This Reuters piece, posted on News.com, though a bit incomplete, raises an important issue. The writer says the emergence of Google's Android and Apple's iPhone could greatly exacerbate mobile-phone vulnerabilities. The problem with the story is that it provides no insight into precisely why the new platforms will compromise security.
A discussion of the increasing dangers of mobility shouldn't center on any specific new vulnerabilities. Instead, the focus should be that crackers are paying more attention to mobile devices.
The iPhone, Android and -- though it isn't mentioned in the piece -- the LiMo platforms are natural targets. In the past, virus mongers have shied away from attacking mobile devices because the value of data on them was minimal, the technology was boring and there was no dominant operating system (to the extent of Windows) at which the bad guys could take aim.
Of course, the idea that mobile devices carry little data of importance is as dated as an eight-track tape. With the wired perimeter better protected, mobile devices become an attractive alternative. Finally, the arrival of sophisticated applications provides ever-greater opportunities for bad folks to do their dirty work. In short, mobility increasingly is where it's at for the cracking community.
RCR News draws a more detailed picture of what is meant by mobile security. The piece parts are on-device security, carrier network security, enterprise network security and network-access control (NAC). The piece describes enterprise fears, which include the loss of intellectual property, loss of data, non-compliance, denial-of-service (DoS) attacks and extortion. Finally, the writer mentions the proliferating ways in which workers connect to the network.
The idea that the iPhone is a consumer device and enterprises have nothing to worry about is, of course, naive. Like Wi-Fi and other mobile devices, employees bring their iPhones and other smartphones to work and, as quickly as that, they are enterprise devices -- whether IT and security staffs like it or not.
This InfoWorld piece says the iPhone's virtual private network (VPN) capabilities aren't as robust as those built into enterprise-focused systems such as Research in Motion's BlackBerry. Several basic enterprise security features are missing from the iPhone: ways to compel users to create complex power-on passwords and to wipe data from lost machines. Also absent are native on-device firewalls and data encryption, the piece says.
The LiMo Foundation, which offers an open source mobile operating system that will compete with Android, announced last week at the World Mobile Congress in Barcelona that 18 handsets are capable of running the software. Red Orbit reports that 32 companies, so far, are involved in the foundation. McAfee is one of those companies. In this piece, a senior vice president of the company says LiMo offers a way to stay ahead of crackers from the start instead of retrofitting security onto existing products.