Five reasons to prepare -- now -- for more mobile security threats

Computerworld -

Mobile security threats are a relatively minor annoyance to a handful of users in Europe and Asia. However, conditions are rapidly ripening for these threats to start overwhelming both companies and individual users in North America.

That's the word from Kris Lamb, director of the Xforce team at Internet Security Systems Inc. His organization, which was acquired by IBM last fall, researches new security threats, including mobile ones. He said that part of his job is to monitor activity in what he calls the technology criminal underground.

Experts have long discussed the potential threats to mobile devices. After all, these widely used devices can store and access critical data. They also represent the new edge of the network, an edge that regularly walks out the door and can be stolen or lost in places such as cabs and seats in airport gate areas.

Lamb said that, until now, a number of factors have made it difficult for malicious code writers to get a toehold against mobile devices. However, those factors are changing rapidly, and life is becoming easier for those who would wreak havoc, Lamb said.

"A lot of the barriers to hackers have been shaking out in the last 12 months," Lamb said in an interview. "The crystal ball is getting clearer."

Lamb cited five factors in particular that are changing and what IT managers and individual users can do to mitigate increasing mobile security risks.

The current situation

The trend toward making mission-critical data available to mobile users is just starting and will grow rapidly, Lamb said. Some of the factors contributing to that growth will also benefit hackers, he added.

For instance, mobile devices now have multiple ways of connecting to IP networks, such as third-generation (3G) technologies and Wi-Fi. And virtually all mobile devices now support Bluetooth, which is one of the primary ways that hackers get into mobile devices, he said. Illicit access initiated via Bluetooth include the so-called Bluejacking and Bluesnarfing gambits, in which hackers use Bluetooth to send malicious text or multimedia messages or invite innocent users to partake in unsafe services.

So far, though, these and other threats have been annoying but not serious, involving things such as propagation of the threat using addresses in the device's address book, Lamb said. Or they can result in users inadvertently signing up for bogus programs that are billed to their cellular accounts.

However, even at this early stage, cellular carriers in Europe, where these threats are most common, are working feverishly to improve security, Lamb said.

"It's already a huge carrier problem," he said. "They're starting to get a lot of calls from customers for things like address book spamming. You get a lot of MMS [multimedia messaging service] messages flying around [launched by attacks on phone address books], and it's using a lot of their network capacity. It's annoying for users, and it's hard for carriers."