Gartner: Security risks rise as smart phones get smarter

Growing use of handhelds in business apps increases potential for attacks, analyst says

As wireless devices become more numerous within businesses, their convenience will be counterbalanced by an increasing potential for security problems, according to a Gartner Inc. analyst who spoke at the consulting firm's IT Security Summit in London today.

New trends in the wireless industry are making it easier for hackers to launch attacks targeting handhelds, Gartner analyst John Girard said. A few years ago, there wasn't much standardization across smart phones and other wireless devices, he noted. Differing operating systems and implementations of mobile Java — even varying configurations among devices with the same operating system — made it hard to write malicious code that ran on a wide array of devices, Girard said.

But that's changing, he added, saying that the process of writing malware that can run on a variety of handheld devices has been simplified. "The more your phone gets like a PC," Girard said, "the more it can host malicious code."

Many of the security threats that traditionally have plagued PCs, such as phishing attacks, will increasingly move to mobile platforms, Girard predicted. That could cause problems, he said, when companies begin installing business applications on mobile phones, which will house data that is potentially valuable to attackers. "We're very quickly moving to the point where people really can do business on smart phones," Girard said.

Gartner forecasts that wireless identity theft and phishing attempts targeting mobile devices will become more and more prevalent next year. Girard said that before buying large quantities of handhelds for their workers, companies need to be sure that the devices meet a minimum set of security specifications, based on what kind of data the devices will handle and the regulations that businesses need to comply with under data protection laws.

Having the mobile hardware and software arrive in a secure state is a lot easier for IT managers than trying to fix devices after they've been deployed in the field, he added.

Girard laid out a few key security pointers: Data should be encrypted on handhelds, proper identity and access controls should be implemented, and intrusion-prevention systems should be used to ensure that rogue devices don't access sensitive information, he said.

Copyright © 2008 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon