Skip the navigation

Five reasons to prepare -- now -- for more mobile security threats

Changing conditions lead to more threats

By David Haskin
May 30, 2007 12:00 PM ET

Computerworld -

Mobile security threats are a relatively minor annoyance to a handful of users in Europe and Asia. However, conditions are rapidly ripening for these threats to start overwhelming both companies and individual users in North America.

That's the word from Kris Lamb, director of the Xforce team at Internet Security Systems Inc. His organization, which was acquired by IBM last fall, researches new security threats, including mobile ones. He said that part of his job is to monitor activity in what he calls the technology criminal underground.

Experts have long discussed the potential threats to mobile devices. After all, these widely used devices can store and access critical data. They also represent the new edge of the network, an edge that regularly walks out the door and can be stolen or lost in places such as cabs and seats in airport gate areas.

Lamb said that, until now, a number of factors have made it difficult for malicious code writers to get a toehold against mobile devices. However, those factors are changing rapidly, and life is becoming easier for those who would wreak havoc, Lamb said.

"A lot of the barriers to hackers have been shaking out in the last 12 months," Lamb said in an interview. "The crystal ball is getting clearer."

Lamb cited five factors in particular that are changing and what IT managers and individual users can do to mitigate increasing mobile security risks.

The current situation

The trend toward making mission-critical data available to mobile users is just starting and will grow rapidly, Lamb said. Some of the factors contributing to that growth will also benefit hackers, he added.

For instance, mobile devices now have multiple ways of connecting to IP networks, such as third-generation (3G) technologies and Wi-Fi. And virtually all mobile devices now support Bluetooth, which is one of the primary ways that hackers get into mobile devices, he said. Illicit access initiated via Bluetooth include the so-called Bluejacking and Bluesnarfing gambits, in which hackers use Bluetooth to send malicious text or multimedia messages or invite innocent users to partake in unsafe services.

So far, though, these and other threats have been annoying but not serious, involving things such as propagation of the threat using addresses in the device's address book, Lamb said. Or they can result in users inadvertently signing up for bogus programs that are billed to their cellular accounts.

However, even at this early stage, cellular carriers in Europe, where these threats are most common, are working feverishly to improve security, Lamb said.

"It's already a huge carrier problem," he said. "They're starting to get a lot of calls from customers for things like address book spamming. You get a lot of MMS [multimedia messaging service] messages flying around [launched by attacks on phone address books], and it's using a lot of their network capacity. It's annoying for users, and it's hard for carriers."



Our Commenting Policies
Consumerization of IT: Be in the know
consumer tech

Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!