BlackBerry Misinformation and the Smartphone Security Crisis

    Slide Show

    How to Protect Your Organization from Ransomware

    I’m getting kind of tired of reading that BlackBerry is getting out of the hardware business; BlackBerry isn’t getting out of the hardware business. It stands alone as the only smartphone company exclusively focused on business, security and traditional communication. Until someone else steps up to meet this need, there continues to be a market for its hardware and, as a BlackBerry Priv user myself, I’d hate to see the company go.  What caused this latest group of articles was that BlackBerry is discontinuing the Classic phone. But suggesting that it is getting out of the business because it’s eliminating one phone would be like saying Apple is going to discontinue iPhones because it no longer intends to build and sell the iPhone 3. Most consumer-focused companies stop building a model after six to 12 months; business-focused companies have to hang on to designs longer, but you have to admit that the BlackBerry Classic was getting a little long in the tooth.

    Let’s talk about why we need a company like BlackBerry to carry the business focus torch.

    Smartphone Malware

    The first big reason we need a business/security-focused platform is that there is a ton of malware focused on both iOS and Android platforms. Currently, 10 million, yes that is 10 million, Android phones are compromised by a family of auto-rooting viruses. The worst currently being tracked is called HummingBad. This is a nasty piece of work. It is sourced from a Chinese ad-based company (yep, an actual identified company has produced this nasty beast). Right now, it appears to mostly generate massive ad profits by swiping the revenues that otherwise would flow to other firms.

    It is as much an attack on Google as it is an attack on you because, while in does infiltrate command and control servers, it installs promoted apps automatically, defrauds mobile advertisers, and corrupts the statistics inside the Google Play Store.  This is generating something like $300,000 a month in revenue for the firm that created it.

    This class of product takes control of the phone and copies out the information on it,including pictures. It is not only capable of turning on the cameras and microphones remotely but McAfee demonstrated years ago that it could cause the phones to catastrophically fail by generating excessive heat. We don’t have direct evidence yet of a phone being made to combust but it is theoretically possible and when a phone burns up, it automatically destroys the evidence.

    As you’d expect, most of the phones compromised are in China (about 1.6M) but the U.S. count is rising and is already at 286,000. The really scary part is that while it used to be that you’d get one of these things by being tricked into installing it, now it can be placed on the phone by just going to a compromised site. These are mostly porn sites, so an infection on a business phone would lead to a conversation with IT and a manager that I doubt most employees want to have. Even if the phone was infected by another site, you’d never know.

    Since this is a rootkit, it survives a factory reset, it has super-user permissions so you can’t get rid of it easily, and it can access sandboxed content. So while this initial instance doesn’t appear to be doing anything particularly bad, this is China we are talking about. What a Chinese firm has, the government has, and it is capable of literally taking over the phone.

    The scary stuff doesn’t stop there.

    More Smartphone Attacks: Things Are Potentially Much Worse

    For some time, we’ve been using phones as a major part of multi-factor authentication, thinking that this was relatively safe. Apparently, it isn’t. In a known exploit, the authentication information sent to the phone was intercepted and sent to the attacker. This comes to us care of Russia.

    And hackers have been busy, because now just syncing your smartphone with your PC can compromise the phone’s ability to provide that critical second-factor authentication reliably. Some researchers are now reporting that using a phone as part of a two-factor authentication program simply may not provide the security benefits promised. Even the commonly used “call-back” method of two-factor authentication may now be compromised, according to The Register. It has actually gotten to the point that the banks using smartphones for multi-factor authentication are notifying customers of the problem and providing advice on how to observe and fix it. In fact, the banking industry began reporting the malware problem three years ago.

    Wrapping Up: Why We Need BlackBerry’s Business Focus

    Consumer phones are simply no longer safe enough for much of what we use them for, and for companies and governments, where the need for security is extremely high, they are not a safe option. As long as that is the case, we need at least one company where security is paramount and with which we can be better assured that these security processes actually work; otherwise, we are likely go back to removing the authorization for smartphones for business use and forcing employees to go back to using flip phones. Hey, if we have to go that way, at least Motorola is ramping the flip phone form factor up. You know, I’m told it is currently the fastest growing phone segment. Go figure.

    Rob Enderle is President and Principal Analyst of the Enderle Group, a forward-looking emerging technology advisory firm.  With over 30 years’ experience in emerging technologies, he has provided regional and global companies with guidance in how to better target customer needs; create new business opportunities; anticipate technology changes; select vendors and products; and present their products in the best possible light. Rob covers the technology industry broadly. Before founding the Enderle Group, Rob was the Senior Research Fellow for Forrester Research and the Giga Information Group, and held senior positions at IBM and ROLM. Follow Rob on Twitter @enderle, on Facebook and on Google+

    Rob Enderle
    Rob Enderle
    As President and Principal Analyst of the Enderle Group, Rob provides regional and global companies with guidance in how to create credible dialogue with the market, target customer needs, create new business opportunities, anticipate technology changes, select vendors and products, and practice zero dollar marketing. For over 20 years Rob has worked for and with companies like Microsoft, HP, IBM, Dell, Toshiba, Gateway, Sony, USAA, Texas Instruments, AMD, Intel, Credit Suisse First Boston, ROLM, and Siemens.

    Latest Articles