Ten dangerous claims about smart phone security
Our columnist sees Barack Obama with that BlackBerry and shudders
Computerworld - My heart sank when I first saw Al Gore pull out his BlackBerry. It was in the waning weeks of the 2000 presidential campaign, and there he was on the TV, tapping away on his then-novel converged device. Though I had no evidence, I was positive that whatever he was reading had already been perused by some conservative skunk works, with his responses scrutinized not long after. Given recent revelations about the opposition's ethics and panting obsession with domestic spying, I still suspect that any eavesdropping technically possible at the time was probably being done.
So imagine my dismay when I saw Sen. Barack Obama pulling a BlackBerry from his coat pocket shortly after announcing his candidacy for president. Like many others addicted to their converged devices (Sen. John McCain was apparently indulging during the last State of the Union speech, not sleeping), he's become a constant user, and he now uses it to manage a large portion of his communications. While I hope these politicians have IT staffers paying attention to this sort of thing, more often than not, a series of underinformed security and privacy assumptions are made shortly before sensitive information starts flowing.
Many common assumptions about the security and privacy of smart phones or other handheld converged devices are off-base or just flat-out wrong. For any high-value target -- whether that's a political candidate or an organization with valuable financial or personal data -- a little more thought ought to go into the process of selecting and deploying any device handling important data. It makes sense then to challenge the more widespread assumptions and consider how to handle oft-ignored risks.
1. It's just a phone with cool features, right?
No, it's not. There's been a major shift in smart phone architecture in the past few years. Yesterday's phone ran an embedded operating system with software hooks written for the specific model's CPU, interface, vocoder and radio. Today's mobile converged device is more likely to run software considerably more advanced and versatile than desktop systems just 10 years ago. That versatility is an enemy of security because it turns the underlying security architecture on its head.
It used to be that a phone or small handheld device had a default-deny security model, because every feature was added from the ground up. There were no extraneous services running on the device, because every one was purpose-built. Now most converged devices run commodity operating systems, such as Symbian OS (owned in part by Nokia and Sony Ericsson) or Microsoft's Windows CE/Mobile family, that have portability as a core design goal. This means there are plenty of communications services and data handling hooks in the code base, and it's up to phone and application developers to ensure unused code is removed or disabled where not appropriate.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!