Smartphone Security Gaps
Employees are at risk for viruses and other security breaches, so IT staff need to be just as vigilant with company-issued phones accessing the network as they are with computers.
This is a rarity: An upbeat post on a security-related matter.
CIO writer Bill Snyder reported from the RSA Conference that the concerns about mobile security, while justified, are overhyped. For one thing, said Research In Motion's Ian Robertson, only a handful of pieces of malware have actually shown up. Snyder also cited the words of a Research In Motion executive along the same lines. Concluded Snyder:
I want to be careful not to give the impression that there is no security threat to you as a user of wireless. There is. The panelists I heard all predicted that threats and exploits will emerge over the next few years. But the takeaway from my visit to RSA is this: be careful, but it's not nearly as dangerous out there as you might think. Not yet.
The best news, perhaps, is that the good news isn't accidental. The world of telecom hasn't just been lucky. The three reasons Snyder gives:
It's a man-in-the middle attack. The trojan, dubbed Zeus in the Mobile, is itself a variant of a trojan for Windows (a file identified as Trojan-Spy.Win32.Zbot.bbmf). Users are exposed to Zeus either by visiting an infected Web site, or by first being attacked on the PC. Once infected, users are asked to enter their cell phone number and smartphone model for a certificate update' ...
PC World also had a report from RSA. The bottom line, despite a semi-alarmist headline ("Your Smartphone: The Next Big Security Headache"), the piece contained no smoking gun on the state of smartphone insecurity. As has been the case for the past couple of years, the story presented much hand-wringing about the future, but no proof of problems today. Concerns included Android's openness, alternative app stores with poor security oversight and simply lost phones.
The bottom line is that there is no crisis in smartphone security. That doesn't mean one isn't coming and certainly doesn't mean that people should stop preparing. Unlike many security stories, the good news here is that all the news isn't bad.