware such as a virus or worm. Protecting against intrusion is becoming especially important as more malware threats emerge and as richer operating systems and more valuable data make wireless devices a more attractive target.

There are effective measures that IT departments can take to reduce the risk of intrusion into mobile devices, just as they have already done for notebook computers. AT&T will be adding more security features to devices in the future to help enterprises in this effort.

 

Threats to Continuity of Service

 

Wireless users expect their services, devices, and applications to be available 24x7. In a denial-of-service attack, network elements or wireless devices become unable to function. These attacks can be launched from wireless devices over-the-air or from wired devices on a corporate intranet, and they can be either localized or widespread.

A localized attack affects only devices in a small area. An example of this is putting up a jamming device that interferes with devices attempting to connect to the network. Widespread attacks are more complex because they attack the broader network rather than simply interfere with a signal.

The Role of Zombies in Denial-of-Service Attacks
A classic denial-of-service attack is the "zombie", an application or process left on a mobile device or PC by a virus or worm. The zombie sleeps until a predetermined time or until it receives a signal. When it awakens, it starts broadcasting meaningless requests or large numbers of SMS text messages, for example, to the network without the user's knowledge.

In a coordinated attack, thousands of signals might be sent simultaneously either from mobile devices over the air or from PCs over the Internet, potentially overtaxing the network's capacity and causing service disruptions. These attacks can be very costly to a carrier.

Back To Top
  • APIS & TOOLS
    • AT&T Video Optimizer
  • APIS & TOOLS
    • Futurist Reports
    • Technical Library
  • SUPPORT
    • Contact Us
    • FAQs
    • Twitter
  • AT&T Developer Program on Github
  • AT&T Developer Program on Facebook
  • AT&T Developer Program on Twitter
AT&T Logo

Terms of Use   Privacy Policy   Your Privacy Choices California Consumer Privacy Act (CCPA) Opt-Out Icon
©2025 AT&T Intellectual Property. All rights reserved

AT&T, the AT&T logo and all other AT&T marks contained herein are trademark of AT&T Intellectual Property and/or AT&T affiliated companies.

14100000
Session Expiring

Your session is about to expire in !

Stay Signed In
Session Expired

Sorry! Your session has expired.

Skip to content