Five reasons to prepare -- now -- for more mobile security threats
Changing conditions lead to more threats
Mobile security threats are a relatively minor annoyance to a handful of users in Europe and Asia. However, conditions are rapidly ripening for these threats to start overwhelming both companies and individual users in North America.
That's the word from Kris Lamb, director of the Xforce team at Internet Security Systems Inc. His organization, which was acquired by IBM last fall, researches new security threats, including mobile ones. He said that part of his job is to monitor activity in what he calls the technology criminal underground.
Experts have long discussed the potential threats to mobile devices. After all, these widely used devices can store and access critical data. They also represent the new edge of the network, an edge that regularly walks out the door and can be stolen or lost in places such as cabs and seats in airport gate areas.
Lamb said that, until now, a number of factors have made it difficult for malicious code writers to get a toehold against mobile devices. However, those factors are changing rapidly, and life is becoming easier for those who would wreak havoc, Lamb said.
"A lot of the barriers to hackers have been shaking out in the last 12 months," Lamb said in an interview. "The crystal ball is getting clearer."
Lamb cited five factors in particular that are changing and what IT managers and individual users can do to mitigate increasing mobile security risks.
The current situation
The trend toward making mission-critical data available to mobile users is just starting and will grow rapidly, Lamb said. Some of the factors contributing to that growth will also benefit hackers, he added.
For instance, mobile devices now have multiple ways of connecting to IP networks, such as third-generation (3G) technologies and Wi-Fi. And virtually all mobile devices now support Bluetooth, which is one of the primary ways that hackers get into mobile devices, he said. Illicit access initiated via Bluetooth include the so-called Bluejacking and Bluesnarfing gambits, in which hackers use Bluetooth to send malicious text or multimedia messages or invite innocent users to partake in unsafe services.
So far, though, these and other threats have been annoying but not serious, involving things such as propagation of the threat using addresses in the device's address book, Lamb said. Or they can result in users inadvertently signing up for bogus programs that are billed to their cellular accounts.
However, even at this early stage, cellular carriers in Europe, where these threats are most common, are working feverishly to improve security, Lamb said.
"It's already a huge carrier problem," he said. "They're starting to get a lot of calls from customers for things like address book spamming. You get a lot of MMS [multimedia messaging service] messages flying around [launched by attacks on phone address books], and it's using a lot of their network capacity. It's annoying for users, and it's hard for carriers."
- Gartner Magic Quadrant for Mobile Application Development Platforms As unprecedented numbers of enterprises build mobile applications, the mobile application development platform market continues to grow and evolve rapidly.
- The Total Economic Impact of IBM's Worklight Platform Mobile is the fastest growing consumer technology in history. As enterprises build apps to engage these new users they are facing increased complexity...
- Improve Your Mobile Application Security with IBM Worklight IBM® Worklight helps organizations extend their business across multiple mobile devices. It provides an open, comprehensive and advanced mobile application platform to help...
- Unlock the Value of Enterprise Mobility Download this guide and learn how to manage the secure deployment of enterprise mobile apps and data, while still encouraging the levels of...
- It's Chaos Out There Worried about your mobile apps? You should be; it's chaos out there. Check out this humorous video and see if you can recognize...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Mobile Apps White Papers | Webcasts