Smartphone Security: Still Waiting for Yellow Lights to Turn Red

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

It has long been accepted that the erosion of the line between consumer and professional mobile devices has important ramifications for enterprise security.


Experts have gone back and forth for some time on whether the leading consumer smartphone, the iPhone, is appropriate for business uses. Whatever the answer is to that problem, the reality is that many smartphones -- iPhones and others -- will be used by business people with or without the official IT seal of approval.


Security folks should keep abreast of iPhone security. This IT World piece describes what the writer says are two design flaws in the way in which the device handles e-mail. One of the problems could leave the user open to spam and the other to phishing exploits. The source of the story is a blog posting by researcher Aviv Raff, which it links to. Raff says that the problems are trivial and can be fixed. This does not make them any less worthy of attention, however. Indeed, the thought is that there could be other problems that have yet to be exposed.


Two reasons generally are given for the fact that mobile devices haven't borne the full force of hacker attacks. Historically, cell phones were used for voice and rudimentary data communications, and there has been a wider variety of operating systems than the Microsoft monoculture that made desktops so vulnerable. But now there is a lot of unanimity about the threats posed by the burgeoning world of mobile devices.


This CRM Buyer feature does a good job of describing the status of mobile security. The thought is that things still are relatively safe, but that it is only a matter of time before more systematic attacks emerge. While there still is a surfeit of operating systems, the emergence Android, LiMo and the open sourcing of Symbian may introduce some commonalities that hackers can take advantage of. And, of course, the idea that mobile devices don't traffic in valuable data is gone.


Security staffs must prioritize the threats. The Register dutifully reports comments made by a Gartner analyst on the dangers of homogenizing software. The writer thinks that the bigger threat -- either because it is greater in and of itself or that less attention is paid to it, thus making it bigger -- is the loss of valuable data stored on machines. The writer refers to a study conducted for BT by the University of Glamorgan in Wales and Edith Cowan University in Australia that found that 20 percent of second-hand mobile devices hold sensitive data. http://www.mercurynews.com/breakingnews/ci_10558223?nclick_check=1Smartphones are becoming a bigger target and are more vulnerable because of they are becoming more like fully fledged computers. Security experts are particularly worried about hacker use of GPS to track device owners and that "snoopware" is a new type of spyware might eventually be used to activate microphones or cameras on devices to let hackers eavesdrop or see a victim's surroundings.


Surprisingly little during the past few years: The twin dangers of confronting smartphones -- malware and lost data -- remain dangerous. Indeed, the threats grow in lockstep with the value of the data to which devices have access. It is up to security staffs to remain vigilant.