point
The Smart Techie was renamed Siliconindia India Edition starting Feb 2012 to continue the nearly two decade track record of excellence of our US edition.

Smartphone Popularity A Double Edge Sword for Security

Vishak Raman
Wednesday, November 3, 2010
Vishak Raman
Are mobile phones and other wireless devices the new weakest link in securing information outside of corporate networks? We all know that “bad” guys take notice of new tech and gadgets and create attacks based on the latest trends—-how are enterprises keeping up? With mobile usage of Facebook and Twitter rising users can affect enterprise networks easily without knowing it. What are some best practices and concerns to avoid horrible issues? What should wireless gurus know about unforeseen security issues created through wireless devices?

While malicious activities on handheld devices like smart phones have been relatively low, there are several indicators to suggest that things are about to change. Enterprises will need to start thinking seriously about a mobile threat prevention strategy to ensure that their networks are not vulnerable to the new threats that will abound with the increasing mobile activities of their users.

The growing prevalence of 3G networks is enabling broader bandwidth for mobile devices, which means more of the bad content is getting in with the good. 3G also enables network operators to offer a wider range of more advanced mobile services, such as real-time access to high-quality audio/video transmission. For example, with its application portal, Apple, which has a small percentage of the handset market, has already changed the way many people interact with their smart phones, while Microsoft and Nokia are also talking up their own similar portals. The level of personalization and customization possible with these portals will mean new uses, both good and bad, will be found. This presents a big concern for corporate network managers as users are no longer bound by factory-installed applications. With this greater usability, consumers are now adopting smart phones in greater numbers for business and for personal use. iSuppli Corp. predicted in a March 2009 report that the number of smart phone shipments is expected to grow to as high as 192.3 million units this year, up 11.1 percent from 2008.

No doubt, the smart phone is becoming much more personal and indispensable to consumers, and where consumers go, money goes, and crime will soon to follow. This adds up to increased opportunities for virus infections and attacks that will require a focused approach to secure the millions of handheld mobile devices in operation today, especially for enterprises. Smart phones pose an even greater security risk to corporations as they have become the mobile office for their ability to access corporate networks in real time, much in the way that laptops have been able to do. This presents cyber criminals with the opportunity to use smart phones as the launch pad for penetrating and accessing sensitive corporate data. Fortinet believes the increased usability of smart phones and other wireless devices and the new business models they enable will become the biggest threat to corporate security in the near future.

The mobile market presents a unique position in terms of malware as compared to the traditional PC market. The platforms available for attack on PC platforms are limited – Windows, MacIntosh and Linux – while the number of mobile platforms continues to grow: Google Android, Apple mobile OS, SymbianOS, Windows Mobile, Palm. For example, we are just seeing the tip of the iceberg with Google’s Android OS vulnerability discovered late last year. And just last month, discovery of the new SymbOS/Yxes.A!worm (AKA “Sexy View”) mobile worm gives strong indication that we may be on the edge of a mobile botnet. This sophisticated SMS-propagation strategy, which hosts the worm on malicious servers, allows cybercriminals to effectively mutate the worm by adding or removing functionality.


Share on Twitter
Share on LinkedIn
Share on facebook