No question that mobile security is going to be one of the biggest concerns of the coming year. It’s been a concern in 2012, of course, but as tablets become more mainstream, along with the increase of smartphone ownership, 2013 could finally be the year that mobile security is taken seriously by everyone (and not just security experts and security-phobes — it really is sad how little the average user is concerned about mobile security).
We even will start the new year with a new Android spambot, according to the folks at Lookout Security. The new bot is called SpamSolider and is primarily spread through SMS messages that advertise free versions of popular paid games like “Need for Speed” or “Angry Birds Space.” Once the user clicks on a link from one of these SMS messages, their phone downloads an application that claims to install the game. By opening that “installer” app, the user is activating the SpamSoldier trojan. When it's opened, SpamSoldier gets right to work sending spam messages, but first it removes its icon from the launcher to cover its tracks. Meanwhile, a free version of the game in question may even be installed to keep users unsuspecting and unaware that they are sending spam.
With the rise of mobile malware and other security concerns for these devices on the horizon, I spoke with Brendan Ziolo, VP of marketing at Kindsight, who provided some interesting insights into what we need to be thinking about in regards to mobile security. The best approach to mobile security, Ziolo told me, is a combined approach with network and device-based security. According to Ziolo:
Network-based security can detect malicious activity in the network that may have been missed by device-only security. When combined with on-device protection, it can alert the user and identify any suspicious apps to remove. Anti-theft features that can locate your phone, remote lock or wipe your phone, are also helpful in the case of a lost or stolen phone.
Device-only security isn’t enough, he repeated. The reason? Devices need to be able to detect the newest threats and device-only security isn’t always equipped for that. The bad guys, remember, are wily and smart, and they know how to get around our defenses. They can — and do — repackage malicious apps to avoid detection.
What steps can be taken to beef up mobile security? Ziolo provided these tips:
- Set a password or PIN code to protect the device.
- Only download apps from trusted sources.
- Keep apps up-to-date to avoid potential vulnerabilities or exploits.
- Know what apps you are using and what data they store on the device (personal info, passwords, credit cards), particularly in regards to mobile commerce.
Pretty basic tips, but ones that people tend to ignore or forget or just don’t practice.
BYOD is going to be standard in 2013, if it isn’t already, so mobile security is going to have to step up to the forefront. The better we approach it, the more secure our devices and networks will be.